Week in review: AnyDesk phishing campaign targets employees, Microsoft fixes exploited zero-days

Week in review

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Integrating cybersecurity into vehicle design and manufacturing
In this Help Net Security interview, Yaron Edan, CISO at REE Automotive, discusses the cybersecurity landscape of the automotive industry, mainly focusing on electric and connected vehicles.

The future of cybersecurity: Anticipating changes with data analytics and automation
In this Help Net Security interview, Mick Baccio, Staff Security Strategist at Splunk SURGe, discusses the future of cybersecurity, emphasizing the importance of data analytics and automation in addressing evolving threats.

Rise in cyberwarfare tactics fueled by geopolitical tensions
In this Help Net Security interview, Matt Shelton, Head of Threat Research and Analysis at Google Cloud, discusses the latest Threat Horizons Report, which provides intelligence-derived trends, expertise, and recommendations on threat actors to help inform cloud customer security strategies in 2024.

SiCat: Open-source exploit finder
SiCat is an open-source tool for exploit research designed to source and compile information about exploits from open channels and internal databases.

Fabric: Open-source framework for augmenting humans using AI
Fabric is an open-source framework, created to enable users to granularly apply AI to everyday challenges.

Decryptor for Rhysida ransomware is available!
Files encrypted by Rhysida ransomware can be successfully decrypted, due to a implementation vulnerability discovered by Korean researchers and leveraged to create a decryptor.

Critical Fortinet FortiOS flaw exploited in the wild (CVE-2024-21762)
Fortinet has patched critical remote code execution vulnerabilities in FortiOS (CVE-2024-21762, CVE-2024-23313), one of which is “potentially” being exploited in the wild.

Roundcube webmail XSS vulnerability exploited by attackers (CVE-2023-43770)
CVE-2023-43770, a vulnerability in the Roundcube webmail software that has been fixed in September 2023, is being exploited by attackers in the wild, CISA has warned by adding the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.

Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351)
On February 2024 Patch Tuesday, Microsoft has delivered fixes for 72 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-21412, CVE-2024-21351) that are being leveraged by attackers in the wild.

QNAP fixes OS command injection flaws affecting its NAS devices (CVE-2023-47218, CVE-2023-50358)
QNAP Systems has patched two unauthenticated OS command injection vulnerabilities (CVE-2023-47218, CVE-2023-50358) in various versions of the operating systems embedded in the firmware of their popular network-attached storage (NAS) devices.

Protecting against AI-enhanced email threats
Generative AI based on large language models (LLMs) has become a valuable tool for individuals and businesses, but also cybercriminals.

Attackers injected novel DSLog backdoor into 670 vulnerable Ivanti devices (CVE-2024-21893)
Hackers are actively exploiting a vulnerability (CVE-2024-21893) in Ivanti Connect Secure, Policy Secure and Neurons for ZTA to inject a “previously unknown and interesting backdoor” dubbed DSLog.

Corporate users getting tricked into downloading AnyDesk
Hackers are leveraging the AnyDesk remote desktop application in a phishing campaign targeting employees, Malwarebytes warns.

How are state-sponsored threat actors leveraging AI?
Microsoft and OpenAI have identified attempts by various state-affiliated threat actors to use large language models (LLMs) to enhance their cyber operations.

Battery maker Varta halts production after cyberattack
German battery manufacturer Varta was forced to shut down its IT systems and stop production as a result of a cyberattack.

We can’t risk losing staff to alert fatigue
When important cybersecurity information is buried in inconsequential noise, the results can be dire. Cybersecurity teams need to prioritize their resources and focus on the areas where they are at the most risk.

Hacking the flow: The consequences of compromised water systems
In this Help Net Security video, Andy Thompson, Offensive Cybersecurity Research Evangelist at CyberArk, discusses the dire consequences of hacking water systems and why their cybersecurity must be prioritized.

5 free digital forensics tools to boost your investigations
Many cutting-edge digital forensics tools are on the market, but for those who cannot afford them, here’s a list of great free solutions to get you started.

AI outsourcing: A strategic guide to managing third-party risks
In an era of artificial intelligence (AI) revolutionizing business practices, many companies are turning to third-party AI services for a competitive edge.

How purple teaming enhances inter-team collaboration and effectiveness in cybersecurity
In this Help Net Security video, Andrew Costis, Chapter Lead of the Adversary Research Team at AttackIQ, discusses how purple teaming allows security teams to break down barriers between teams and increase operational effectiveness.

Ransomware tactics evolve, become scrappier
As we enter 2024, ransomware remains the most significant cyberthreat facing businesses, according to Malwarebytes.

Gmail & Yahoo DMARC rollout: When cyber compliance gives a competitive edge
The decision by Gmail and Yahoo to implement DMARC protocols may stir frustration among businesses, especially smaller ones with limited cybersecurity resources.

How to take control of personal data
In this Help Net Security video, James Dyer, Threat Intelligence Lead at Egress, talks about how we can better protect ourselves from being victims of cybercrime.

QR code attacks target organizations in ways they least expect
QR code attacks, or “quishing” attacks, have emerged as a popular tactic among cybercriminals, with no signs of slowing down, according to Abnormal Security.

Collaboration at the core: The interconnectivity of ITOps and security
In this Help Net Security video, Krista Macomber, Research Director at The Futurum Group, discusses how IT and security teams increasingly unite against cyber threats.

Product showcase: SearchInform Risk Monitor – next-gen DLP based insider threat mitigation platform
Basically, DLP systems are aimed at prevention of data leaks, and in real-life mode they monitor and block (if required) transmitting of confidential data. However, the traditional approach to DLP system isn’t sufficient. That’s why SearchInform offers the next-gen platform for internal threat mitigation – Risk Monitor (hereinafter RM).

New infosec products of the week: February 16, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Appdome, Center for Internet Security, Cyberhaven, LOKKER, Sumsub, and CompliancePro Solutions.

OPIS

Subscribe to the Help Net Security breaking news e-mail alerts:

OPIS
More about

Don't miss