Week in review: Windows Event Log zero-day, exploited critical Jenkins RCE flaw

Week in review

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Prioritizing cybercrime intelligence for effective decision-making in cybersecurity
In this Help Net Security interview, Alon Gal, CTO at Hudson Rock, discusses integrating cybercrime intelligence into existing security infrastructures.

Proactive cybersecurity: A strategic approach to cost efficiency and crisis management
In this Help Net Security interview, Stephanie Hagopian, VP of Security at CDW, discusses offensive strategies in the face of complex cyberattacks and the role of the zero-trust model.

Custom rules in security tools can be a game changer for vulnerability detection
In this Help Net interview, Isaac Evans, CEO at Semgrep, discusses the balance between speed and thoroughness in CI/CD pipeline security scanning.

NIS2 Directive raises stakes for security leaders
In this Help Net Security interview, Roland Palmer, VP Global Operations Center at Sumo Logic, discusses key challenges and innovations of the NIS2 Directive, aiming to standardize cybersecurity practices across sectors.

Faction: Open-source pentesting report generation and collaboration framework
Faction is an open-source solution that enables pentesting report generation and assessment collaboration.

CVEMap: Open-source tool to query, browse and search CVEs
CVEMap is an open-source command-line interface (CLI) tool that allows you to explore Common Vulnerabilities and Exposures (CVEs).

Self-managed GitLab installations should be patched again (CVE-2024-0402)
Less than two weeks after having plugged a security hole that allows account takeover without user interaction, GitLab Inc. has patched a critical vulnerability (CVE-2024-0402) in GitLab CE/EE again and is urging users to update their installations immediately.

A zero-day vulnerability (and PoC) to blind defenses relying on Windows event logs
A zero-day vulnerability that, when triggered, could crash the Windows Event Log service on all supported (and some legacy) versions of Windows could spell trouble for enterprise defenders.

Threat actor used Vimeo, Ars Technica to serve second-stage malware
A financially motivated threat actor tracked as UNC4990 is using booby-trapped USB storage devices and malicious payloads hosted on popular websites such as Ars Technica, Vimeo, GitHub and GitLab to surreptitiously deliver malware.

Third-party risk management best practices and why they matter
With organizations increasingly relying on third-party vendors, upping the third-party risk management (TPRM) game has become imperative to prevent the fallout of third-party compromises.

Critical Jenkins RCE flaw exploited in the wild. Patch now! (CVE-2024-23897)
Several proof-of-concept (PoC) exploits for a recently patched critical vulnerability (CVE-2024-23897) in Jenkins have been made public and there’s evidence of exploitation in the wild.

How to make developers accept DevSecOps
According to a recent Dynatrace report, only 50% of CISOs believe that development teams have thoroughly tested the software for vulnerabilities before deploying it into the production environment.

Zero trust implementation: Plan, then execute, one step at a time
82% of cybersecurity professionals have been working on implementing zero trust last year, and 16% should be on it by the end of this year.

FBI disrupts Chinese botnet used for targeting US critical infrastructure
The FBI has disrupted the KV botnet, used by People’s Republic of China (PRC) state-sponsored hackers (aka “Volt Typhoon”) to target US-based critical infrastructure organizations.

Great security or great UX? Both, please
The choice between security and UX is an entirely false choice: Security and UX are complementary and self-reinforcing.

Ransomware recap 2023 highlights cybersecurity crisis
In this Help Net Security video, Yochai Corem, CEO of Cyberint, explores the ransomware environment’s development, effects, and emerging patterns throughout the previous year.

Hundreds of network operators’ credentials found circulating in Dark Web
Resecurity conducted extensive monitoring of the Dark Web, uncovering over 1,572 customers of RIPE, APNIC, AFRINIC, and LACNIC who were compromised due to malware activity involving well-known password stealers like Redline, Vidar, Lumma, Azorult, and Taurus.

Free ransomware recovery tool White Phoenix now has a web version
White Phoenix is a free ransomware recovery tool for situations where files are encrypted with intermittent encryption.

Does CVSS 4.0 solve the exploitability problem?
The newest version of the vulnerability scoring system CVSS 4.0 is here! After a lengthy gap between version 3 (released in 2015), as of November 2023 version 4.0 is officially live.

Unpacking the challenges of AI cybersecurity
In this Help Net Security video, Tyler Young, CISO at BigID, explores AI’s challenges, triumphs, and future in cybersecurity.

Cybercriminals embrace smarter strategies, less effort
2024 is shaping up to be a record-breaking year for data breaches, according to Experian.

Global critical infrastructure faces relentless cyber activity
In the last year, the world’s critical infrastructure – the medical, power, communications, waste, manufacturing, and transportation equipment that connects people and machines – has been under near-constant attack, according to Forescout.

Cybercriminals replace familiar tactics to exfiltrate sensitive data
Ransomware attacks are increasing again as cybercriminals’ motivation shifts to data exfiltration, according to Delinea.

New infosec products of the week: February 2, 2024
Here’s a look at the most interesting products from the past week, featuring releases from BackBox, ProcessUnity, SentinelOne, and Vade.

More about

Don't miss