433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

Week in review: LastPass breach disaster, online tracking via UID smuggling, ransomware in 2023

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: LastPass says attackers got users’ info and password vault data The information couldn’t come at a worst time, as businesses are winding down their activities and employees and users are thick in the midst of last-minute preparations for end-of-year holidays. New Microsoft Exchange exploit chain lets ransomware attackers in (CVE-2022-41080) Ransomware-wielding attackers are using a new exploit chain that includes … More → The post Week in review: LastPass breach disaster, online tracking via UID smuggling, ransomware in 2023 appeared first on Help Net Security.
http://news.poseidon-us.com/SfwBWc

DShield Sensor Setup in Azure, (Wed, Dec 21st)

In November I setup the DShield sensor in my Azure tenant using Ubuntu version 20.04. Here are the steps I followed. First select and build the Ubuntu VM, I used the default disk size and 512 MB RAM:
http://news.poseidon-us.com/Sfv2vQ

The EPA’s eight big challenges for 2023

From chemical safety to data security, the Environmental Protection Agency has a range of management and performance challenges in 2023. The list was developed, as legally required, by EPA’s office of inspector general.
http://news.poseidon-us.com/Sfs4Jp

LastPass says attackers got users’ info and password vault data

The August 2022 LastPass breach has resulted in potentially catastrophic consequences for the company and some of its users: attackers have made off with unencrypted customer data and copies of backups of customer vault data. The information couldn’t come at a worst time, as businesses are winding down their activities and employees and users are thick in the midst of last-minute preparations for end-of-year holidays. The LastPass breach resulted in theft of customer vault backups … More → The post LastPass says attackers got users’ info and password vault data appeared first on Help Net Security.
http://news.poseidon-us.com/Sfr8Dh

RedDelta Targets European Government Organizations and Continues to Iterate Custom PlugX Variant

Insikt Group® examines operations conducted by likely Chinese state-sponsored threat activity group RedDelta targeting organizations across Asia and Europe.
http://news.poseidon-us.com/Sfqp17

Threat predictions for 2023: From hacktivism to cyberwar

When it comes to 2023 threat predictions, Trellix anticipates spikes in geopolitically motivated attacks across Asia and Europe, hacktivism fueled by tensions from opposing political parties, and vulnerabilities in core software supply chains. “Analyzing current trends is necessary but being predictive in cybersecurity is vital. While organizations focus on near-term threats, we advise all to look beyond the horizon to ensure a proactive posture,” said John Fokker, Head of Threat Intelligence, Trellix. “Global political events … More → The post Threat predictions for 2023: From hacktivism to cyberwar appeared first on Help Net Security.
http://news.poseidon-us.com/SfqFdB

Coffee Talk: The Future of Saas & Digital Transformation in 2023 and Beyond: What IT Managers Need to Know

You want to make sure you know the pros, cons and gotcha’s, and take advantage now of the changes coming with digital transformation and SaaS. Don’t miss it — sign up now!
http://news.poseidon-us.com/SfpFq0

Cisco HyperFlex HX Command Injection Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.  For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-rce-TjjNrkpR Security Impact Rating: Critical CVE: CVE-2021-1497,CVE-2021-1498
http://news.poseidon-us.com/SfmskZ

How Marvel’s Avengers inspire Pinsent Masons CISO to adapt cybersecurity hiring

Cybersecurity’s ongoing battle with a “skills shortage” has seen the sector lose its way regarding talent hiring and retention, says Christian Toon, CISO at London-based law firm Pinsent Masons. In an industry crying out for diversity and innovation, this year’s number one UK CSO 30 Awards winner says he takes inspiration from the Marvel Comics universe to challenge traditional HR approaches and more effectively recruit and keep security talent. “We have what some describe as a war on talent, because you feel like you are fighting against the next organization for the greater good. I think we’ve kind of lost our way a little bit, both from a delegate or prospective employee perspective, but also from an employer’s perspective,” Toon says, speaking at the UK CSO 30 2022 Awards & Conference. The candidates are out there, he adds, but you have to change the traditional practices for hiring because if you always do what you always did, you’ll always get what you’ve always had. To read this article in full, please click here
http://news.poseidon-us.com/Sfmsjs