Week in review: Sumo Logic breach, 7 free cyber threat maps, Patch Tuesday forecast

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Week in review

Exploring the global shift towards AI-specific legislation
In this Help Net Security interview, Sarah Pearce, Partner at Hunton Andrews Kurth, offers insights into the evolving landscape of AI legislation and its global impact.

Aqua Trivy open-source security scanner now finds Kubernetes security risks
The Aqua Trivy open-source scanner now supports vulnerability scanning for Kubernetes components and Kubernetes Bill of Materials (KBOM) generation.

Atlassian Confluence data-wiping vulnerability exploited
Threat actors are trying to exploit CVE-2023-22518, a critical Atlassian Confluence flaw that allows unauthenticated attackers to reset vulnerable instances’ database, Greynoise is observing.

Okta breach post mortem reveals weaknesses exploited by attackers
The recent breach of the Okta Support system was carried out via a compromised service account with permissions to view and update customer support cases.

Open-source vulnerability disclosure: Exploitable weak spots
Flaws in the vulnerability disclosure process of open-source projects could be exploited by attackers to harvest the information needed to launch attacks before patches are made available, Aqua Security researchers worry.

Google Play will mark independently validated VPN apps
Android VPN apps that have gone through an independent security validation will now be able to claim that distinction on Google Play with a prominent badge in their Data Safety section.

Looney Tunables bug exploited for cryptojacking
Kinsing threat actors have been spotted exploiting the recently disclosed Looney Tunables (CVE-2023-4911) vulnerability to covertly install cryptomining software into cloud-native environments.

Microsoft introduces new access policies in Entra to boost MFA usage
As part of a broader initiative to strengthen security, Microsoft is rolling out Microsoft-managed Conditional Access policies in Entra ID (formerly Azure Active Directory) to increase the use of multifactor authentication (MFA) for enterprise accounts.

Marina Bay Sands breach exposed data of 665,000 customers
Singapore-based luxury resort and casino Marina Bay Sands has suffered a data breach that exposed data of 665,000 non-casino rewards program members.

Sumo Logic discloses potential breach via compromised AWS credential
Cloud-native big data and security analytics firm Sumo Logic is investigating a potential security incident within their platform, the company revealed on Tuesday.

Microsoft Authenticator suppresses suspicious MFA notifications
Microsoft has quietly rolled out a new mechanism that shields users of its mobile Authenticator app from suspicious (and annoying) push notifications triggered by attackers.

MOVEit hackers leverage new zero-day bug to breach organizations (CVE-2023-47246)
A critical zero-day vulnerability (CVE-2023-47246) in the SysAid IT support and management software solution is being exploited by Lace Tempest, a ransomware affiliate known for deploying Cl0p ransomware.

Sandworm hackers incapacitated Ukrainian power grid amid missile strike
Russia-backed ATP group Sandworm is behind the cyberattack that caused disruption of parts of the Ukrainian power grid in late 2022, according to Mandiant.

Chinese multinational bank hit by ransomware
The state-owned Industrial and Commercial Bank of China (ICBC), which is one of the largest banks in the world, has been hit by a ransomware attack that led to disrupted trades in the US Treasury market.

The 3 key stages of ransomware attacks and useful indicators of compromise
For SOC teams to be able to defend their organization against ransomware attacks, they need to have the right security toolset, but also an understanding of the three primary ransomware attack stages.

Securing data at the intersection of the CISO and CDO
In this Help Net Security video, James Beecham, CEO at ALTR, discusses why it may seem like the CISO and CDO share the same goal of deriving business value from data.

7 free cyber threat maps showing attack intensity and frequency
Cyber threat maps are one of the most visually engaging tools in the arsenal of cybersecurity professionals. These real-time visualizations provide a global perspective on digital threats, showcasing the intensity and frequency of attacks as they happen.

Security in the impending age of quantum computers
Quantum computing is poised to be one of the most important technologies of the 21st century.

How AI is transforming consumer privacy expectations
In this Help Net Security video, Robert Waitman, Director of Cisco’s Privacy Center of Excellence, discusses consumers’ perceptions and behaviors on data privacy.

Kubescape 3.0 elevates open-source Kubernetes security
Targeted at the DevSecOps practitioner or platform engineer, Kubescape, the open-source Kubernetes security platform has reached version 3.0.

How to withstand the onslaught of cybersecurity threats
Dispersed IT assets theoretically make management more complicated, but vendor consolidation can counteract that and move things in the right direction.

AI-assisted coding and its impact on developers
In this Help Net Security video, Cat Hicks, VP of Research Insights at Pluralsight, discusses pressing questions that engineering organizations face regarding the rapidly-changing possibilities of AI-assisted coding.

Outdated cryptographic protocols put vast amounts of network traffic at risk
Cryptography is largely taken for granted – rarely evaluated or checked – a practice that could have devastating consequences for businesses as attack surfaces continue to expand, the cost of a data breach rises year-over-year, and the age of quantum computing nears, according to Quantum Xchange.

November 2023 Patch Tuesday forecast: Year 21 begins
The October forecast for large numbers of CVEs addressed in Windows 10 and 11 and the recent record on the number fixed in Windows Server 2012 was spot on!

Unpacking the challenges of anti-money laundering obligations
In this Help Net Security video, Simon McClive, General Manager of Labyrinth Screening at Ripjar, discusses how compliance requires organizations to devise and implement high-quality processes, and getting it right is non-negotiable.

How global password practices are changing
Password health and hygiene improved globally over the past year, reducing the risk of account takeover for consumers and businesses, according to Dashlane.

Rethinking cyber risk: The case against spreadsheets
In this Help Net Security video, Christina Hoefer, VP of Global Industrial Enterprise at Forescout, discusses why it is time for manufacturers/OT security leaders to “toss the spreadsheet” regarding their traditional methods of tracking data for cyber risk assessments.

Microsegmentation proves its worth in ransomware defense
The number of ransomware attacks (successful and unsuccessful) has doubled over the past two years, from 43 on average in 2021 to 86 in 2023, according to Akamai.

The roadblocks to preventive cybersecurity success
In the last two years, the average organization’s cybersecurity program was prepared to defend preventively, or block, just 57% of the cyberattacks it encountered, according to Tenable.

eBook: Keeping Active Directory out of hackers’ cross-hairs
Active Directory is a prime target for threat actors, and companies must act now to eliminate it as a threat vector permanently.

Download: The Ultimate Guide to the CISSP
The The Ultimate Guide to the CISSP covers everything you need to know about the world’s premier cybersecurity leadership certification.

Uphold Linux systems’ performance and availability in Azure
Cloud computing carries many benefits for your business… as long as you can ensure the performance and availability of your cloud environments.

Product showcase: Red Piranha’s security first, single vendor SASE, collaboration with Intel
Red Piranha has released the latest Crystal Eye consolidated security platform officially in global collaboration with Intel on the 12th of October and more details on the Network Builders Panel with Intel later that month.

New infosec products of the week: November 10, 2023
Here’s a look at the most interesting products from the past week, featuring releases from Aqua Security, ARMO, Druva, IRONSCALES, Malwarebytes, and Varonis.

More about

Don't miss