www.helpnetsecurity.com
Open in
urlscan Pro
35.81.17.152
Public Scan
URL:
https://www.helpnetsecurity.com/2023/01/29/week-in-review-chatgpt-cybersecurity-critical-rce-vulnerabilities-found-in-git-riot-g...
Submission: On February 08 via manual from US — Scanned from DE
Submission: On February 08 via manual from US — Scanned from DE
Form analysis 2 forms found in the DOM
Name: searchform — GET https://www.helpnetsecurity.com/
<form id="searchform" name="searchform" class="searchform" method="get" action="https://www.helpnetsecurity.com/" role="form">
<div class="input-group">
<input type="search" name="s" id="headerSearchField" class="form-control" placeholder="What are you looking for?" aria-label="Search" value="" tabindex="1">
<span class="input-group-append">
<button class="btn btn-search input-addon-item" type="submit" id="headerSearchSubmit" tabindex="2"><svg class="hic">
<use xlink:href="#hic-search"></use>
</svg></button>
</span>
</div>
</form>POST
<form id="mc4wp-form-1" class="mc4wp-form mc4wp-form-244483 mc4wp-ajax" method="post" data-id="244483" data-name="Footer newsletter form">
<div class="mc4wp-form-fields">
<div class="hns-newsletter">
<div class="hns-newsletter__top">
<div class="container">
<div class="hns-newsletter__wrapper">
<div class="hns-newsletter__title">
<i>
<svg class="hic">
<use xlink:href="#hic-plus"></use>
</svg>
</i>
<span>Cybersecurity news</span>
</div>
</div>
</div>
</div>
<div class="hns-newsletter__bottom">
<div class="container">
<div class="hns-newsletter__wrapper">
<div class="hns-newsletter__body">
<div class="row">
<div class="col">
<div class="form-check form-control-lg">
<input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="520ac2f639" id="mcs1">
<label class="form-check-label text-nowrap" for="mcs1">Daily Newsletter</label>
</div>
</div>
<div class="col">
<div class="form-check form-control-lg">
<input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="d2d471aafa" id="mcs2">
<label class="form-check-label text-nowrap" for="mcs2">Weekly Newsletter</label>
</div>
</div>
</div>
</div>
<div class="form-check form-control-lg mb-3">
<input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="28abe5d9ef" id="mcs3">
<label class="form-check-label" for="mcs3">(IN)SECURE - monthly newsletter with top articles</label>
</div>
<div class="input-group mb-3">
<input type="email" name="email" id="email" class="form-control border-dark" placeholder="Please enter your e-mail address" aria-label="Please enter your e-mail address" aria-describedby="hns-newsletter-submit-btn" required="">
<button class="btn btn-dark rounded-0" type="submit" id="hns-newsletter-submit-btn">Subscribe</button>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="AGREE_TO_TERMS" value="1" id="mcs4" required="">
<label class="form-check-label" for="mcs4">
<span>I have read and agree to the <a href="https://www.helpnetsecurity.com/newsletter/" target="_blank" rel="noopener" class="d-inline-block">terms & conditions</a>
</span>
</label>
</div>
</div>
</div>
</div>
</div>
</div><label style="display: none !important;">Leave this field empty if you're human: <input type="text" name="_mc4wp_honeypot" value="" tabindex="-1" autocomplete="off"></label><input type="hidden" name="_mc4wp_timestamp"
value="1675878255"><input type="hidden" name="_mc4wp_form_id" value="244483"><input type="hidden" name="_mc4wp_form_element_id" value="mc4wp-form-1">
<div class="mc4wp-response"></div>
</form>Text Content
searchtwitterarrow rightmail strokearrow leftmail solidfacebooklinkedinplusangle upmagazine plus * News * Features * Expert analysis * Videos * Reviews * Events * Whitepapers * Industry news * Product showcase * Newsletters * * * Help Net Security January 29, 2023 Share WEEK IN REVIEW: CHATGPT CYBERSECURITY, CRITICAL RCE VULNERABILITIES FOUND IN GIT, RIOT GAMES BREACHED Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: BSidesZG 2023: Strengthening the infosec community in Croatia’s capital In March 2023, Zagreb will be added to the (already long) list of cities where information security professionals and enthusiasts can share their knowledge with peers at a Security BSides conference. We’ve talked with BSidesZG organizer Ante Jurjevic to find out what’s in store for those who attend. How to tackle the cybersecurity skills shortage in the EU In this Help Net Security Dritan Saliovski, Director – Nordic Head of Cyber M&A, Transaction Advisory Services at Aon, offers some pointers, as well as advice to organizations on how to attract and retain the best cybersecurity talent. ChatGPT is a bigger threat to cybersecurity than most realize A language-generating AI model called ChatGPT, available for free, has taken the internet by storm. While AI has the potential to help IT and security teams become more efficient, it also enables threat actors to develop malware. ENISA gives out toolbox for creating security awareness programs The European Union Agency for Cybersecurity (ENISA) has made available Awareness Raising in a Box (AR-in-a-BOX), a “do it yourself” toolbox to help organizations in their quest to create and implement a custom security awareness raising program. Apple delivers belated zero-day patch for iOS v12 (CVE-2022-42856) Apple has released security updates for macOS, iOS, iPadOS and watchOS, patching – among other things – a type confusion flaw in the WebKit component (CVE-2022-42856) that could be exploited for remote code execution on older iPhones and iPads running iOS v12. GoTo now says customers’ backups have also been stolen GoTo (formerly LogMeIn) has confirmed on Monday that attackers have stolen customers’ encrypted backups from a third-party cloud storage service related to its