Week in review: Security Onion 2.4 released, WinRAR vulnerable to RCE

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Week in review

Network detection and response in the modern era
In this Help Net Security interview, David Gugelmann, CEO at Exeon, sheds light on the current cyber threats and their challenges for network security. He discusses the role of Network Detection and Response (NDR) solutions that leverage machine learning algorithms to improve threat detection and streamline incident response.

Lazarus Group exploited ManageEngine vulnerability to target critical infrastructure
North Korean state-sponsored hackers Lazarus Group have been exploiting a ManageEngine ServiceDesk vulnerability (CVE-2022-47966) to target internet backbone infrastructure and healthcare institutions in Europe and the US.

Maintaining consistent security in diverse cloud infrastructures
In this Help Net Security interview, Kennedy Torkura, CTO at Mitigant, discusses the complexity of maintaining clear visibility into cloud environments, why it poses such a challenge for CISOs, and how they can prepare to address potential issues.

Anticipating the next wave of IoT cybersecurity challenges
In this Help Net Security interview, Roland Atoui, Managing Director at Red Alert Labs, discusses the intricacies of transitioning from isolated IoT setups to interconnected environments, examining the broadening attack surface and the nuanced complexities this evolution imposes.

AI and the evolution of surveillance systems
In this Help Net Security interview, Gerwin van der Lugt, CTO at Oddity, discusses the future of surveillance and AI’s influence. He also delves into how organizations can prevent their systems from perpetuating biases or violating individual rights.

IEEE 802.11az provides security enhancements, solves longstanding problems
In this Help Net Security interview, Jonathan Segev, IEEE 802.11 Task Group (TG) Chair of next-generation positioning (TGaz) at IEEE, discusses IEEE 802.11az. The new standard will enable accuracy to less than 0.1 meters, which is a significant improvement from the current Wi-Fi location accuracy of 1-2 meters.

8 open-source OSINT tools you should try
Open-Source Intelligence (OSINT) refers to gathering, assessing, and interpreting public information to address specific intelligence queries. All the tools listed here are available for free.

Chrome will tell users when extensions they use are removed from Chrome Web Store
Google will be extending the Safety check feature within the Chrome browser to alert users when a previously installed extension is no longer available in the Chrome Web Store.

WinRAR vulnerable to remote code execution, patch now! (CVE-2023-40477)
RARLAB has fixed a high-severity RCE vulnerability (CVE-2023-40477) in the popular file archiver tool WinRAR. CVE-2023-40477 is a remote code execution vulnerability that could allow remote threat actors to execute arbitrary code on an affected WinRAR installation.

Juniper Networks fixes flaws leading to RCE in firewalls and switches
Juniper Networks has fixed four vulnerabilities (CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, CVE-2023-36847) in Junos OS that, if chained together, could allow attackers to achieve remote code execution (RCE) on the company’s SRX firewalls and EX switches.

Seiko joins growing list of ALPHV/BlackCat ransomware victims
Japanese watchmaker Seiko has been added to ALPHV (BlackCat) ransomware group’s victim list, following a data breach occurring in early August. With the investigation still ongoing, the company is working to prevent additional damage and has urged customers and business partners to contact them if they receive unsolicited emails or notifications.

Ivanti Sentry zero-day vulnerability exploited, patch ASAP! (CVE-2023-38035)
Ivanti is urging administrators of Ivanti Sentry (formerly MobileIron Sentry) gateways to patch a newly discovered vulnerability (CVE-2023-38035) that could be exploited to change configuration, run system commands, or write files onto the vulnerable system.

Open redirect flaws increasingly exploited by phishers
Phishing attacks using open redirect flaws are on the rise again, according to Kroll’s Cyber Threat Intelligence (CTI) team, which means organizations should consider refreshing employees’ awareness and knowledge on how to spot them.

Bogus OfficeNote app delivers XLoader macOS malware
A new macOS-specific variant of the well known XLoader malware is being delivered disguised as the “OfficeNote” app. XLoader is a malware-as-a-service infostealer and botnet that has been active since 2015, but first appeared as a macOS variant in 2021, written in Java.

Surge in identity crime victims reporting suicidal thoughts
Identity theft can have great financial impact on the victims, but the experienced emotional, physical and psychological impact can be even more devastating, according to the 2023 Consumer Impact Report from the Identity Theft Resource Center (ITRC) and Experian.

Attackers exploited WinRAR zero-day for months to steal money from brokers (CVE-2023-38831)
Financially-motivated attackers have exploited a zero-day vulnerability in WinRAR (CVE-2023-38831) to trick traders into installing malware that would allow them to steal money from broker accounts.

Kali Linux 2023.3 released: Kali NetHunter app redesign, 9 new tools, and more!
Offensive Security has released Kali Linux 2023.3, the latest version of its penetration testing and digital forensics platform. Kali Linux 2023.3 introduces a redesigned Kali NetHunter app and a completely new NetHunter Terminal.

Bitwarden launches E2EE Secrets Manager
Bitwarden, a popular open-source password management service, has released Bitwarden Secrets Manager, an open-source, end-to-end encrypted solution that helps development, IT and DevOps teams store, manage, automate, and share secrets.

Cloud hosting firms hit by devastating ransomware attack
Danish cloud hosting firms CloudNordic and Azero – both owned by Certiqa Holding – have suffered a ransomware attack that resulted in most customer data being stolen and systems and servers rendered inaccessible.

Google Workspace: New account security, DLP capabilities announced
New capabilities in Google Workspace will help enterprises improve account and data security, by making unauthorized takeover of admin and user accounts and exfiltration of sensitive data more difficult.

The complex world of CISO responsibilities
In this Help Net Security round-up, we present segments from previously recorded videos featuring experts in the field who shed light on the crucial responsibilities and challenges that define the world of CISOs.

Understanding how attackers exploit APIs is more important than ever
In this Help Net Security video, Andy Hornegold, Product Lead at Intruder, dives into API security and explores how several recent high-profile breaches were caused by simple failings – which didn’t require sophisticated security to prevent.

How the downmarket impacted enterprise cybersecurity budgets
In this Help Net Security video, Sara Behar, Content Manager at YL Ventures, discusses how enterprise cybersecurity budgets have been impacted by the downmarket and how vendors can adapt.

How digital identity protects connected cars
In this Help Net Security video, Eve Maler, CTO at ForgeRock, discusses how digital identity can help create a more secure connected car experience and what car manufacturers should consider regarding data privacy regulation.

How EU lawmakers can make mandatory vulnerability disclosure responsible
There is a standard playbook and best practice for when an organization discovers or is notified about a software vulnerability: The organization works quickly to fix the problem and, once a fix is available, discloses that vulnerability for the benefit of the community.

IT’s rising role in physical security technology
As the adoption of cloud-based and mobile-access security systems continues to increase among both new and established businesses, the lines between traditional physical security personnel and IT staff are beginning to blur.

Does a secure coding training platform really work?
As security vulnerabilities are reported to you time and again, you may ask yourself: “Why don’t these developers learn the lesson?” The next thing you may think is: “We should train developers, so they stop making these mistakes.”

Cybersecurity insurance is missing the risk
Cybersecurity insurance is a rapidly growing market, swelling from approximately $13B in 2022 to an estimated $84B in 2030 (26% CAGR), but insurers are struggling with quantifying the potential risks of offering this type of insurance.

ImmuniWeb introduces ImmuniWeb Neuron Mobile, an automated mobile app security testing solution
ImmuniWeb has introduced ImmuniWeb Neuron Mobile – its 6th product available on the ImmuniWeb AI Platform that currently covers over 20 cybersecurity, privacy and compliance use cases.

Organizations invest in AI tools to elevate email security
To counteract new and emerging threat methods enhanced by artificial intelligence, specialized email security vendors are leveraging a synergy of AI and human insights to enhance email security, according to IRONSCALES and Osterman Research.

Large-scale breaches overshadow decline in number of healthcare data incidents
While H1 2023 saw an encouraging decrease in the overall number of data breaches impacting healthcare organizations, it was overshadowed by large-scale breaches resulting in a significant increase in the number of individuals affected, which reached record levels, according to Critical Insight.

Cybercriminals turn to AI to bypass modern email security measures
Cybercriminals employ artificial intelligence (AI) to create complex email threats like phishing and business email compromise (BEC) attacks, while modern email security systems use AI to counter these attacks, according to Perception Point and Osterman Research.

Lack of visibility into cloud access policies leaves enterprises flying blind
Fragmented access policies are top security concern in multi-cloud environments, with more than 75% of enterprises reporting they do not know where applications are deployed and who has access to them, according to Strata Identity.

Unrealistic expectations exacerbate the cybersecurity talent shortage
Consumers believe today’s cybersecurity talent shortage is in large part due to limited exposure to the profession and a lack of cybersecurity education and training at a younger age within school systems, according to ThreatX.

Ransomware dwell time hits new low
Median attacker dwell time—the time from when an attack starts to when it’s detected—shrunk from 10 to eight days for all attacks, and to five days for ransomware attacks during the first half of 2023, according to Sophos.

New infosec products of the week: August 25, 2023
Here’s a look at the most interesting products from the past week, featuring releases from Security Onion, OffSec, ImmuniWeb, LOKKER, Kingston Digital and Bitwarden.

More about

Don't miss