Red-teaming is a critical security function but those managing red teams need to be sure they work with the business and don’t just treat it like sanctioned surreptitious hacking, the head of Atlassian’s red team told attendees at the recent CSO-AWSN Women in Security Conference & Awards.
That event was notable for many reasons, but one was the awarding of a Special Recognition award to Tamara Baker, an enthusiastic Year 9 student whose passion for cybersecurity is evident in this video interview with CSO journalist David Braue.
Also on the agenda was the need to turn the network into a giant sensor.
The dastardly BlueKeep exploit – which Microsoft and government cybersecurity agencies have been warning about for months – is now in the public domain after Metasploit released a module that will let developers directly exploit the vulnerability. Expect bad things to follow.
Not that most cybercriminals even need to work that hard: with business email compromise now responsible for over $US26b ($A38b) in losses, according to the FBI, fraudsters seem to be able to get good results simply through old-fashioned deception.
Indeed, scammers have been particularly busy, with Telstra reporting that it blocked 2.9m scam calls in a single month but that they just keep coming.
The biggest part of the problem, according to an updated Proofpoint report, is that people simply aren’t very good at ignoring scammers and cybercriminal schemes. Very Attacked People, we are warned, are doing cybercriminals’ jobs for them.
The need for better anti-fraud policies may become increasingly urgent as government bodies pivot on cybersecurity and push through policies enabling more consumer-focused conversations.
Meanwhile, Google was fixing a host of Chrome security flaws.