Week in review: Backdoor found in XZ utilities, weaponized iMessages, Exchange servers at risk

Week in review

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

XZ Utils backdoor update: Which Linux distros are affected and what can you do?
A vulnerability (CVE-2024-3094) in XZ Utils, the XZ format compression utilities included in most Linux distributions, may “enable a malicious actor to break sshd authentication and gain unauthorized access to the entire system remotely,” Red Hat warns.

Strengthening critical infrastructure cybersecurity is a balancing act
In this Help Net Security interview, Aaron Crow, Senior Director at MorganFranklin Consulting, discusses critical infrastructure cybersecurity strategies, barriers to threat information sharing, and innovative technologies enhancing resilience against cyberattacks.

Essential elements of a strong data protection strategy
In this Help Net Security interview, Matt Waxman, SVP and GM for data protection at Veritas Technologies, discusses the components of a robust data protection strategy, emphasizing the escalating threat of ransomware.

20 essential open-source cybersecurity tools that save you time
Here are 20 essential open-source cybersecurity tools that are freely available and waiting for you to include them in your arsenal.

Drozer: Open-source Android security assessment framework
Drozer is an open-source security testing framework for Android, whose primary purpose is to make the life of mobile application security testers easier.

Cybersecurity jobs available right now: March 27, 2024
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.

APT29 hit German political parties with bogus invites and malware
APT29 (aka Cozy Bear, aka Midnight Blizzard) has been spotted targeting German political parties for the first time, Mandiant researchers have shared.

Scammers steal millions from FTX, BlockFi claimants
Customers of bankrupt crypto platform BlockFi have been targeted with a very convincing phishing email impersonating the platform, asking them to connect their wallet to complete the withdrawal of remaining funds.

Apps secretly turning devices into proxy network nodes removed from Google Play
Your smartphone might be part of a proxy network, and you might not even know it: all it takes is for you to download apps whose developers have included the functionality and didn’t mention it.

17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns
Around 12% of the 45,000 or so Microsoft Exchange servers in Germany that can be accessed from the Internet without restrictions “are so outdated that security updates are no longer offered for them,” the German Federal Office for Information Security (BSI) has warned today.

Attackers leverage weaponized iMessages, new phishing-as-a-service platform
Scammers are leveraging the Darcula phishing-as-a-service platform, iMessages and Google Messages to great effect.

AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022)
Attackers are leveraging a vulnerability (CVE-2023-48022) in Anyscale’s Ray AI software to compromise enterprise servers and saddle them with cryptominers and reverse shells.

Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955)
The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-24955 – a code injection vulnerability that allows authenticated attackers to execute code remotely on a vulnerable Microsoft SharePoint Server – to its KEV catalog and is demanding that US federal civilian agencies implement the patch for it by April 16.

NHS Scotland confirms ransomware attackers leaked patients’ data
NHS Dumfries and Galloway (part of NHS Scotland) has confirmed that a “recognised ransomware group” was able to “access a significant amount of data including patient and staff-identifiable information,” and has published “clinical data relating to a small number of patients.”

Zero-day exploitation surged in 2023, Google finds
2023 saw attackers increasingly focusing on the discovery and exploitation of zero-day vulnerabilities in third-party libraries (libvpx, ImagelO) and drivers (Mali GPU, Qualcomm Adreno GPU), as they can affect multiple products and effectively offer more possibilities for attack.

Reinforcement learning is the path forward for AI integration into cybersecurity
AI’s algorithms and machine learning can cull through immense volumes of data efficiently and in a relatively short amount of time. This is instrumental to helping network defenders sift through a never-ending supply of alerts and identify those that pose a possible threat (instead of false positives).

How immersive AI transforms skill development
In this Help Net Security video, David Harris, Principal Generative AI Author at Pluralsight, discusses how a base-level understanding of key principles of AI and machine learning and developing soft skills like problem-solving should be prioritized throughout all levels of an organization.

8 cybersecurity predictions shaping the future of cyber defense
Among Gartner’s top predictions are the collapse of the cybersecurity skills gap and the reduction of employee-driven cybersecurity incidents through the adoption of generative AI (GenAI).

How security leaders can ease healthcare workers’ EHR-related burnout
Staff experiencing burnout in healthcare settings is not something that security leaders typically worry about – unless, maybe, it is the security team itself that is suffering from it.

How threat intelligence data maximizes business operations
In this Help Net Security video, Brandon Hoffman, Chief Strategy Officer at Intel 471, discusses how leaders can best leverage this information to grow their organization safely and efficiently.

Scams are becoming more convincing and costly
Scams directly targeting consumers continue to increase in both complexity and volume, according to Visa.

Debunking compliance myths in the digital era
Despite recent economic fluctuations, the software-as-a-service (SaaS) market isn’t letting up. The industry is set to grow annually by over 18% and be valued at $908.21 billion by 2030. It’s evident the industry is fueled by an increasing reliance on software and other digital services in the cloud.

Cybersecurity essentials during M&A surge
In this Help Net Security video, Craig Davies, CISO at Gathid, discusses why early due diligence is critical, how to plan for integration, and the most effective communication method to ensure success.

Scammers exploit tax season anxiety with AI tools
25% of Americans has lost money to online tax scams, according to McAfee.

How much does cloud-based identity expand your attack surface?
We all know using a cloud-based identity provider (IdP) expands your attack surface, but just how big does that attack surface get? And can we even know for sure?

How CISOs tackle business payment fraud
In this Help Net Security video, Shai Gabay, CEO of Trustmi, discusses why payments are a source of cyber worry for CISOs.

New infosec products of the week: March 29, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Bedrock Security, CyberArk, GitGuardian, Legit Security, and Malwarebytes.

More about

Don't miss