Week in review: GitLab account takeover flaw, attackers exploiting Ivanti Connect Secure zero-days

Week in review

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Social engineer reveals effective tricks for real-world intrusions
In this Help Net Security interview, Jayson E. Street, Chief Adversarial Officer at Secure Yeti, discusses intriguing aspects of social engineering and unconventional methods for gathering target information.

Understanding zero-trust design philosophy and principles
In this Help Net Security interview, Phil Vachon, Head of Infrastructure in the Office of the CTO at Bloomberg, discusses the varying definitions of zero trust among security professionals and companies, emphasizing its broad design philosophy.

Embracing offensive cybersecurity tactics for defense against dynamic threats
In this Help Net Security, Alexander Hagenah, Head of Cyber Controls at SIX, discusses the critical steps in creating effective offensive security operations and their impact on organizational security strategies.

AuthLogParser: Open-source tool for analyzing Linux authentication logs
AuthLogParser is an open-source tool tailored for digital forensics and incident response, specifically crafted to analyze Linux authentication logs (auth.log).

Securing AI systems against evasion, poisoning, and abuse
Adversaries can intentionally mislead or “poison” AI systems, causing them to malfunction, and developers have yet to find an infallible defense against this. In their latest publication, NIST researchers and their partners highlight these AI and machine learning vulnerabilities.

Fly Catcher: Detect aircraft spoofing by monitoring for malicious signals
Fly Catcher is an open-source device that can detect aircraft spoofing by monitoring for malicious ADS-B signals in the 1090MHz frequency.

Critical GitLab flaw allows account takeover without user interaction, patch quickly! (CVE-2023-7028)
A critical vulnerability in GitLab CE/EE (CVE-2023-7028) can be easily exploited by attackers to reset GitLab user account passwords.

“Security researcher” offers to delete data stolen by ransomware attackers
When organizations get hit by ransomware and pay the crooks to decrypt the encrypted data and delete the stolen data, they can never be entirely sure the criminals will do as they promised.

Attackers could use vulnerabilities in Bosch Rexroth nutrunners to disrupt automotive production
Researchers have discovered over two dozen vulnerabilities in “smart” cordless nutrunners (i.e., pneumatic torque wrenches) manufactured by Bosch Rexroth that could be exploited to make the devices inoperable or their output unreliable.

Microsoft fixes critical flaws in Windows Kerberos, Hyper-V (CVE-2024-20674, CVE-2024-20700)
For January 2024 Patch Tuesday, Microsoft has released fixes for 49 CVE-numbered vulnerabilities, two of which are critical: CVE-2024-20674 and CVE-2024-20700.

SEC’s X account hacked to post fake news of Bitcoin ETF approval
Someone has hijacked the X (formerly Twitter) account of the US Securities and Exchange Commission (SEC), and posted an announcement saying the agency has decided to allow the listing of Bitcoin ETFs (exchange-traded funds) on registered national security exchanges.

Ivanti Connect Secure zero-days exploited by attackers (CVE-2023-46805, CVE-2024-21887)
Two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Ivanti Connect Secure VPN devices are under active exploitation by unknown attackers, Volexity researchers have discovered.

Review: Engineering-grade OT security: A manager’s guide
In this book, the author tries to answer the question “How much [of both] is enough?” and explains that the answer actually lies in the consequences of compromise that will “drive the decision process”.

SQLi vulnerability in Cacti could lead to RCE (CVE-2023-51448)
A blind SQL injection vulnerability (CVE-2023-51448) in Cacti, a widely-used network monitoring, performance and fault management framework, could lead to information disclosure and potentially remote code execution.

Hackers are targeting exposed MS SQL servers with Mimic ransomware
Hackers are brute-forcing exposed MS SQL database servers to deliver Mimic ransomware, Securonix researchers are warning.

Critical Cisco Unity Connection flaw gives attackers root privileges. Patch now! (CVE-2024-20272)
Cisco has fixed a critical vulnerability (CVE-2024-20272) in Cisco Unity Connection that could allow an unauthenticated attacker to upload arbitrary files and gain root privilege on the affected system.

If you prepare, a data security incident will not cause an existential crisis
Why is it that when a company becomes aware of a potential data security incident, the team working on it (and others who are made aware that “something” is going on) have an immediate and overwhelming feeling that the company is doomed?

Top 2024 AppSec predictions
In this Help Net Security video, Shahar Man, CEO of Backslash Security, offers his top three AppSec predictions for 2024, uncovering future trends.

Researchers develop technique to prevent software bugs
A team of computer scientists led by the University of Massachusetts Amherst recently announced a new method for automatically generating whole proofs that can be used to prevent software bugs and verify that the underlying code is correct.

Top LLM vulnerabilities and how to mitigate the associated risk
As large language models (LLMs) become more prevalent, a comprehensive understanding of the LLM threat landscape remains elusive.

The growing challenge of cyber risk in the age of synthetic media
In this Help Net Security video, Mike Bechtel, Chief Futurist at Deloitte, discusses the digital risk of cyber-attacks from the proliferation of AI-generated content and synthetic media in our digital landscape.

Purple teaming and the role of threat categorization
Organizations constantly work to ensure optimal threat detection and prevention across their systems. One question gets asked repeatedly: “Can we detect the threats we’re supposed to be able to detect?”

The power of basics in 2024’s cybersecurity strategies
In this Help Net Security video, Nick Carroll, Cyber Incident Response Manager at Raytheon, discusses how while organizations will be challenged to strengthen their defenses faster than cyber threats are evolving, this ‘come from behind’ rush to keep pace with attackers can often lead to the harmful practice of organizations skipping the foundational basics of cyber defense and failing to establish a general sense of cyber awareness within the business.

Akira ransomware attackers are wiping NAS and tape backups
The attackers pinpointed and targeted organizations with vulnerable internet-facing Cisco ASA or FTD devices and found and wiped target organizations’ backups before deploying the ransomware.

Cloud security predictions for 2024
As we reflect on the cybersecurity landscape and the trajectories of threat vectors, it’s evident that we’re on the cusp of a paradigm shift in cloud security.

The expanding scope of CISO duties in 2024
In this Help Net Security video, Bindu Sundaresan, Director at AT&T Cybersecurity, discusses the ongoing changes we’ll see from the CISO role as digital transformation efforts continue.

Cyber budgets and the VC landscape in 2024
In this Help Net Security video, Marcus Bartram, General Partner at Telstra Ventures, discusses his 2024 cybersecurity predictions.

Accelerate essential cyber hygiene for your small business
Think you’re too small to experience a cyber attack? That’s not the case. In fact, cyber threat actors (CTAs) are increasingly setting their sights on small businesses. If successful, their attack attempts can be devastating.

New infosec products of the week: January 12, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Critical Start, Dasera, ID R&D, and SpecterOps.

More about

Don't miss