Security News

Offensive Security has released Kali Linux 2023.2, the latest version of its popular penetration testing and digital forensics platform.Aside from updates for existing tools, a new Kali version usually comes with new tools.

Cloudflare announced on May 15, 2023 a new suite of zero-trust security tools for companies to leverage the benefits of AI technologies while mitigating risks.The Cloudflare One platform's new tools and features are Cloudflare Gateway, service tokens, Cloudflare Tunnel, Cloudflare Data Loss Prevention and Cloudflare's cloud access security broker.

GitHub has announced that its application security testing tools are now more widely available for subscribers of Microsoft's Azure DevOps Services. "GitHub Advanced Security for Azure DevOps can not only help you find secrets that have already been exposed in Azure Repos, but also help you prevent new exposures by blocking any pushes to Azure Repos that contain secrets," says Aaron Hallberg, Director of Product for Azure DevOps, Microsoft.

It does exactly what the name suggests: Users can drag and drop unstructured data from Excel - or give Copilot a link to the file - and the Power Platform will analyze it, enrich it with the extra information Dataverse needs, and turn it into an app, Nirav Shah, the vice president of Dataverse at Microsoft explained to TechRepublic. Data in Excel might be easy for users to work with individually, but bringing it to Dataverse connects it to a range of new AI tools.

Malicious Google Search ads for generative AI services like OpenAI ChatGPT and Midjourney are being used to direct users to sketchy websites as part of a BATLOADER campaign designed to deliver RedLine Stealer malware. BATLOADER is a loader malware that's propagated via drive-by downloads where users searching for certain keywords on search engines are displayed bogus ads that, when clicked, redirect them to rogue landing pages hosting malware.

AppSec teams are stuck in a catch-up cycle, unable to keep up with the increasingly rapid, agile dev pace, and playing security defense via an endless and unproductive vulnerability chase, according to Backslash Security. Far and wide, enterprises are victims of this costly 'defensive tax:' the cost of employing AppSec engineers who chase vulnerabilities rather than drive a comprehensive cloud-native AppSec program is estimated to be upwards of $1.2 million annually.

Using commonly available tools allows attackers to evade detection. While custom-built tools or malware can be flagged as malicious by endpoint products, commercially available tools are often marked as clean or allow-listed by organizations.

Product security teams aim to guarantee the intrinsic reliability of applications. In the DevSecOps approach, each team is responsible for the security of the applications they create.

The report found that a majority of modern phishing attacks rely on stolen credentials and outlined the growing threat from Adversary-in-the-Middle attacks, increased use of the InterPlanetary File System, as well as reliance on phishing kits sourced from black markets and AI tools like ChatGPT. "Phishing remains one of the most prevalent threat vectors cybercriminals utilize to breach global organizations. Year-over-year, we continue to see an increase in the number of phishing attacks which are becoming more sophisticated in nature. Threat actors are leveraging phishing kits & AI tools to launch highly effective e-mail, SMiShing, and Vishing campaigns at scale"," said Deepen Desai, Global CISO and Head of Security, Zscaler. "AitM attacks supported by growth in Phishing-as-a-Service have allowed attackers to bypass traditional security models, including multi-factor authentication. To protect their environment, organizations should adopt a zero trust architecture to significantly minimize the attack surface, prevent compromise, and reduce the blast radius in case of a successful attack," added Desai.

Balancing cybersecurity with business priorities: Advice for BoardsIn this Help Net Security interview, Alicja Cade, Director, Financial Services, Office of the CISO, Google Cloud, offers insights on how asking the right questions can help improve cyber performance and readiness, advance responsible AI practices, and balance the need for cybersecurity with other business priorities. 5 free online cybersecurity resources for small businessesThis article will explore five free resources that small companies can leverage to improve their cybersecurity posture without breaking the bank.