Week in review: 10 cybersecurity frameworks you need to know, exploited Chrome zero-day fixed
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:
Key elements for a successful cyber risk management strategy
In this Help Net Security interview, Yoav Nathaniel, CEO at Silk Security, discusses the evolution of cyber risk management strategies and practices, uncovering common mistakes and highlighting key components for successful risk resolution.
CISOs’ crucial role in aligning security goals with enterprise expectations
In this Help Net Security interview, Chris Mixter, Vice President, Analyst at Gartner, discusses the dynamic world of CISOs and how their roles have evolved significantly over the years.
Ransomware negotiation: When cybersecurity meets crisis management
In this Help Net Security interview, Tim Morris, Chief Security Advisor at Tanium, discusses ransomware negotiation, how it typically unfolds, and how organizations should have a playbook that clearly outlines what to do, when to do it, who is notified, who will inform the board, who will talk to the press, etc.
Adalanche: Open-source Active Directory ACL visualizer, explorer
Adalanche provides immediate insights into the permissions of users and groups within an Active Directory.
Tsurugi Linux: Tailoring user experience for digital forensics and OSINT investigations
Tsurugi Linux is a heavily customized open-source distribution focused on supporting DFIR investigations.
Skytrack: Open-source aircraft reconnaissance tool
Skytrack is an open-source command-line tool for plane spotting and aircraft OSINT reconnaissance.
Windows SmartScreen bug exploited to deliver powerful info-stealer (CVE-2023-36025)
A vulnerability (CVE-2023-36025) that Microsoft fixed in November 2023 continues to be exploited by malware peddlers: this time around, the delivered threat is a variant of the Phemedrone Stealer.
1,700 Ivanti VPN devices compromised. Are yours among them?
Over 1,700 Ivanti Connect Secure VPN devices worldwide have been compromised by attackers exploiting two zero-days with no patches currently available.
Atlassian reveals critical Confluence RCE flaw, urges “immediate action” (CVE-2023-22527)
Atlassian has patched a critical vulnerability (CVE-2023-22527) in Confluence Data Center and Confluence Server that could lead to remote code execution.
Google fixes actively exploited Chrome zero-day (CVE-2024-0519)
In the new stable release of the Chrome browser, Google has fixed three security vulnerabilities affecting the V8 engine, including one zero-day (CVE-2024-0519) with an existing exploit.
VMware: Plug critical Aria Automation hole immediately! (CVE-2023-34063)
A critical vulnerability (CVE-2023-34063) affecting VMware Aria Automation and VMware Cloud Foundation can be exploited by attackers to gain access to remote organizations and workflows, VMware has warned.
Poorly secured PostgreSQL, MySQL servers targeted by ransomware bot
Users exposing poorly secured PostgreSQL and MySQL servers online are in danger of getting their databases wiped by a ransomware bot, Border0 researchers are warning.
Juniper fixes critical RCE in its SRX firewalls and EX switches (CVE-2024-21591)
Juniper Networks has fixed a critical pre-authentication remote code execution (RCE) vulnerability (CVE-2024-21591) in Junos OS on SRX firewalls and EX switches.
The right strategy for effective cybersecurity awareness
Employees play a significant role in safeguarding organizational assets. With a constantly evolving threat landscape, cybersecurity awareness training is an essential component in creating a good security culture.
Ivanti EPMM and MobileIron Core vulnerability is actively exploited, CISA confirms (CVE-2023-35082)
A previously patched critical vulnerability (CVE-2023-35082) affecting Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core is being actively exploited, the Cybersecurity and Infrastructure Security Agency (CISA) has confirmed by adding the vulnerability to its Known Exploited Vulnerabilities Catalog (KEV).
The power of AI in cybersecurity
The widespread adoption of artificial intelligence (AI), particularly generative AI (GenAI), has revolutionized organizational landscapes and transformed both the cyber threat landscape and cybersecurity.
Flipping the BEC funnel: Phishing in the age of GenAI
In addition to deploying the right AI security tools, every CISO should prioritize security awareness training and phishing simulation testing.
Preventing insider access from leaking to malicious actors
In this Help Net Security video, John Morello, CTO of Gutsy, discusses the often-overlooked aspect of cybersecurity – the offboarding process.
10 cybersecurity frameworks you need to know about
As cyber threats grow more sophisticated, understanding and implementing robust cybersecurity frameworks is crucial for organizations of all sizes.
3 ways to combat rising OAuth SaaS attacks
OAuth integrations are used to improve workflows, add functionality and improve the usability of the original application. However, when deployed by threat actors, they are very dangerous and difficult to detect.
Best practices to mitigate alert fatigue
In this Help Net Security video, Peter Manev, Chief Strategy Officer at Stamus Networks, discusses a pervasive problem plaguing security analysts called “alert fatigue,” – which occurs when security teams become desensitized to an overwhelming volume of alerts, causing them to miss or overlook critical events and have slower response times.
Kaspersky releases utility to detect iOS spyware infections
Kaspersky’s researchers have developed a lightweight method to detect indicators of infection from sophisticated iOS spyware such as NSO Group’s Pegasus, QuaDream’s Reign, and Intellexa’s Predator through analyzing a log file created on iOS devices.
Security considerations during layoffs: Advice from an MSSP
One of the first decisions an organization should make before any downsizing efforts is to decide how transparent they will be about the layoff process with the affected employees.
Attribute-based encryption could spell the end of data compromise
The future of data privacy is the end of compromise. With the world producing data at astounding rates, we need ways to put data to the best use while protecting against breaches and ensuring privacy, data protection and access control.
Out with the old and in with the improved: MFA needs a revamp
One of the key areas where cyber protection will continue to evolve in 2024 is multi-factor authentication (MFA).
New infosec products of the week: January 19, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Living Security, Skopenow, Skyhigh Security, and Wing Security.