Week in review: AWS SSM agents as RATs, Patch Tuesday forecast

Week in review

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Open-source penetration testing tool BloodHound CE released
SpecterOps released version 5.0 of BloodHound Community Edition (CE), a free and open-source penetration testing solution that maps attack paths in Microsoft Active Directory (AD) and Azure (including Azure AD/Entra ID) environments. It is available for free on GitHub.

The direct impact of cyberattacks on patient safety and care delivery
In this Help Net Security interview, Dr. Omar Sangurima, Principal Technical Program Manager at Memorial Sloan Kettering Cancer Center, discusses the impact of cyberattacks on patient safety and care delivery, emphasizing how disruptions to critical healthcare services can harm patients and even lead to life-threatening situations.

Google’s AI Red Team: Advancing cybersecurity on the AI frontier
In this Help Net Security interview, Daniel Fabian, Head of Google Red Teams, shares insights into the significance of his team, the challenges they face, and the impact they are making in securing AI-driven technologies.

From tech expertise to leadership: Unpacking the role of a CISO
In this Help Net Security interview, Attila Török, CISO at GoTo, discusses how to balance technical expertise and leadership and how he navigates the rapidly evolving technological landscape.

Data privacy vault: Securing sensitive data while navigating regulatory demands
In this Help Net Security interview, Jean-Charles Chemin, CEO of Legapass, provides insight into the correlation between maintaining customer trust and protecting sensitive customer data.

Delivering privacy in a world of pervasive digital surveillance: Tor Project’s Executive Director speaks out
The overarching mission of the US-based non-profit organization the Tor Project is to advance human rights and make open-source, privacy preserving software available to people globally, so that they can browse the internet privately, protect themselves against surveillance and bypass online censorship.

Russian APT phished government employees via Microsoft Teams
An APT group linked to Russia’s Foreign Intelligence Service has hit employees of several dozen global organizations with phishing attacks via Microsoft Teams, says Microsoft.

Attackers can turn AWS SSM agents into remote access trojans
Mitiga researchers have documented a new post-exploitation technique attackers can use to gain persistent remote access to AWS Elastic Compute Cloud (EC2) instances (virtual servers), as well as to non-EC2 machines (e.g., on-premises enterprise servers and virtual machines, and VMs in other cloud environments).

US government outlines National Cyber Workforce and Education Strategy
After the release of a National Cybersecurity Strategy and its implementation plan, the Biden-Harris Administration has unveiled the National Cyber Workforce and Education Strategy (NCWES), “aimed at addressing both immediate and long-term cyber workforce needs.”

Web browsing is the primary entry vector for ransomware infections
The most widely used method for ransomware delivery in 2022 was via URL or web browsing (75.5%), Palo Alto Networks researchers have found.

Google makes removal of personal user info from Search easier
Google is making it easier for users to remove personal contact information and personal, non-consensual explicit imagery from Google search results.

Ivanti discloses another vulnerability in MobileIron Core (CVE-2023-35082)
Ivanti has disclosed a critical vulnerability (CVE-2023-35082) affecting old, out-of-support versions of MobileIron Core, an enterprise device solution that has since been rebranded to Ivanti Endpoint Manager Mobile (EPMM).

Android n-day bugs pose zero-day threat
In the Android ecosystem, n-day vulnerabilities are almost as dangerous as zero-days, according to Google’s review of zero-days exploited in the wild in 2022.

Ivanti fixes second zero-day exploited by attackers (CVE-2023-35081)
Another actively exploited zero-day vulnerability (CVE-2023-35081) affecting Ivanti Endpoint Manager Mobile (EPMM) has been identified and fixed.

August 2023 Patch Tuesday forecast: Software security improvements
The continued onslaught of phishing attacks, ransomware deployment, and other exploitation is forcing the community to pay closer attention to early identification, as well as fast response, to vulnerabilities in their software.

How local governments can combat cybercrime
In this Help Net Security video, Ben Sebree, Senior VP of R&D at CivicPlus, discusses the steps that local governments need to take to have a successful cloud adoption while also protecting their confidential information and data from cybercrime through planning, understanding, and updating their technology processes.

Relying on CVSS alone is risky for vulnerability management
A vulnerability management strategy that relies solely on CVSS for vulnerability prioritization is proving to be insufficient at best, according to Rezilion.

Multi-modal data protection with AI’s help
IT generally must deal with first order chaos and risk much like hurricanes in meteorology or viruses in biology: complex and dangerous – but fundamentally unthinking – threats such as failed processes, degraded parts and other natural and manageable failures.

Strategies for ensuring compliance and security in outdated healthcare IT systems
In this Help Net Security video, Jim Jackson, President of TuxCare, discusses how healthcare IT teams can automate the process of taking new patches through staging, testing, and production on legacy systems while also establishing end-to-end threat monitoring and maintaining compliance.

Assess multi-cloud security with the open-source CNAPPgoat project
Ermetic released CNAPPgoat, an open-source project that allows organizations to test their cloud security skills, processes, tools, and posture in interactive sandbox environments that are easy to deploy and destroy. It is available on GitHub.

Keeping the cloud secure with a mindset shift
Organizations can minimize the risks associated with misconfigurations and other human errors by empowering teams with the knowledge and tools they need to implement secure practices.

CyFox disclose Stremio vulnerability, developers don’t agree on findings
The Stremio team published a blog post saying that they’ve received a report from CyFox, but that they did not consider it valid, so they decided to not respond to them.

How the best CISOs leverage people and technology to become superstars
What separates superstar CISOs from the rest of the pack is that they are keenly aware of the burgeoning threat landscape and the cybersecurity skills shortage, but they don’t give in to despair.

The race against time in ransomware attacks
Most organizations lack strong cyber resilience strategies or data security capabilities to address threats and maintain business continuity, according to BigID.

The gap in users’ identity security knowledge gives cybercriminals an opening
With exponential growth in the number of human and machine actors on the network and more sophisticated technology in more places, identity in this new era is rapidly becoming a super-human problem, according to RSA.

Salesforce and Meta suffer phishing campaign that evades typical detection methods
The Guardio research team discovered an email phishing campaign exploiting a zero-day vulnerability in Salesforce’s legitimate email services and SMTP servers.

1 in 100 emails is malicious
BEC and phishing attacks soar by 20% and 41% respectively in H1 2023, according to Perception Point.

Infosec products of the month: July 2023
Here’s a look at the most interesting products from the past month, featuring releases from: BreachRx, Code42, ComplyAdvantage, Darktrace, Dig Security, Diligent, Fidelis Cybersecurity, Hubble, Netscout, Panorays, Privacera, Regula, SeeMetrics, Tenable, and WatchGuard.

New infosec products of the week: August 4, 2023
Here’s a look at the most interesting products from the past week, featuring releases from Forescout, Menlo Security, Qualys, Sonar, SpecterOps, Synopsys, Traceable AI, and Lineaje.


Subscribe to the Help Net Security breaking news e-mail alerts:

More about

Don't miss