Week in review: RCE bug in GitLab patched, phishing PyPI users, Escanor malware in MS Office docs


Thoma Bravo: Securing digital identities has become a major priority
In this Help Net Security interview, Andrew Almeida, Partner on the Flagship team at Thoma Bravo, talks about the firm’s recent acquisition of SailPoint, and about innovation in the enterprise identity space.

Critical RCE bug in GitLab patched, update ASAP! (CVE-2022-2884)
GitLab has fixed a remote code execution vulnerability (CVE-2022-2884) affecting the Community and the Enterprise Edition of its DevOps platform, and has urged admins to upgrade their GitLab instances immediately.

Fake DDoS protection pages are delivering malware!
Malware peddlers are exploiting users’ familiarity with and inherent trust in DDoS protection pages to make them download and run malware on their computer, Sucuri researchers have warned.

How attackers use and abuse Microsoft MFA
Microsoft has been pushing for the use of multi-factor authentication (MFA) to thwart attackers for many years.

Phishing PyPI users: Attackers compromise legitimate projects to push malware
PyPI, the official third-party software repository for Python packages, is warning about a phishing campaign targeting its users.

7 open-source malware analysis tools you should try out
Performing static analysis of a malicious binary means concentrating on analyizing its code without executing it. This type of analysis may reveal to malware analysts not only what the malware does, but also its developer’s future intentions (e.g., currently unfinished functionalities).

How CISOs can safeguard security in CI/CD environments
Security is a product pillar these days, given the dire consequences of data breaches. Organizations must marry security with agile DevOps releases.

Escanor malware delivered in weaponized Microsoft Office documents
Resecurity, a Los Angeles-based cybersecurity company protecting Fortune 500 worldwide, identified a new RAT (Remote Administration Tool) advertised in Dark Web and Telegram called Escanor.

Disk wiping malware knows no borders
Fortinet announced the latest semiannual FortiGuard Labs Global Threat Landscape Report which revealed that ransomware threat continues to adapt with more variants enabled by Ransomware-as-a-Service (RaaS).

What type of fraud enables attackers to make a living?
In this Help Net Security video, David Senecal, VP of Architecture and Research at Arkose Labs, talks about the economics involved in online fraud attacks, and illustrates what type of fraud enables attackers to make a living.

DDoS attacks jump 203%, patriotic hacktivism surges
Radware released a report revealing that the number of malicious DDoS attacks climbed by 203% compared to the first six months of 2021.

DDoS tales from the SOC
In this Help Net Security video, Bryant Rump, Principal Security Architect at Neustar Security Services, talks about the challenges of mitigating immense DDoS attacks.

How vulnerable supply chains threaten cloud security
Organizations are struggling to sufficiently secure new cloud environments implemented during the pandemic, while maintaining legacy equipment and trying to adapt their overall security strategy to the evolving landscape, according to a Proofpoint study released in collaboration with The Cloud Security Alliance (CSA) reveals.

A closer look at identity crimes committed against individuals
In this Help Net Security video, James E. Lee, Chief Operating Officer of the Identity Theft Resource Center, discusses the 2021 Trends in Identity Report, which looks at the trends in identity based on information from the victims that contact the ITRC.

Organizations changing cyber strategy in response to nation-state attacks
66% of organizations have changed their cybersecurity strategy as a direct response to the conflict between Russia and Ukraine, while 64% suspect their organization has been either directly targeted or impacted by a nation-state cyber attack, according to Venafi.

What businesses can do to anticipate and mitigate ransomware threats
In this Help Net Security video, Kevin Holvoet, Cyber Threat Intelligence Instructor, SANS Institute, discusses ransomware and Ransomware as a Service (Raas) attacks, and illustrates how preparedness with a proper top-down response is critical for business continuity in case of an attack.

API security incidents occur at least once a month
Postman released the results of its 2022 State of the API Report, which surveyed more than 37,000 developers and API professionals on a range of topics, including their organizations’ priorities, how they get their work done, and where they see the industry going.

CISOs see little need for a point solution to cover ransomware risk
In this Help Net Security video, Sara Behar from YL Ventures talks about how CISOs see little need for a point solution to cover ransomware risk, believing instead in utilizing a full security stack for a multi-layered approach that addresses many security concerns at once.

Ransomware dominates the threat landscape
Acronis researchers have concluded that ransomware continues to be the number one threat to large and medium-sized businesses, including government organizations.

New social engineering tactics discovered in the wild
In this Help Net Security video, Otavio Freire, President and CTO at SafeGuard Cyber, offers insight on new social engineering tactics discovered in the wild, and illustrates how phishing attacks are changing, including how they’re evolving beyond email.

How to navigate payment regulations without compromising customer experience
In this Help Net Security video, Chris Federspiel, CEO of Blackthorn, discusses how to provide customers with a secure experience and how businesses can promote compliance in the payments ecosystem despite the regulatory environment.

We need to think about ransomware differently
In this Help Net Security video, David Mahdi, Chief Strategy Officer & CISO Advisory at Sectigo, talks about how ransomware isn’t solely a malware problem, bad actors want access to your data, so it really is a data security and access problem.

How complicated access management protocols have impacted cloud security
In this Help Net Security video, Tim Prendergast, CEO of strongDM, talks about how technical professionals consistently have to jump through hoops, which could lead to risky workarounds and project delays.

Lean security 101: 3 tips for building your framework
Cobalt, Lazarus, MageCart, Evil, Revil — cybercrime syndicates spring up so fast it’s hard to keep track. Until they infiltrate your system. But you know what’s even more overwhelming than rampant cybercrime?

New infosec products of the week: August 26, 2022
Here’s a look at the most interesting products from the past week, featuring releases from Drata, Ntrinsec, PlainID, Privitar, and ReasonLabs.

More about

Don't miss