Beyond the Hack / September 2023

• New acoustic attack steals data from keystrokes with 95% accuracy
• Social engineering meets hacking with prompt hacking
• China hacked Japan's sensitive defense networks
• Most exploited vulnerabilities, according to major cybersecurity agencies
• The untold history of today's Russian-speaking hackers
• GLBA Penetration Testing Mandate Requirements in 2023
• Insights on Cyber Insurance
• How To Prepare For an API Penetration Test
• How Much Should Penetration Testing Cost?
• Vulnerabilities of the month
• Cybersecurity conferences in September
• Cyber culture: Fancy Bear Goes Phishing

New acoustic attack steals data from keystrokes with 95% accuracy

One more reason to start using password managers: Researchers from British universities have trained a deep learning model that can steal data from keyboard keystrokes recorded using a microphone.

Social engineering meets hacking with prompt hacking

How DEFCON hackers social engineered AI chatbots.

China hacked Japan's classified defense cyber networks, officials say - The Washington Post

Chinese military hackers keep attacking Japan. Will it make the U.S. wary of sharing intelligence with its ally?

Major Cybersecurity Agencies Collaborate to Unveil 2022's Most Exploited Vulnerabilities

The Five Eyes nations - Australia, Canada, New Zealand, the U.K., and the U.S. have shared the most exploited CVEs in 2022. Attackers usually exploit known vulnerabilities within the first two years of public disclosure.

Cyber security experts lament west's failure to learn lessons from Ukraine

Cyber executives at Black Hat conference in Las Vegas last month argued that the west is struggling to replicate the collaborative methods that had proved successful in the conflict, which often include sharing sensitive or embarrassing information.

The untold history of today's Russian-speaking hackers

A long read from the Financial Times that tracks the origins of Russian-speaking cybercrime groups operating today, such as Cl0p.

How To Prepare For an API Penetration Test

Find out how to prepare for API assessments, what information to supply the pentesters with, which tools will be used, what is the ideal testing approach, most common security issues found in APIs, and more.

GLBA Penetration Testing?

Learn about the latest requirements on penetration testing for Gramm-Leach-Bliley Act and how to increase your company's security posture.

Insights on Cyber Insurance

Discover the ideal cyber insurance coverage, common exclusions to look out for, and what the insurers want to know about your security posture.

Pricing Insights – How Much Does Penetration Testing Cost?

Read our comprehensive guide to penetration testing pricing and how to know whether your pentest provider is worth it.

44CON?

London, UK / September 13, 2023

Hack the Hospital

Columbia, Maryland, US / September 18, 2023

NULLCON GOA

Goa, India / September 23, 2023

Fancy Bear Goes Phishing: The Dark History of the Information Age, in Five Extraordinary Hacks, by Scott J. Shapiro, recommended by Julio Fort

From a worm released onto the world by a Cornell University student in 1988 to a Bulgarian virus factory to the 2016 Hilary Clinton email hacks, the events described in Shapiro's book shook the world at some point. Even if you are already acquainted with the stories, Shapiro provides enough detail and entertaining storytelling to keep you hooked. Fancy Bear Goes Phishing is an excellent read for both those familiar with cybersecurity and anyone wanting to understand the dark side of the internet.

Thank you for reading Beyond the Hack. As always, we welcome your feedback and questions. Your insights will help shape our content and ensure we're meeting the needs of your organization.

?

Being aware of threats is not enough, take action. Discover special offers, explore our services and find the right penetration testing solution for your organization's cybersecurity needs.