Week in review: LockBit leak site is back online, NIST updates its Cybersecurity Framework

Week in review

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Overcoming the pressures of cybersecurity startup leadership
In this Help Net Security interview, Kunal Agarwal, CEO at Dope Security, offers a look into the CEO’s leadership philosophy, the process of building a high-caliber team, and the unique challenges of navigating a startup in the tech industry.

AI-driven DevOps: Revolutionizing software engineering practices
In this Help Net Security interview, Itamar Friedman, CEO of Codium AI, discusses the integration of AI into DevOps practices and its impact on software development processes, particularly in automating code review, ensuring compliance, and improving efficiency.

How organizations can navigate identity security risks in 2024
In this Help Net Security interview, Deepak Taneja, CEO of Zilla Security, discusses identity security risks and threats. Looking ahead, innovative solutions leveraging AI and automation offer promising avenues to simplify identity management and enhance security in modern work environments.

JCDC’s strategic shift: Prioritizing cyber hardening
In this Help Net Security interview, Geoffrey Mattson, CEO of Xage Security, discusses the evolution of the Joint Cyber Defense Collaborative (JCDC) since its 2021 inception and tackles its 2024 strategic priorities in response to escalating cyber threats.

Web Check: Open-source intelligence for any website
Web Check offers thorough open-source intelligence and enables users to understand a website’s infrastructure and security posture, equipping them with the knowledge to understand, optimize, and secure their online presence.

BobTheSmuggler: Open-source tool for undetectable payload delivery
BobTheSmuggler is an open-source tool designed to easily compress, encrypt, and securely transport your payload. It basically enables you to hide a payload in plain sight.

ScreenConnect flaws exploited to deliver all kinds of malware (CVE-2024-1709, CVE-2024-1708)
The recently patched vulnerabilities (CVE-2024-1709, CVE-2024-1708) in ConnectWise ScreenConnect software are being exploited by numerous attackers to deliver a variety of malicious payloads.

LockBit leak site is back online
LockBitSupp, the individual running the LockBit ransomware-as-a-service operation, has made good on one promise: the LockBit leak site is back online on backup domains, with lists of victims expected to be unveiled in the coming days.

Meta plans to prevent disinformation and AI-generated content from influencing voters
Meta, the company that owns some of the biggest social networks in use today, has explained how it means to tackle disinformation related to the upcoming EU Parliament elections, with a special emphasis on how it plans to treat AI-generated content that’s meant to deceive.

White House: Use memory-safe programming languages to protect the nation
The White House is asking the technical community to switch to using memory-safe programming languages – such as Rust, Python, Swift, C#, Java, and Go – to prevent memory corruption vulnerabilities from entering the digital ecosystem.

State-sponsored hackers know enterprise VPN appliances inside out
Suspected Chinese state-sponsored hackers leveraging Ivanti Connect Secure VPN flaws to breach a variety of organizations have demonstrated “a nuanced understanding of the appliance”, according to Mandiant incident responders and threat hunters.

European retailer Pepco loses €15.5 million in phishing (possibly BEC?) attack
Pepco Group has confirmed that its Hungarian business has been hit by a “sophisticated fraudulent phishing attack.”

Kali Linux 2024.1 released: New tools, new look, new Kali Nethunter kernels
OffSec has released Kali Linux 2024.1, the latest version of its popular penetration testing and digital forensics platform.

Pikabot returns with new tricks up its sleeve
After a short hiatus, Pikabot is back, with significant updates to its capabilities and components and a new delivery campaign.

APT29 revamps its techniques to breach cloud environments
Russian threat actors APT29 are changing their techniques and expanding their targets to access cloud environments, members of the Five Eyes intelligence alliance have warned.

ALPHV/BlackCat threatens to leak data stolen in Change Healthcare cyberattack
The ALPHV/BlackCat ransomware group has claimed responsibility for the cyberattack that targeted Optum, a subsidiary of UnitedHealth Group (UHG), causing disruption to the Change Healthcare platform and affecting pharmacy transactions across the US.

Airbnb scammers pose as hosts, redirect users to fake Tripadvisor site
Scammers on Airbnb are faking technical issues and citing higher fees to get users to a spoofed Tripadvisor website and steal their money.

It’s time for security operations to ditch Excel
Security teams are hiding an embarrassing secret from the outside world: despite their position at the vanguard of technology, security risks and threats, their actual war plans are managed on spreadsheets.

Does AI remediation spell the end for developers in 2024?
In this Help Net Security video, Matias Madou, CTO at Secure Code Warrior, discusses how AI remediation unlocks new motivations among developers to demonstrate why the human element is still more valuable to the SDLC than relying on AI entirely.

NIST CSF 2.0 released, to help all organizations, not just those in critical infrastructure
The National Institute of Standards and Technology (NIST) has updated its widely utilized Cybersecurity Framework (CSF), a key document for mitigating cybersecurity risks.

Using AI to reduce false positives in secrets scanners
As development environments grow more complex, applications increasingly communicate with many external services.

Preparing for the NIS2 Directive
In this Help Net Security video, Rob Robinson, Head of Telstra Purple, EMEA, discusses why a patchwork approach to compliance won’t work.

CVE count set to rise by 25% in 2024
The report from Coalition indicates an anticipated 25% rise in the total count of published common vulnerabilities and exposures (CVEs) for 2024, reaching 34,888 vulnerabilities, equivalent to approximately 2,900 per month.

Inside the book: Androids – The Team That Built the Android Operating System
In this Help Net Security video, Chet Haase discusses his new book – “Androids: The Team that Built the Android Operating System.”

Understanding employees’ motivations behind risky actions
More 68% of employees knowingly put their organizations at risk, potentially leading to ransomware or malware infections, data breaches, or financial loss, according to Proofpoint.

Key areas that will define the intersection of AI and DevOps
In this Help Net Security video, Darren Richardson, Security Architect at Eficode, discusses what is top of mind for DevOps teams as they wrangle with new GenAI tools and growing compliance and regulations requirements.

The CISO’s guide to reducing the SaaS attack surface
SaaS sprawl introduces security risks, operational headaches, and eye-popping subscription costs. Download this guide to learn how to implement a strategic approach to reducing your SaaS attack surface without slowing down the business.

Infosec products of the month: February 2024
Here’s a look at the most interesting products from the past month, featuring releases from: Appdome, BackBox, Center for Internet Security, Cisco, CompliancePro Solutions, Cyberhaven, LOKKER, ManageEngine, Metomic, OPSWAT, Pindrop, ProcessUnity, Qualys, SentinelOne, Sumsub,Truffle Security, Vade Secure, and Varonis.

New infosec products of the week: March 1, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Legato Security, Exabeam, Spin.AI, and Viavi Solutions.

More about

Don't miss