Security News > 2023 > June

It's an open secret where this might be heading; AI will eventually become a primary cybersecurity system that not only helps out but performs threat detection and response without human intervention. AI will become cybersecurity system, taking over threat triage in a way that matches or even surpasses what human SOC teams can do.

Fortinet has rolled out updates to address a critical security vulnerability impacting its FortiNAC network access control solution that could lead to the execution of arbitrary code. "A deserialization of untrusted data vulnerability [CWE-502] in FortiNAC may allow an unauthenticated user to execute unauthorized code or commands via specifically crafted requests to the tcp/1050 service," Fortinet said in an advisory published last week.

In this Help Net Security video, Fawaz Rasheed, Field CISO at VMware, discusses how cyber insurance remains the high tide that rises ships. For organizations choosing to purchase cyber insurance, the requirements set forth towards them are beneficial in advancing their security program.

Although numerous respondents acknowledged employing risky practices and behaviors within their cloud environments, they strongly believe in the effectiveness of their security tools and processes to safeguard their organizations against meticulously planned attacks, according to Permiso. The survey assessed both the respondents cloud security practices and the scale of their environment, including the number of identities and secrets they manage, response time to an attack, the different methods of access into their environment, and the types of solutions they utilize to help secure their environments.

European organizations experienced a greater volume and frequency of BEC attacks over the last year, as compared to organizations in the United States, according to Abnormal Security. This included an analysis of traditional BEC attacks like executive impersonation, vendor-focused invoice, and payment fraud, as well as credential phishing, malware, and extortion.

Sponsored Post Imagine if you could get instant advice on how to protect your cloud infrastructure against cyber threats from some of the world's best cloud security experts without leaving the comfort of your chair. Starting at 11 am UTC on Friday 18th August, the SANS Cloud Security Exchange 2023 is a free and virtual event that brings together cloud security experts from AWS, Google Cloud, Microsoft Azure and the SANS Institute onto one digital stage.

Learn how NetSPI's always-on solution allows companies to improve visibility, inventory, and understanding of known and unknown assets and exposures on their global attack surface and distill signal from noise. The discovery of assets and vulnerabilities is table stakes.

If you say THE Twitter hack, everyone knows you mean the one that happened in July 2020, when a small group of cybercriminals ended up in control of a small number of Twitter accounts and used them to talk up a cryptocoin fraud. SIM swaps are where a criminal sweet-talks, bribes or coerces a mobile phone provider into issuing them with a "Replacment" SIM card for someone else's number, typically under the guise of wanting to buy a new phone or urgently needing to replace a lost SIM. The victim's SIM card goes dead, and the crook starts receiving their calls and text messages, notably including any two-factor authentication codes needed for secure logins or password resets.

Microsoft is expanding support for passkeys in Windows 11 to make it more secure to log into websites and apps using biometric authentication. To use passkeys on your Windows device for website sign-ins, you have to go to passkey-enabled websites like bestbuy.com, ebay.com, or google.com, create a passkey by accessing from your account settings, and then sign out of your account and then sign back in using your newly created passkey.

ThreatFabric discovered a previous Anatsa campaign on Google Play in November 2021, when the trojan was installed over 300,000 times by impersonating PDF scanners, QR code scanners, Adobe Illustrator apps, and fitness tracker apps. In March 2023, after a six-month hiatus in malware distribution, the threat actors launched a new malvertizing campaign that leads prospective victims to download Anatsa dropper apps from Google Play.