Security News > 2023 > January > Week in review: ChatGPT cybersecurity, critical RCE vulnerabilities found in git, Riot Games breached
How to tackle the cybersecurity skills shortage in the EUIn this Help Net Security Dritan Saliovski, Director - Nordic Head of Cyber M&A, Transaction Advisory Services at Aon, offers some pointers, as well as advice to organizations on how to attract and retain the best cybersecurity talent.
ENISA gives out toolbox for creating security awareness programsThe European Union Agency for Cybersecurity has made available Awareness Raising in a Box, a "Do it yourself" toolbox to help organizations in their quest to create and implement a custom security awareness raising program.
Critical VMware vRealize Log Insight flaws patchedVMware has fixed two critical and two important security vulnerabilities in VMware vRealize Log Insight, its multi-cloud solution for centralized log management, operational visibility and intelligent analytics.
Riot Games breached: How did it happen?The hackers who breached Riot Games last week are asking for $10 million not to leak the stolen source code for the company's popular League of Legends online game.
Trained developers get rid of more vulnerabilities than code scanning toolsAn EMA survey of 129 software development professionals uncovered that for those using code scanning tools, only 10% of organizations prevented a higher percentage of vulnerabilities than organizations not using code scanning tools, while continuous training greatly improved code security for over 60% of organizations that adopted it.
Why most IoT cybersecurity strategies give zero hope for zero trustIn this Help Net Security video, Denny LeCompte, CEO at Portnox, discusses how IoT has been difficult to profile accurately and why zero trust strategies fail when applied to IoT. Understanding your attack surface makes it easier to prioritize technologies and systemsOrganizations need to strike the balance of carrying out enough due diligence before patching, and then patching as quickly as possible to defend themselves against emerging threats.
News URL
Related news
- Microsoft's March Updates Fix 61 Vulnerabilities, Including Critical Hyper-V Flaws (source)
- Fortinet warns of critical RCE bug in endpoint management software (source)
- PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800) (source)
- Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool (source)
- Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724) (source)
- Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability (source)
- Strengthening critical infrastructure cybersecurity is a balancing act (source)
- Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks (source)