Week in review: CrowdStrike update causes widespread IT outage, critical Splunk Enterprise flaw


Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Faulty CrowdStrike update takes out Windows machines worldwide
Thousands and possibly millions of Windows computers and servers worldwide have been made inoperable by a faulty update of Crowdstrike Falcon Sensors, and the outage affected transport, broadcast, financial, retail and other organizations in Europe, Australia, the US and elsewhere. Here’s what we know.

Critical Splunk flaw can be exploited to grab passwords (CVE-2024-36991)
A recently fixed vulnerability (CVE-2024-36991) affecting Splunk Enterprise on Windows “is more severe than it initially appeared,” according to SonicWall’s threat researchers.

Critical Exim vulnerability facilitates malware delivery (CVE-2024-39929)
The maintainers of the Exim mail transfer agent (MTA) have fixed a critical vulnerability (CVE-2024-39929) that currently affects around 1.5 million public-facing servers and can help attackers deliver malware to users.

Laying the groundwork for zero trust in the military
In this Help Net Security interview, Curtis Arnold, VP and Chief Scientist at Core4ce, discusses the starting points for military training in zero trust principles, emphasizing foundational technologies and a unified taxonomy.

Overlooked essentials: API security best practices
In this Help Net Security, Ankita Gupta, CEO at Akto, discusses API security best practices, advocating for authentication protocols like OAuth 2.0 and OpenID Connect, strict HTTPS encryption, and the use of JWTs for stateless authentication.

Managing exam pressure: Tips for certification preparation
In this Help Net Security interview, Seth Hodgson, SVP of Engineering at Udemy, discusses effective study techniques for cybersecurity certification exams.

Discover the growing threats to data security
In this Help Net Security interview, Pranava Adduri, CEO at Bedrock Security, discusses how businesses can identify and prioritize their data security risks.

SubSnipe: Open-source tool for finding subdomains vulnerable to takeover
SubSnipe is an open-source, multi-threaded tool to help find subdomains vulnerable to takeover.

Realm: Open-source adversary emulation framework
Realm is an open-source adversary emulation framework emphasizing scalability, reliability, and automation.

FIN7 sells improved EDR killer tool
The cybercrime-focused enterprise known as FIN7 (aka the Carbanak group) has come up with yet another trick to assure the effectiveness of its “EDR killer” tool, dubbed AvNeutralizer (i.e., AuKill) by researchers.

Cisco fixes critical flaws in Secure Email Gateway and SSM On-Prem (CVE-2024-20401, CVE-2024-20419)
Cisco has fixed two critical vulnerabilities that may allow attackers to overwrite files on its Secure Email Gateways (CVE-2024-20401) and change the password of any user on its Smart Software Manager On-Prem license servers (CVE-2024-20419).

Void Banshee APT exploited “lingering Windows relic” in zero-day attacks
The zero-day exploit used to leverage CVE-2024-38112, a recently patched Windows MSHTML vulnerability, was wielded by an APT group dubbed Void Banshee to deliver malware to targets in North America, Europe, and Southeast Asia, threat hunters with Trend Micro’s Zero Day Initiative have shared.

SYS01 info-stealer pushed via Facebook ads, LinkedIn and YouTube posts
Malicious Google ads are a well known threat, but malvertising can also be found on other popular online destinations such as Facebook, LinkedIn, and YouTube.

GenAI network acceleration requires prior WAN optimization
WAN optimization can significantly enhance AI acceleration by improving data transfer speeds, reducing latency, and optimizing the use of network resources, thus ensuring faster response times.

Signatures should become cloud security history
In this Help Net Security video, Jimmy Mesta, CTO at RAD Security, discusses a new proposed standard for creating behavioral fingerprints of open-source image behavior at runtime.

Major data breaches that have rocked organizations in 2024
This article provides an overview of the major data breaches we covered in 2024 so far, highlighting incidents involving Trello, AnyDesk, France Travail, Nissan, MITRE, Dropbox, BBC Pension Scheme, TeamViewer, Advance Auto Parts, and AT&T.

Fighting AI-powered synthetic ID fraud with AI
Aided by the emergence of generative artificial intelligence models, synthetic identity fraud has skyrocketed, and now accounts for a staggering 85% of all identity fraud cases.

Encrypted traffic: A double-edged sword for network defenders
In this Help Net Security video, Peter Manev, Chief Strategy Officer, Stamus Networks, believes a balance can be struck between using encrypted traffic and allowing network defenders to identify threats and respond – without decrypting traffic and introducing new privacy concerns.

Cybersecurity jobs available right now: July 17, 2024
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.

ChatGPTriage: How can CISOs see and control employees’ AI use?
It’s been less than 18 months since the public introduction of ChatGPT, which gained 100 million users in less than two months. Given the hype, you would expect enterprise adoption of generative AI to be significant, but it’s been slower than many expected.

Paris 2024 Olympics to face complex cyber threats
While previous Olympic games have faced cybersecurity threats, the Games of the XXXIII Olympiad, also known as Paris 2024, will see the largest number of threats, the most complex threat landscape, the largest ecosystem of threat actors, and the highest degree of ease for threat actors to execute attacks, according to IDC.

Risk related to non-human identities: Believe the hype, reject the FUD
The hype surrounding unmanaged and exposed non-human identities (NHIs), or machine-to-machine credentials – such as service accounts, system accounts, certificates and API keys – has recently skyrocketed.

Most GitHub Actions workflows are insecure in some way
Most GitHub Actions are susceptible to exploitation; they are overly privileged or have risky dependencies, according to Legit Security.

Pressure mounts for C-Suite executives to implement GenAI solutions
87% of C-Suite executives feel under pressure to implement GenAI solutions at speed and scale, according to RWS.

eBook: How CISSP turns career goals into reality
CISSP carries clout. As the world’s leading cybersecurity certification, it opens many professional opportunities worldwide. Find out what led 14 successful CISSPs around the globe to a career in cybersecurity.

New infosec products of the week: July 19, 2024
Here’s a look at the most interesting products from the past week, featuring releases from AuditBoard, BlueVoyant, Druva, Invicti Security, and Rezonate.



Source link