Week in review: PoCs allow persistence on Palo Alto firewalls, Okta credential stuffing attacks

Week in review

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgrades
There are proof-of-concept techniques allowing attackers to achieve persistence on Palo Alto Networks firewalls after CVE-2024-3400 has been exploited, the company has confirmed on Monday, but they are “not aware at this time of any malicious attempts to use these persistence techniques in active exploitation of the vulnerability.”

Microsoft, Google widen passkey support for its users
Since 2013, the first Thursday in May is marked as World Password Day, a day dedicated to raising awareness about the need for using strong, unique passwords to secure out digital lives.

Okta warns customers about credential stuffing onslaught
Credential stuffing attacks have exploded this April, Okta warns, and advises its customers to use available tools to block access requests originating from residential proxies before authentication takes place.

Understanding emerging AI and data privacy regulations
In this Help Net Security interview, Sophie Stalla-Bourdillon, Senior Privacy Counsel & Legal Engineer at Immuta, discusses the AI Act, the Data Act, and the Health Data Space Regulation.

Making cybersecurity more appealing to women, closing the skills gap
In this Help Net Security interview, Charly Davis, CCO at Sapphire, provides insights into the current challenges and barriers women face in the cybersecurity industry.

Triangulation fraud: The costly scam hitting online retailers
In this Help Net Security interview, Mike Lemberger, Visa’s SVP, Chief Risk Officer, North America, discusses the severe financial losses resulting from triangulation fraud, estimating monthly losses to range from $660 million to $1 billion among merchants.

Cybersecurity jobs available right now: May 1, 2024
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.

reNgine: Open-source automated reconnaissance framework for web applications
reNgine is an open-source automated reconnaissance framework for web applications that focuses on a highly configurable and streamlined recon process.

Tracecat: Open-source SOAR
Tracecat is an open-source automation platform for security teams. The developers believe security automation should be accessible to everyone, especially understaffed small- to mid-sized teams.

Prompt Fuzzer: Open-source tool for strengthening GenAI apps
Prompt Fuzzer is an open-source tool that evaluates the security of your GenAI application’s system prompt against dynamic LLM-based threats.

New SOHO router malware aims for cloud accounts, internal company resources
Cuttlefish, a new malware family that targets enterprise-grade small office/home office (SOHO) routers, is used by criminals to steal account credentials / secrets for AWS, CloudFlare, Docker, BitBucket, Alibaba Cloud and other cloud-based services.

Dropbox says attackers accessed customer and MFA info, API keys
File hosting service Dropbox has confirmed that attackers have breached the Dropbox Sign production environment and accessed customer personal and authentication information.

UK enacts IoT cybersecurity law
The Product Security and Telecommunications Infrastructure (PSTI) Act has come into effect today, requiring manufacturers of consumer-grade IoT products sold in the UK to stop using guessable default passwords and have a vulnerability disclosure policy.

What is cybersecurity mesh architecture (CSMA)?
Cybersecurity mesh architecture (CSMA) is a set of organizing principles used to create an effective security framework. Using a CSMA approach means designing a security architecture that is composable and scalable with easily extensible interfaces, a common data schema and well-defined interfaces and APIs for interoperability.

A closer look at Apiiro’s SHINE partner program
In this Help Net Security video, Adam LaGreca, Founder of 10KMedia, sat down with John Leon, VP of Partnerships at Apiiro, discusses the company’s new technology partner program SHINE.

Closing the cybersecurity skills gap with upskilling programs
The list of skills technologists and organizations need to succeed grows with each new tech advancement, according to Pluralsight. But for many organizations, budgets and staff continue to shrink.

Securing your organization’s supply chain: Reducing the risks of third parties
Responsibility over the safety of the data still resides with the proprietor, but when it leaves their infrastructure, suddenly they are depending on the security of their partners to keep it safe. This can put the data at risk and expose it to cyber theft.

AI is creating a new generation of cyberattacks
Most businesses see offensive AI fast becoming a standard tool for cybercriminals, with 93% of security leaders expecting to face daily AI-driven attacks, according to Netacea.

Why cloud vulnerabilities need CVEs
For vulnerability management teams who talk exclusively in this CVE-based construct, the lack of CVEs in cloud services is a significant challenge.

Building a strong cloud security posture
In this Help Net Security video, David Kellerman, Field CTO at Cymulate, discusses how cloud security still seems to lag even as the cloud grows in popularity and usage.

Essential steps for zero-trust strategy implementation
63% of organizations worldwide have fully or partially implemented a zero-trust strategy, according to Gartner.

Why the automotive sector is a target for email-based cyber attacks
In this Help Net Security video, Mick Leach, Field CISO at Abnormal Security, discusses why the automotive industry is the new most popular target for business email compromise and vendor email compromise attacks.

Researchers unveil novel attack methods targeting Intel’s conditional branch predictor
Researchers have found two novel types of attacks that target the conditional branch predictor found in high-end Intel processors, which could be exploited to compromise billions of processors currently in use.

How insider threats can cause serious security breaches
In this Help Net Security video, Tara Lemieux, CMMC Consultant for Redspin, discusses insider threats and the need for a shift in thinking from implied trust to verified trust, especially as it pertains to DoD employees and/or contractors handling critical information.

eBook: Do you have what it takes to lead in cybersecurity?
Organizations worldwide need talented, experienced, and knowledgeable cybersecurity teams who understand the advantages and risks of emerging technologies.

New infosec products of the week: May 3, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Appdome, Cybersixgill, Proofpoint, Secure Code Warrior, Snyk, and Synopsys.

More about

Don't miss