Security News > 2023 > August > Week in review: AWS SSM agents as RATs, Patch Tuesday forecast

Attackers can turn AWS SSM agents into remote access trojansMitiga researchers have documented a new post-exploitation technique attackers can use to gain persistent remote access to AWS Elastic Compute Cloud instances, as well as to non-EC2 machines.
August 2023 Patch Tuesday forecast: Software security improvementsThe continued onslaught of phishing attacks, ransomware deployment, and other exploitation is forcing the community to pay closer attention to early identification, as well as fast response, to vulnerabilities in their software.
Strategies for ensuring compliance and security in outdated healthcare IT systemsIn this Help Net Security video, Jim Jackson, President of TuxCare, discusses how healthcare IT teams can automate the process of taking new patches through staging, testing, and production on legacy systems while also establishing end-to-end threat monitoring and maintaining compliance.
Assess multi-cloud security with the open-source CNAPPgoat projectErmetic released CNAPPgoat, an open-source project that allows organizations to test their cloud security skills, processes, tools, and posture in interactive sandbox environments that are easy to deploy and destroy.
The race against time in ransomware attacksMost organizations lack strong cyber resilience strategies or data security capabilities to address threats and maintain business continuity, according to BigID. The gap in users' identity security knowledge gives cybercriminals an openingWith exponential growth in the number of human and machine actors on the network and more sophisticated technology in more places, identity in this new era is rapidly becoming a super-human problem, according to RSA. Salesforce and Meta suffer phishing campaign that evades typical detection methodsThe Guardio research team discovered an email phishing campaign exploiting a zero-day vulnerability in Salesforce's legitimate email services and SMTP servers.
New infosec products of the week: August 4, 2023Here's a look at the most interesting products from the past week, featuring releases from Forescout, Menlo Security, Qualys, Sonar, SpecterOps, Synopsys, Traceable AI, and Lineaje.
News URL
Related news
- April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft (source)
- Week in review: Probing activity on Palo Alto Networks GlobalProtect portals, Patch Tuesday forecast (source)
- Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws (source)
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)
- April's Patch Tuesday leaves unlucky Windows Hello users unable to login (source)
- May 2025 Patch Tuesday forecast: Panic, change, and hope (source)