Killnet, NSCS, PyPI, the Digital Red Cross and OpenSSL Patching Hell
Manage episode 364421143 series 3478620
1- Killnet - Access Denied
Killnet is a Russia-aligned hacker group well known for issuing DDoS attacks, believed to be formed just prior to the Russia/Ukraine conflict. Originally a hack-for-hire vendor of DDoS, they rapidly evolved into a patriotic collective. Attacks have been characterized as "primitive", typically relying on brute-force on standard ports for FTP, SSH, and HTTP/S. Are you protected?
2- NCSC Scans - London is calling
The UK's National Cyber Security Centre is scanning all internet-exposed UK-hosted devices for vulnerabilities as a matter of protective policy. NCSC is collecting data on exposures to help increase security posture using a known cloud-hosted environment. Remediation measures will be tracked, while also releasing NMAP scripts for defenders' use. While the NCSC assures no nefarious purposes, are you aligned with industry best practices, or do you need to be CyberEssentials plus certified? Cato can help.
3- Malicious PyPI - W4SP attacks Python
Is your code safe? 29 malicious PyPI packages have been identified which target developer machines with the W4SP Stealer trojan. Affected packages embed a malicious import statement that downloads W4SP malware onto developer images, can your security stack protect and prevent against exposure?
4- Digital Red Cross - Trust in Humanity
The International Committee of the Red Cross suggests applying a "digital Red Cross" marker to sites and systems used for medical and humanitarian efforts as a form of cyber protection, the digital emblem appeals to would-be attackers under the Geneva Conventions. How does Zero Trust help?
5- OpenSSL - Patching Hell
Two large vulnerabilities were found in the OpenSSL libraries, potentially leaving you exposed and insecure. How does Cato protect you?
34 episodes