Central, Pro, join.me, Hamachi, and RemotelyAnywhere offerings. Critical VMware vRealize Log Insight flaws patched (CVE-2022-31706, CVE-2022-31704) VMware has fixed two critical (CVE-2022-31706, CVE-2022-31704) and two important (CVE-2022-31710, CVE-2022-31711) security vulnerabilities in VMware vRealize Log Insight, its multi-cloud solution for centralized log management, operational visibility and intelligent analytics. Riot Games breached: How did it happen? The hackers who breached Riot Games last week are asking for $10 million not to leak the stolen source code for the company’s popular League of Legends online game. Attackers use portable executables of remote management software to great effect Tricking users at targeted organizations into installing legitimate remote monitoring and management (RMM) software has become a familiar pattern employed by financially motivated attackers. Researchers release PoC exploit for critical Windows CryptoAPI bug (CVE-2022-34689) Akamai researchers have published a PoC exploit for a critical vulnerability (CVE-2022-34689) in Windows CryptoAPI, which validates public key certificates. The loneliness of leading a cybersecurity startup The world of well-invested startups is a glamorous beacon to highly motivated entrepreneurs across the cybersecurity industry, and the ultimate responsibility for reaching the mark lies with the good management of the Chief Executive Officer. Trained developers get rid of more vulnerabilities than code scanning tools An EMA survey of 129 software development professionals uncovered that for those using code scanning tools, only 10% of organizations prevented a higher percentage of vulnerabilities than organizations not using code scanning tools, while continuous training greatly improved code security for over 60% of organizations that adopted it. Why most IoT cybersecurity strategies give zero hope for zero trust In this Help Net Security video, Denny LeCompte, CEO at Portnox, discusses how IoT has been difficult to profile accurately and why zero trust strategies fail when applied to IoT. Understanding your attack surface makes it easier to prioritize technologies and systems Organizations need to strike the balance of carrying out enough due diligence before patching, and then patching as quickly as possible to defend themselves against emerging threats. NSA publishes IPv6 Security Guidance The National Security Agency (NSA) published guidance to help Department of Defense (DoD) and other system administrators identify and mitigate security issues associated with a transition to Internet Protocol version 6 (IPv6). A closer look at malicious packages targeting Python developers In this Help Net Security video, Carlos Fernandez, Security Researcher at Sonatype, talks about how their AI system caught packages that attack Python developers with a unique tactic. Chinese researchers: RSA is breakable. Others: Do not panic! Recently, Chinese researchers have claimed that an existing algorithm can be used with today’s quantum computers to break the RSA algorithm, which is the fundamental basis of secure internet communication. Supply chain attacks caused more data compromises than malware The first half of 2022 saw fewer compromises reported due in part to Russia-based cybercriminals distracted by the war in Ukraine and volatility in the cryptocurrency markets, according to the Identity Theft Resource Center. What makes small and medium-sized businesses vulnerable to BEC attacks In this Help Net Security video, Dror Liwer, Co-Founder of Coro, talks about what makes small and medium-sized businesses especially vulnerable to this form of attack and why BEC’s contribution to the country’s annual cyber losses not only makes sense but is likely underreported. How businesses can bolster their cybersecurity defenses with open source Open-source software can be examined by everyone, both attackers and defenders. But this does not necessarily give attackers the upper hand. Extent of reported CVEs overwhelms critical infrastructure asset owners The sheer volume of reported ICS vulnerabilities and CVEs may cause critical infrastructure asset owners to feel overwhelmed, or need help knowing where to begin, according to SynSaber. 3 business application security risks businesses need to prepare for in 2023 Threat actors have been leveraging more discreet techniques to make a profit by directly targeting an enterprise’s crown jewels—enterprise resource planning (ERP) applications. New infosec products of the week: January 27, 2023 Here’s a look at the most interesting products from the past week, featuring releases from Perimeter 81, SpyCloud, ThreatConnect, Venafi, and Wallarm. More about * Week in review Share this FEATURED NEWS * CISA releases ESXiArgs ransomware recovery script * Top 3 resolutions for security teams * Generative AI: A benefit and a hazard Guide: How virtual CISOs can efficiently extend their services into compliance readiness SPONSORED HOW TO SCALE CYBERSECURITY FOR YOUR BUSINESS EBOOK: 4 WAYS TO SECURE PASSWORDS, AVOID CORPORATE ACCOUNT TAKEOVER 2022 CLOUD DATA SECURITY REPORT DON'T MISS CISA RELEASES ESXIARGS RANSOMWARE RECOVERY SCRIPT TOP 3 RESOLUTIONS FOR SECURITY TEAMS GENERATIVE AI: A BENEFIT AND A HAZARD ATTACKERS ARE SEARCHING FOR ONLINE STORE BACKUPS IN PUBLIC FOLDERS. CAN THEY FIND YOURS? RELEASED: DECRYPTOR FOR CL0P RANSOMWARE’S LINUX VARIANT Cybersecurity news Daily Newsletter Weekly Newsletter (IN)SECURE - monthly newsletter with top articles Subscribe I have read and agree to the terms & conditions Leave this field empty if you're human: © Copyright 1998-2023 by Help Net Security Read our privacy policy | About us | Advertise Follow us ×