Week in review: Attackers use phishing emails to steal NTLM hashes, Patch Tuesday forecast

Week in review

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

What organizations need to know about the Digital Operational Resilience Act (DORA)
In this Help Net Security interview, Kris Lovejoy, Global Security and Resilience Leader at Kyndryl, discusses the impact of the Digital Operational Resilience Act (DORA) on organizations across the EU, particularly in ICT risk management and cybersecurity.

Leveraging AI and automation for enhanced cloud communication security
In this Help Net Security interview, Sanjay Macwan, CIO and CISO at Vonage, addresses emerging threats to cloud communications and the role of AI and automation in cybersecurity.

OpenARIA: Open-source edition of the Aviation Risk Identification and Assessment (ARIA)
MITRE now offers an open-source version of its Aviation Risk Identification and Assessment (ARIA) software suite, OpenARIA.

RiskInDroid: Open-source risk analysis of Android apps
RiskInDroid (Risk Index for Android) is an open-source tool for quantitative risk analysis of Android applications based on machine learning techniques.

PyRIT: Open-source framework to find risks in generative AI systems
Python Risk Identification Tool (PyRIT) is Microsoft’s open-source automation framework that enables security professionals and machine learning engineers to find risks in generative AI systems.

Cisco patches Secure Client VPN flaw that could reveal authentication tokens (CVE-2024-20337)
Cisco has fixed two high-severity vulnerabilities affecting its Cisco Secure Client enterprise VPN and endpoint security solution, one of which (CVE-2024-20337) could be exploited by unauthenticated, remote attackers to grab users’ valid SAML authentication token.

Web-based PLC malware: A new potential threat to critical infrastructure
A group of researchers from Georgia Tech’s College of Engineering have developed web-based programmable logic controller (PLC) malware able to target most PLCs produced by major manufacturers.

Apple fixes two actively exploited iOS zero-days (CVE-2024-23225, CVE-2024-23296)
Apple has fixed two iOS zero-day vulnerabilities (CVE-2024-23225, CVE-2024-23296) exploited by attackers in the wild.

Hundreds of orgs targeted with emails aimed at stealing NTLM authentication hashes
A threat actor specializing in establishing initial access to target organizations’ computer systems and networks is using booby-trapped email attachments to steal employees’ NTLM hashes.

Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199)
JetBrains has fixed two critical security vulnerabilities (CVE-2024-27198, CVE-2024-27199) affecting TeamCity On-Premises and is urging customers to patch them immediately.

GitHub push protection now on by default for public repositories
GitHub push protection – a security feature aimed at preventing secrets such as API keys or tokens getting accidentally leaked online – is being switched on by default for all public repositories.

Securing software repositories leads to better OSS security
Malicious software packages are found on public software repositories such as GitHub, PyPI and the npm registry seemingly every day.

Immediate AI risks and tomorrow’s dangers
“At the most basic level, AI has given malicious attackers superpowers,” Mackenzie Jackson, developer and security advocate at GitGuardian, told the audience last week at Bsides Zagreb.

VMware patches critical flaws in ESXi, Workstation, Fusion and Cloud Foundation
VMware has fixed four vulnerabilities (CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255) in ESXi, Workstation, Fusion and Cloud Foundation, some of which could allow attackers to escape the sandbox and execute code on the host machine.

Phishers target FCC, crypto holders via fake Okta SSO pages
A new phishing campaign is using fake Okta single sign-on (SSO) pages for the Federal Communications Commission (FCC) and for various cryptocurrency platforms to target users and employees, Lookout researchers have discovered.

Why cyber maturity assessment should become standard practice
Understanding risk is one thing, but how do you know if your organization has what it takes to withstand those risks being realized?

Integrating software supply chain security in DevSecOps CI/CD pipelines
In this Help Net Security video, Henrik Plate, Security Researcher at Endor Labs, talks about this report, which provides actionable measures to integrate the various building blocks of software supply chain security assurance into CI/CD pipelines to enhance the preparedness of organizations to address supply chain security in the development and deployment of cloud-native applications.

New compensation trends in the cybersecurity sector
For several years, cybersecurity leaders have grappled with talent shortages in crucial cyber roles. In the face of escalating financial requirements and expanding responsibilities, these leaders are under heightened pressure to achieve more with fewer resources, creating roles encompassing multiple security functions.

5 ways to keep API integrations secure
API integrations often handle sensitive data, such as employees’ personally identifiable information (PII), companies’ financial information, or even clients’ payment card data.

Secure your hybrid workforce: The advantages of encrypted storage
In this Help Net Security video, Ryan Amparo, Field Application Engineer at Kingston Technology, discusses the benefits of encrypted external SSDs and USBs for hybrid workforces.

Organizations are knowingly releasing vulnerable applications
92% of companies had experienced a breach in the prior year due to vulnerabilities of applications developed in-house, according to Checkmarx.

March 2024 Patch Tuesday forecast: A popular framework updated
Microsoft is starting to push users to update their operating systems as their active version is approaching end-of-support.

Navigating regulation challenges for protecting sensitive healthcare data
In this Help Net Security video, Chris Bowen, CISO at ClearDATA, emphasizes the importance of digital health companies being more transparent with their users.

AI tools put companies at risk of data exfiltration
Data loss from insiders continues to pose a growing threat to security, with emerging technologies such as AI and generative AI (GenAI) only compounding the issue, indicating swift action is needed, according to Code42.

Major shifts in identity, ransomware, and critical infrastructure threat trends
In this Help Net Security video, Michelle Alvarez, Strategic Threat Analysis Manager at IBM X-Force, discusses the 2024 X-Force Threat Intelligence Index, revealing top threats and trends the team observed last year across its global engagements and how these shifts are forming the threat landscape in 2024 and beyond.

95% believe LLMs making phishing detection more challenging
More than 95% of responding IT and security professionals believe social engineering attacks have become more sophisticated in the last year, according to LastPass.

Securing the future: Addressing cybersecurity challenges in the education sector
In this Help Net Security video, Kory Daniels, CISO at Trustwave, shines a light on the impact the current threat environment can have for both universities and students.

How to create an efficient governance control program
Your success as an organization, especially in the cyber realm, depends on your security posture. To account for the ongoing evolution of digital threats, you need to implement robust governance control programs that address the current control environment and help you to prepare for the future risk environment.

A cybercriminal is sentenced, will it make a difference?
On January 10, a French citizen was sentenced to 3 years in prison plus a fine of $5 million. He had pleaded guilty to conspiracy to commit wire fraud and aggravated identity theft. The 22-year-old had originally faced 29 years behind bars.

Photos: BSidesZagreb 2024
BSidesZagreb is a complimentary, non-profit conference driven by community participation, designed for information security professionals and enthusiasts to gather, exchange ideas, and collaborate. Help Net Security sponsored the 2024 edition that took place on March 1, and here are photos from the event.

New infosec products of the week: March 8, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Check Point, Delinea, Pentera, and Sentra.


Subscribe to the Help Net Security breaking news e-mail alerts:

More about

Don't miss