Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast


Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

October 2024 Patch Tuesday forecast: Recall can be recalled
October arrived, and Microsoft started the month by announcing the release of Windows 11 24H2. The preview versions of this release have been in the news due to many innovations and one controversial feature.

Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519)
Attackers are actively exploiting CVE-2024-45519, a critical Zimbra vulnerability that allows them to execute arbitrary commands on vulnerable installations.

100+ domains seized to stymie Russian Star Blizzard hackers
Microsoft and the US Justice Department have seized over 100 domains used by Star Blizzard, a Russian nation-state threat actor.

Best practices for implementing threat exposure management, reducing cyber risk exposure
In this Help Net Security interview, Sanaz Yashar, CEO at Zafran, discusses the role of threat exposure management (TEM) in modern cybersecurity strategies.

Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824)
CVE-2024-29824, an unauthenticated SQL Injection vulnerability in Ivanti Endpoint Manager (EPM) appliances, is being exploited by attackers, the Cybersecurity and Infrastructure Security Agency has confirmed by adding the bug to its Known Exploited Vulnerabilities catalog.

Spotting AI-generated scams: Red flags to watch for
In this Help Net Security interview, Andrius Popovas, Chief Risk Officer at Mano Bank, discusses the most prevalent AI-driven fraud schemes, such as phishing attacks and deepfakes.

CUPS vulnerabilities could be abused for DDoS attacks
While the Common UNIX Printing System (CUPS) vulnerabilities recently disclosed by researcher Simone “evilsocket” Margaritelli are not easily exploited for remote command execution on vulnerable systems, they could offer more opportunity to attackers who engage in DDoS attacks, Akamai threat researchers have discovered.

Enhancing firewall management with automation tools
In this Help Net Security interview, Raymond Brancato, CEO at Tufin, discusses the considerations organizations must weigh when selecting a next-generation firewall to effectively balance security needs with network performance.

Private US companies targeted by Stonefly APT
Undeterred by the indictment issued against one of its alleged members, North Korean APT group Stonefly (aka APT45) continues to target companies in the US, Symantec threat analysts warned.

Reducing credential complexity with identity federation
In this Help Net Security interview, Omer Cohen, Chief Security Officer at Descope, discusses the impact of identity federation on organizational security and user experience.

4 new LockBit-related arrests, identities of suspected Evil Corp members, affiliates revealed
The third phase of Operation Cronos, which involved officers from the UK National Crime Agency (NCA), the FBI, Europol and other law enforcement agencies, has resulted in the arrest of four persons for allegedly participating in the LockBit ransomware-as-a-service operation in various roles.

Businesses turn to private AI for enhanced security and data management
In this Help Net Security interview, Joe Baguley, CTO EMEA at Broadcom, shares insights on private AI and its significance in data security.

Use Windows event logs for ransomware investigations, JPCERT/CC advises
The JPCERT Coordination Center – the first Computer Security Incident Response Team established in Japan – has compiled a list of entries in Windows event logs that could help enterprise defenders respond to human-operated ransomware attacks and potentially limit the malware’s damage.

Suricata: Open-source network analysis and threat detection
Suricata is an open-source network intrusion detection system (IDS), intrusion prevention system (IPS), and network security monitoring engine.

Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts
Storm-0501, an affiliate of several high-profile ransomware-as-a-service outfits, has been spotted compromising targets’ cloud environments and on-premises systems.

SCCMSecrets: Open-source SCCM policies exploitation tool
SCCMSecrets is an open-source tool that exploits SCCM policies, offering more than just NAA credential extraction.

Microsoft revised the controversial Copilot+ Recall feature
Microsoft has made changes to Recall – the screenshot-taking, AI-powered search feature for Copilot+ PCs running Windows 11 – to reassure users worried about security and privacy.

Three hard truths hindering cloud-native detection and response
According to Gartner, the market for cloud computing services is expected to reach $675 billion in 2024. Companies are shifting from testing the waters of cloud computing to making substantive investments in cloud-native IT, and attackers are shifting with them.

What bots mean for businesses and consumers
In this Help Net Security video, Antoine Vastel, VP of Research at DataDome, explains what bots mean for businesses and consumers online.

Password management habits you should unlearn
In this article, find out more about the most prevalent authentication practices, their associated risks, and the necessity of implementing stronger security measures.

3 easy microsegmentation projects
A software approach to network microsegmentation is the best way to increase network resilience against both external security breaches and malicious inside threats

Open source maintainers: Key to software health and security
In this Help Net Security video, Donald Fischer, CEO at Tidelift, discusses the 2024 State of the Open Source Maintainer report, which provides insights into the work and mindset of open source maintainers.

The most common authentication method is also the least secure
Despite the rise in cyber threats, many people do not have a holistic view of security, according to Yubico.

Could APIs be the undoing of AI?
Application programming interfaces (APIs) are essential to how generative AI (GenAI) functions with agents (e.g., calling upon them for data). But the combination of API and LLM issues coupled with rapid rollouts is likely to see numerous organizations having to combat security failings.

Cybersecurity hiring slows, pros’ stress levels rise
66% of cybersecurity professionals say their role is more stressful now than it was five years ago, according to ISACA.

Cybersecurity jobs available right now: October 2, 2024
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.

How to use the Apple Passwords app
The latest Apple OS updates (iOS 18, iPadOS 18, macOS Sequoia) have introduced a standalone Passwords app, to make users’ passwords, passkeys, Wi-Fi passwords, and verification codes easily accessible.

Whitepaper: Reach higher in your career with cloud security
The cybersecurity skills gap presents ongoing challenges worldwide, so organizations are scrambling to fill cloud security positions. Having a subject matter expert on staff qualified to advise on cloud security requirements is more important now than ever.

Infosec products of the month: September 2024
Here’s a look at the most interesting products from the past month, featuring releases from: Absolute, anecdotes, ArmorCode, Binarly, Bitdefender, Druva, F5 Networks, Gcore, Guardsquare, Huntress, Ketch, LOKKER, Malwarebytes, NETGEAR, Nudge Security, Prompt Security, Rapid7, Revenera, Skyhigh Security, Strivacity, Tenable, Trellix, Vanta, Veritas Technologies, and Wing Security.

New infosec products of the week: October 4, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Balbix, Halcyon, Metomic, Red Sift, SAFE Security, Veeam Software, and Legit Security.



Source link