CyberTalk: The Security Update

Welcome to a video series intended to raise awareness of cybersecurity issues beyond what is simply in the latest newsfeed.

In this series, Robin Johns and Bill Carter discuss the top Security items that every cyber team needs to know to help keep them aware of what is happening in the wider security space, and more importantly, how Cato helps keep you protected.

In today's episode, we discuss the following topics:

1. Killnet - Access Denied
   • Killnet is a Russia-aligned hacker group well known for issuing DDoS attacks, believed to be formed just prior to the Russia/Ukraine conflict. Originally a hack-for-hire vendor of DDoS, they rapidly evolved into a patriotic collective. Attacks have been characterized as "primitive", typically relying on brute force on standard ports for FTP, SSH, and HTTP/S. Are you protected?
2. NCSC Scans - London is calling
   • The UK's National Cyber Security Centre is scanning all internet-exposed UK-hosted devices for vulnerabilities as a matter of protective policy. NCSC is collecting data on exposures to help increase security posture using a known cloud-hosted environment. Remediation measures will be tracked, while also releasing NMAP scripts for defenders' use. While the NCSC assures no nefarious purposes, are you aligned with industry best practices, or do you need to be CyberEssentials plus certified? Cato can help.
3. Malicious PyPI - W4SP attacks Python
   • Is your code safe? 29 malicious PyPI packages have been identified that target developer machines with the W4SP Stealer trojan. Affected packages embed a malicious import statement that downloads W4SP malware onto developer images, can your security stack protect and prevent exposure?
4. Digital Red Cross - Trust in Humanity
   • The International Committee of the Red Cross suggests applying a "digital Red Cross" marker to sites and systems used for medical and humanitarian efforts as a form of cyber protection, the digital emblem appeals to would-be attackers under the Geneva Conventions. How does Zero Trust help?
5. OpenSSL - Patching Hell
   • Two large vulnerabilities were found in the OpenSSL libraries, potentially leaving you exposed and insecure. How does Cato protect you?

Watch it here: