Week in review: VMware patches critical vulnerability, 1Password affected by Okta breach

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

GOAD: Vulnerable Active Directory environment for practicing attack techniques
Game of Active Directory (GOAD) is a free pentesting lab. It provides a vulnerable Active Directory environment for pen testers to practice common attack methods.

“Disappearing” implants, followed by first fixes for exploited Cisco IOS XE zero-day
Cisco has released the first fixes for the IOS XE zero-day (CVE-2023-20198) exploited by attackers to ultimately deliver a malicious implant.

1Password also affected by Okta Support System breach
Following in the footsteps of BeyondTrust and CloudFlare, 1Password has revealed that it has been affected by the Okta Support System breach.

Roundcube webmail zero-day exploited to spy on government entities (CVE-2023-5631)
The Winter Vivern APT group has been exploiting a zero-day vulnerability (CVE-2023-5631) in Roundcube webmail servers to spy on email communications of European governmental entities and a think tank, according to ESET researchers.

Quishing: Tricks to look out for
QR code phishing – aka “quishing” – is on the rise, according to HP, Darktrace, Malwarebytes, AusCERT, and many others.

Microsoft announces wider availability of AI-powered Security Copilot
Microsoft Security Copilot has been made available to a larger number of enterprise customers, via an invitation-only Early Access Program.

VMware patches critical vulnerability in vCenter Server (CVE-2023-34048)
VMware has fixed a critical out-of-bounds write vulnerability (CVE-2023-34048) and a moderate-severity information disclosure flaw (CVE-2023-34056) in vCenter Server, its popular server management software.

Apple news: iLeakage attack, MAC address leakage bug
A group of researchers has developed a side-channel attack exploiting Apple A-series or M-series CPUs’ speculative execution capability to extract sensitive information (such as autofilled passwords or Gmail inbox content) when a Safari user lands on a specially crafted webpage.

How passkeys are changing the face of authentication
As passwordless identity becomes mainstream, the term “passkey” is quickly becoming a new buzzword in cybersecurity. But what exactly is a passkey and why do we need them?

Navigating OT/IT convergence and securing ICS environments
In this Help Net Security video, Christopher Warner, Senior GRC-OT Security Consultant at GuidePoint Security, discusses securing the control systems environment, as well as creating a cybersecurity roadmap.

Wazuh: Free and open-source XDR and SIEM
Wazuh is an open-source platform designed for threat detection, prevention, and response. It can safeguard workloads in on-premises, virtual, container, and cloud settings.

Bracing for AI-enabled ransomware and cyber extortion attacks
As businesses scramble to take the lead in operationalizing AI-enabled interfaces, ransomware actors will use it to scale their operations, widen their profit margins, and increase their likelihood of pulling off successful attacks.

Strategies to overcome cybersecurity misconceptions
In this Help Net Security video, Kevin Kirkwood, Deputy CISO at LogRhythm, stresses that one of the most significant pitfalls is the assumption that their defenses are “good enough.”

What is operational risk and why should you care? Assessing SEC rule readiness for OT and IoT
The reactive nature of cybersecurity has led to a reality in which boards and executive leaders attempt to mitigate risk by tasking security teams to avoid risk.

The primary pain points for SOC teams
Security professionals want to pursue high-impact work, but they’re being held back by growing workloads, shrinking budgets, and a worsening skills shortage, according to Tines.

OT cyber attacks proliferating despite growing cybersecurity spend
The sharp increase in attacks on operational technology (OT) systems can be primarily attributed to two key factors: the escalating global threats posed by nation-state actors and the active involvement of profit-driven cybercriminals (often sponsored by the former).

Only a fraction of risk leaders are prepared for GenAI threats
While 93% of companies recognize the risks associated with using generative AI inside the enterprise, only 9% say they’re prepared to manage the threat, according to Riskonnect.

Raven: Open-source CI/CD pipeline security scanner
Raven (Risk Analysis and Vulnerability Enumeration for CI/CD) is an open-source CI/CD pipeline security scanner that makes hidden risks visible by connecting the dots across vulnerabilities woven throughout the pipeline that, when viewed collectively, reveal a much greater risk than when assessed as one-off CVEs.

New infosec products of the week: October 27, 2023
Here’s a look at the most interesting products from the past week, featuring releases from Darktrace, Data Theorem, Jumio, Malwarebytes, Progress, and Wazuh.