Week in review: PoC for Splunk Enterprise RCE flaw released, scope of Okta breach widens

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Week in review

Vulnerability disclosure: Legal risks and ethical considerations for researchers
In this Help Net Security interview, Eddie Zhang, Principal Consultant at Project Black, explores the complex and often controversial world of vulnerability disclosure in cybersecurity.

How passkeys are reshaping user security and convenience
In this Help Net Security interview, Anna Pobletts, Head of Passwordless at 1Password, talks about passkey adoption and its acceleration in 2024. This trend is particularly notable among highly-regulated services like fintech and banking, where users seek a sign-in experience that is simple and familiar.

Strategies for cultivating a supportive culture in zero-trust adoption
In this Help Net Security interview, Wolfgang Goerlich, Advisory CISO at Cisco, discusses the benefits of implementing a mature zero-trust model for both security and business outcomes, revealing a decrease in reported security incidents and enhanced adaptability.

Bridging the risk exposure gap with strategies for internal auditors
In this Help Net Security interview, Richard Chambers, Senior Internal Audit Advisor at AuditBoard, discusses the transformational role of the internal audit function and risk management in helping organizations bridge the gap in risk exposure.

AWS Kill Switch: Open-source incident response tool
AWS Kill Switch is an open-source incident response tool for quickly locking down AWS accounts and IAM roles during a security incident.

Vigil: Open-source LLM security scanner
Vigil is an open-source security scanner that detects prompt injections, jailbreaks, and other potential threats to Large Language Models (LLMs).

Mosint: Open-source automated email OSINT tool
Mosint is an automated email OSINT tool written in Go designed to facilitate quick and efficient investigations of target emails. It integrates multiple services, providing security researchers with rapid access to a broad range of information.

PoC for Splunk Enterprise RCE flaw released (CVE-2023-46214)
A proof-of-concept (PoC) exploit for a high-severity flaw in Splunk Enterprise (CVE-2023-46214) that can lead to remote code execution has been made public. Users are advised to implement the provided patches or workarounds quickly.

Released: AI security guidelines backed by 18 countries
The UK National Cyber Security Centre (NCSC) has published new guidelines that can help developers and providers of AI-powered systems “build AI systems that function as intended, are available when needed, and work without revealing sensitive data to unauthorised parties.”

Critical ownCloud flaw under attack (CVE-2023-49103)
Attackers are trying to exploit a critical information disclosure vulnerability (CVE-2023-49103) in ownCloud, a popular file sharing and collaboration platform used in enterprise settings.

Okta breach: Hackers stole info on ALL customer support users
The scope of the recent breach of the Okta customer support system is much wider than initially established, the company has admitted on Tuesday: the attackers downloaded a report that contained the names and email addresses of all Okta customer support system users.

PoCs for critical Arcserve UDP vulnerabilities released
Arcserve has fixed critical security vulnerabilities (CVE-2023-41998, CVE-2023-41999, CVE-2023-42000) in its Unified Data Protection (UDP) solution, PoCs for which have been published by Tenable researchers on Monday.

Apple patches two zero-days used to target iOS users (CVE-2023-42916 CVE-2023-42917)
With the latest round of security updates, Apple has fixed two zero-day WebKit vulnerabilities (CVE-2023-42916, CVE-2023-42917) that “may have been exploited against versions of iOS before iOS 16.7.1.”

SMBs face surge in “malware free” attacks
“Malware free” attacks, attackers’ increased reliance on legitimate tools and scripting frameworks, and BEC scams were the most prominent threats small and medium businesses (SMBs) faced in Q3 2023, says the inaugural SMB Threat Report by Huntress, a company that provides a security platform and services to SMBs and managed service providers (MSPs).

Slovenian power company hit by ransomware
Slovenian power generation company Holding Slovenske Elektrarne (HSE) has been hit by ransomware and has had some of its data encrypted.

Google fixes Chrome zero day exploited in the wild (CVE-2023-6345)
Google has released an urgent security update to fix a number of vulnerabilities in Chrome browser, including a zero-day vulnerability (CVE-2023-6345) that is being actively exploited in the wild.

CISA urges water facilities to secure their Unitronics PLCs
News that Iran-affiliated attackers have taken over a programmable logic controller (PLC) at a water system facility in Pennsylvania has been followed by a public alert urging other water authorities to immediately secure their own PLCs.

Why it’s the perfect time to reflect on your software update policy
Historically, software updates have been an opportunity for developers to strike a balance between introducing new features and addressing known vulnerabilities. However, in the face of an increasingly nimble attacker community and an overall jump in attack sophistication, this balance has tipped towards a more urgent need for rapid security responsiveness.

Bridging the gap between cloud vs on-premise security
With the proliferation of SaaS applications, remote work and shadow IT, organizations feel obliged to embrace cloud-based cybersecurity. And rightly so, because the corporate resources, traffic, and threats are no longer confined within the office premises.

Security leaders on high alert as GenAI poses privacy and security risks
In this Help Net Security video, Neil Cohen, Head of Go-To-Market at Portal26, discusses why security leaders are concerned about GenAI privacy and security risks. While the advantages of GenAI are indisputable, a lack of visibility will result in reduced efficiency and increased vulnerabilities in areas such as governance, privacy, and beyond.

Guarding the gateway: Securing dispersed networks
In this Help Net Security video, Martin Roesch, CEO of Netography, discusses why the shift is happening now, the top challenges organizations face to secure their dispersed networks, and how to successfully evolve with and secure today’s networks.

Enterprises prepare for the inevitable cyber attack
In this Help Net Security video, Rahul Pawar, Global VP of Security Go-To-Market, CTO of Global Services & Solutions at Commvault, discusses why business leaders must play a key role in ensuring companies prioritize cyber preparedness.

What custom GPTs mean for the future of phishing
In this Help Net Security video, Tal Zamir, CTO of Perception Point, believes this will be a powerful tool malicious actors will use to amp up phishing campaigns, as they’ll gain an efficient way to boost customized phishing email output beyond their use of traditional ChatGPT.

Key drivers of software security for financial services
In this Help Net Security video, Chris Eng, Chief Research Officer at Veracode, discusses how financial organizations would benefit from increased automation and secure coding techniques to help them prevent, detect, and respond to vulnerabilities faster than ever.

Report: The state of authentication security 2023
This survey set out to explore these challenges, to identify common practices, and to provide insight into how organizations can bolster their defenses.

Generative AI security: Preventing Microsoft Copilot data exposure
Copilot is an AI assistant that lives inside each of your Microsoft 365 apps — Word, Excel, PowerPoint, Teams, Outlook, and so on. Microsoft’s dream is to take the drudgery out of daily work and let humans focus on being creative problem-solvers.

Product showcase: New ESET Home Security
ESET HOME Security subscriptions are available on all major operating systems —Windows, macOS, Android, and iOS. With the new offering, ESET introduces two groundbreaking features to bolster online security and privacy—VPN and Identity Protection.

Infosec products of the month: November 2023
Here’s a look at the most interesting products from the past month, featuring releases from: Action1, Amazon, Aqua Security, ARMO, Datadog, Devo Technology, Druva, Entrust, Enzoic, Fortanix, GitHub, Illumio, Immuta, IRONSCALES, Kasada, Lacework, Malwarebytes, Nitrokey, OneSpan, Paladin Cloud, Snappt, ThreatModeler, and Varonis.

New infosec products of the week: December 1, 2023
Here’s a look at the most interesting products from the past week, featuring releases from Amazon, Datadog, Entrust, Fortanix, GitHub, Nitrokey, and Paladin Cloud.

More about

Don't miss