Week in Review: CISA Releases RedEye, Apache Commons Text Flaw, and Medibank Data Breach


Here’s a look at some of the most interesting news, articles, interviews and videos from the past week:

Medibank Hack Turned into Data Breach: Attackers Demand Money
Medibank, Australia’s largest private healthcare provider, has confirmed that last week’s “cyber incident” resulted in a data breach.

CISA releases open-source analysis tool RedEye
CISA has released RedEye, an interactive open-source analysis tool for visualizing and reporting Red Team command and control activities.

iDealwine suffers a data breach
Renowned international fine wine online retailer iDealwine suffered a data breach over the weekend and has yet to reveal the number of affected customers.

Apache Commons Text flaw is not a repeat of Log4Shell (CVE-2022-42889)
A recently patched vulnerability (CVE-2022-42889) in the Apache Commons Text library has caught the attention of security researchers in recent days, fearing it could lead to a repeat of the Log4Shell dumpster fire.

Police bust criminal network that hacked into keyless systems to steal cars
A car theft ring that used fraudulent software to “hack” and steal vehicles fitted with remote keyless entry and start systems has been busted by the French National Gendarmerie, Europol announced on Monday.

Consolidating the security stack helps CISOs reduce their cybersecurity spend
In this Help Net Security video, Alfredo Hickman, Chief Information Security Officer at Obsidian Security, explains the importance of consolidating the security stack for organizations looking to reduce security costs while increasing security. efficiency and effectiveness of security.

Do you want to become a CISO? Being technical is just one of the requirements
In this Help Net Security interview, Chris Konrad, Regional Vice President of Security, Global Accounts at World Wide Technology, offers advice to CISOs who are under increasing pressure, discusses using a security maturity, discusses interesting security technologies, and more.

Key results organizations expect from their security investments
According to WithSecure, preventing data breaches and protecting remote workers are among the top security priorities and outcomes that organizations expect from their security investments.

3 mistakes organizations make when trying to manage data securely
In this Help Net Security video, Nong Li, CEO of Okera, shares tips for avoiding what he considers the top three mistakes organizations make when trying to manage data securely; data preparation, access and governance, and anonymization.

Economic uncertainty increases cybersecurity risks
Cybercriminals are always looking to make their attacks, scams, and campaigns as effective as possible. This includes exploiting whatever dominates the news and is of concern to their victims.

AI can help you optimize your supply chain
In this video for Help Net Security, Diego Pienknagura, Vice President of Growth and Global Operations at Inspectorio, discusses how the role of AI can be a driver for the supply chain.

New Security Issues for the Open Source Software Supply Chain
Open source software is a critical part of the software supply chain in businesses of all sizes, but there are emerging security issues for the open source software supply chain – calling for better approaches to security packages, according to VMware.

Deepfakes: what they are and how to spot them
This Help Net Security video draws attention to what deepfakes are, how to spot them, and what steps you can take to protect yourself from them.

7 Critical Steps to Defending the Healthcare Industry Against Cyber ​​Threats
Knowing full well that human lives may be at stake, criminal gangs are increasingly targeting the healthcare industry with high-impact attacks like ransomware.

Fines are not enough! Data Breach Victims Want Better Security
In this Help Net Security video, Todd Moore, Senior VP, Encryption Products at Thales, explains how the vast majority of consumers around the world have reported a negative impact on their lives as a result of a data breach.

For car dealerships, cybersecurity is more critical than ever
Cybercriminals are getting more cunning as automotive retailers continue to fall victim to well-disguised cyberattacks. According to CDK Global’s second annual Dealer Cybersecurity Survey, 15% of dealerships experienced a cybersecurity incident in the past year.

How to Secure Microservices Using Authorization
In this Help Net Security video, Tim Hinrichs, CTO at Styra, explains what “correct” authorization entails and how organizations can streamline their move from monolithic systems to microservices.

Improve Your Security Awareness Efforts: Here’s How to Get Started
October is Security Awareness Month, an exciting time as organizations around the world educate people about cyber security, both at work and at home. But what exactly is security awareness and, more importantly, why should we care?

The future of MFA is passwordless
Secret Double Octopus and Dimensional Research surveyed more than 300 IT professionals responsible for workforce identities and their security in organizations with more than 1,000 employees, to learn more about the state the use of passwordless authentication and multi-factor authentication (MFA) of the workforce.

CIS Benchmarks: Community-Driven Security Guidelines
The CIS Benchmarks are the only security configuration recommendations developed by consensus, both created and approved by a global community of IT security professionals from academia, government and industry.

Open Banking API Security: Best Practices for Safe Travel
More than 9 out of 10 financial sectors recognize that open banking is vital for their organization. The demand for fast, simple and personalized banking and financial services among customers is driving the rapid adoption of open banking. However, nearly 50% of bank customers fear the security of open banking.

The most dangerous connected devices
In this Help Net Security video, Daniel Dos Santos, Head of Security Research at Forescout, discusses the most dangerous connected devices of 2022 discovered by the research team at Vedere Labs.

Companies most likely to lose your data
Web companies most likely to lose your data, study finds. The study, conducted by VPN Overview, analyzed major data breaches recorded since 2004 to find out which sector is most susceptible to data loss.

How Phishing Campaigns Abuse Google Ad Click Tracking Redirects
In this Help Net Security video, Kevin Cryan, Director of Operational Intelligence at PhishLabs, explains how this type of attack is different from the one identified by Microsoft – hackers use conditional geolocation logic to present the legitimate landing page when Google analyzes their ad. .

Why chasing risk assessments will have you chasing your tail
Third-party risk assessments are often described as time-consuming, repetitive, overwhelming and outdated. Think about it: organizations have over 5,000 third parties on average, which means they may feel the need to conduct over 5,000 risk assessments. In the old school method, that’s 5,000 redundant questionnaires. 5,000 long Excel sheets. No wonder they feel that way.

How supply chain threats will evolve in 2023
In this Help Net Security video, Marc Woolward, Global CTO & CISO at vArmour, talks about notable supply chain attacks and predicts their evolution in 2023.

Data visualization: an invaluable tool in a defender’s arsenal
Visibility is always a priority, but it’s vital to responding to an incident. Time is always working against incident responders. Looking at lines of textual data and making connections between them and the suspicious activity under investigation is time spent not fixing the problem, which is a real waste when you’re under pressure to stop a offensive.

(ISC)² to help cybersecurity professional development in emerging economies
(ISC)² has signed a Memorandum of Understanding with the Korea Internet & Security Agency (KISA) to strengthen cybersecurity professional development in emerging economies.

Launch of Tails 5.5 secure portable operating system
Tails, based on Debian GNU/Linux, is a portable operating system that protects against surveillance and censorship, and version 5.5 is now available for download.

Product Overview: Scribe Platform End-to-End Software Supply Chain Security
As software supply chain security becomes increasingly critical, security, DevSecOps, and DevOps teams are more challenged than ever to build transparent trust in the software they deliver or use.

Product overview: ImmuniWeb Discovery – attack surface management with dark web monitoring
Organizations around the world are struggling to identify their IT assets that are hosted in a multicloud environment, on-premises, or managed by multiple third parties. Lack of visibility prevents cybersecurity teams from protecting their IT infrastructure and corporate data, inevitably leading to disastrous data breaches.

New infosec products of the week: October 21, 2022
Here’s a look at some of the hottest products from the past week, with releases from AwareGO, Code42, Corelight, EnigmaSoft, Exabeam, Mandiant, and RSA.


About Author

Comments are closed.