Week in review: Rail transport cybersecurity, “verified” OAuth apps used to infiltrate organizations

The week in security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Mounting cybersecurity pressure is creating headaches in railway boardrooms
In this Help Net Security interview, Dimitri van Zantvliet is the Cybersecurity Director/CISO of Dutch Railways, and co-chair to the Dutch and European Rail ISAC, talks about cyber attacks on railway systems, build a practical cybersecurity approach, as well as cyber legislation.

Critical OpenEMR vulnerabilities may allow attackers to access patients’ health records
Critical vulnerabilities discovered in OpenEMR can be chained to gain code execution on a server running a vulnerable version of the popular open-source electronic health record system.

A glut of wiper malware hits Ukrainian targets
ESET researchers have discovered yet another wiper malware used to target Ukrainian organizations. Dubbed SwiftSlicer, it is thought to be wielded by the Sandworm APT.

Critical QNAP NAS vulnerability fixed, update your device ASAP! (CVE-2022-27596)
QNAP Systems has fixed a critical vulnerability (CVE-2022-27596) affecting QNAP network-attached storage (NAS) devices, which could be exploited by remote attackers to inject malicious code into a vulnerable system.

DigiCert releases new unified approach to trust management
The company’s newly released DigiCert Trust Lifecycle Manager offers something that enterprises need but do not currently have: it unifies CA-agnostic certificate lifecycle management, PKI services and public trust issuance for a full-stack solution that helps companies discover all of their certificates and manage them efficiently.

Attackers used malicious “verified” OAuth apps to infiltrate organizations’ O365 email accounts
Malicious third-party OAuth apps with an evident “Publisher identity verified” badge have been used by unknown attackers to target organizations in the UK and Ireland, Microsoft has shared.

Vulnerability in Cisco industrial appliances is a potential nightmare (CVE-2023-20076)
Cisco has released patches for a high-severity vulnerability (CVE-2023-20076) found in some of its industrial routers, gateways and enterprise wireless access points, which may allow attackers to insert malicious code that can’t be deleted by simply rebooting the device or updating its firmware.

Patch your Jira Service Management Server and Data Center and check for compromise! (CVE-2023-22501)
Australian software maker Atlassian has released patches for CVE-2023-22501, a critical authentication vulnerability in Jira Service Management Server and Data Center, and is urging users to upgrade quickly.

Photos: Cybertech Tel Aviv 2023
Here are a few photos from the event, featured vendors include: Orca, Wise Elite Cyber Solutions, XM Cyber, Check Point, Semperis, CyCube, Mazebolt, IBM Security, bfore.ai, Delinea, Wing Security.

Photos: Cybertech Tel Aviv 2023, part 2
Here are a few photos from the event, featured vendors include: DarkOwl, ThriveDX, Minerva Labs, Astrix Security, Ox Security, Waterfall Security, Cynet, Cyber 2.0, Acronis, CyberArk, Israel Aerospace Industries, SafeBreach, Silverfort, CYREBRO

Video walkthrough: Cybertech Tel Aviv 2023
The vendors featured in this video are: BeyondTrust, Chainalysis, Check Point, Cisco, Commvault, Cyber 2.0, CyberArk, Cyberbit, Cynet, CYREBRO, Dart, Delinea, Deloitte, Dig, HCLSoftware, Hudson Rock, IBM, Imperva, Israel Aerospace Industries, KELA, Minerva Labs, Orca Security, Ox Security, Pentera, Resec, Rockwell Automation, SafeBreach, Semperis, Snyk, Sonatype, Synopsys, Tenable, ThetaRay, ThriveDX, Waterfall Security Solutions, Wing Security, and XM Cyber.

How organizations can keep themselves secure whilst cutting IT spending
It is the immediate natural reaction of most organizations to cut costs during an economic downturn. But the economy will return and cutting back too far can be damaging in the long term.

Insider attacks becoming more frequent, more difficult to detect
Insider threats are a top concern at organizations of all kinds; only 3% of respondents surveyed are not concerned with insider risk, according to Gurucul.

ICS vulnerabilities: Insights from advisories, how CVEs are reported
SynSaber recently released its second Industrial Control Systems (ICS) Vulnerabilities & CVEs Report. In this Help Net Security video, Ronnie Fabela, CTO at SynSaber, talks about the key findings.

3 ways to stop cybersecurity concerns from hindering utility infrastructure modernization efforts
Cybersecurity is a priority across industries and borders, but several factors add to the complexity of the unique environment in which utilities operate.

Mix of legacy OT and connected technologies creates security gaps
Rising threats to vehicles and industrial operational technology (OT) have led a growing number of enterprises worldwide to invest in advanced technologies and services to better secure their assets, according to an ISG research report.

Is President Biden’s National Cybersecurity Strategy a good idea?
In this Help Net Security video, Kurtis Minder, CEO of GroupSense, discusses President Biden’s National Cybersecurity Strategy, designed to take the nation’s cybersecurity posture to the next level.

As the anti-money laundering perimeter expands, who needs to be compliant, and how?
Anti-money laundering (AML) policies are getting stronger as countries crack down on any opportunity criminals might have to take advantage of services and resources to further their activity.

50% of organizations have indirect relationships with 200+ breached fourth-party vendors
98 percent of organizations have vendor relationships with at least one third-party that has experienced a breach in the last two years, according to SecurityScorecard and The Cyentia Institute.

The future of vulnerability management and patch compliance
In this Help Net Security video, Graham Brooks, a Senior Security Solutions Architect at Syxsense, provides an overview of 2022 patching challenges, looks at some of the technology and tool advancements (like automation, integrations, and ML/AI), and provides predictions about what we might see across the patching landscape in 2023.

The emergence of trinity attacks on APIs
When it comes to attacks against application programming interfaces (APIs), the building blocks that provide access to many of our applications, the OWASP API Top Ten is seen as definitive – and rightly so.

Budget constraints force cybersecurity teams to do more with less
49% of organizations have sufficient budget to fully meet their current cybersecurity needs, and 11% can, at best, protect only their most critical assets, according to a survey by the Neustar International Security Council.

Hybrid cloud storage security challenges
In this Help Net Security video, Katie McCullough, CISO at Panzura, discusses the challenges of hybrid cloud storage security.

We can’t rely on goodwill to protect our critical infrastructure
Protecting CNI is a difficult task, thanks to a combination of a lack of skilled professionals, legacy systems and a lack of security investment that leaves them open to attack.

70% of CIOs anticipate their involvement in cybersecurity to increase
77% of CIOs say their role has been elevated due to the state of the economy and they expect this visibility within the organization to continue, according to Foundry.

New infosec products of the week: February 3, 2023
Here’s a look at the most interesting products from the past week, featuring releases from Arkose Labs, Hornetsecurity, HYCU, KELA, and Trulioo.

More about

Don't miss