What should the future of penetration testing look like? That’s the question Horizon3.ai’s own Eric Fredrickson, Head of Attack Engineering, answers in his article this week in Solutions Review magazine.
Eric’s column is part of the magazine’s Premium Content Series, in which industry experts share insights on maturing software categories.
In his column, Eric talks about what needs to change for better, more effective pentesting: higher frequency, lower cost, autonomous pentests.
“It is a lot to ask, but autonomous, on-demand pentests can change how organizations defend against a growing threat landscape, making it possible to execute tests weekly instead of several times each year,” Eric writes. “This will reduce the time organizations are vulnerable to new attack patterns, verify their existing security controls, and ensure that patches to systems solve the intended weaknesses without introducing new ones.”
Are AI devices spying on you?
Lifewire asks: is AI spying on your conversations? As more and more programs can understand speech, other technology creates custom audio noise to confuse software that may be listening. But is that the real concern? In the article, Horizon3.ai’s Brad Hong, Customer Success Lead, weighs in, noting that we should be more concerned with how these devices are storing our data rather than who is recording you:
“All the stories one hears about a microphone on their computer or mobile devices being activated, Alexa or Google Home listening in, or even government surveillance, it’s true that all of these make the layman’s stomach churn,” Hong told Lifewire. “But all in all, people are rarely in a situation that actually requires camouflaging of their voices.”
The latest on the recent Atlassian Confluence flaw
A recent Atlassian Confluence flaw has been making headlines, and Threatpost spoke with Horizon3.ai’s Naveen Sunkavally, Chief Architect, for insight into what this flaw means. The vulnerability remains unpatched on many versions of the tool.
“CVE-2022-26134 is about as bad as it gets,” Sunkavally told Threatpost.
He noted that the most obvious impact is that attackers could easily compromise public-facing Confluence instances to get a foothold to internal networks.
“Confluence instances often contain a wealth of user data and business-critical information that is valuable for attackers moving laterally within internal networks,” Sunkavalley told Threatpost.
Read the full article here for all of Sunkavally’s insights into the issue.
Quick hits
- DOD is not meeting the same standards it plans to hold contractors to under CMMC.
- NPR covers the digital conflict raging behind the scenes between Russia and Ukraine.
- The White House issues a statement on enhancing the security of federally procured software.
- Business Insider discusses how the new world of cyberattacks requires new ways of fighting back.
- TechCrunch covers IBM’s acquisition of Randori.