Week in review: Cybersecurity cheat sheets, widely exploited Cisco zero-day, KeePass-themed malvertising


Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

North Korean hackers are targeting software developers and impersonating IT workers
State-sponsored North Korean hackers have significantly intensified their focus on the IT sector in recent years, by infiltrating firms developing software and companies lookind for IT workers.

The collaborative power of CISOs, CTOs and CIOs for a secure future
In this Help Net Security interview, Phil Venables, CISO at Google Cloud, discusses the results of a recent Google report on board collaboration with the C-suite — particularly the CIO, CTO, and CISO to stay current with trends and prioritize security, rather than treating it as an afterthought.

The evolution of deception tactics from traditional to cyber warfare
In this Help Net Security interview, Admiral James A. Winnefeld, advisor to Acalvio Technologies, compares the strategies of traditional and cyber warfare, discusses the difficulty of determining the attack’s nature, addresses ethical dilemmas, and promotes collaboration and cooperation with allies, partners, and, in some cases, even adversaries.

The real impact of the cybersecurity poverty line on small organizations
In this Help Net Security interview, Brent Deterding, CISO at Afni, delves into the realities and myths surrounding the cybersecurity poverty line, exploring the role of budget, knowledge, and leadership.

DIY attack surface management: Simple, cost-effective and actionable perimeter insights
Modern-day attack surface management (ASM) can be an intimidating task for most organizations, with assets constantly changing due to new deployments, assets being decommissioned, and ongoing migrations to cloud providers.

Microsoft announces AI bug bounty program
Microsoft is offering up to $15,000 to bug hunters that pinpoint vulnerabilities of Critical or Important severity in its AI-powered “Bing experience”.

Compromised Skype accounts deliver DarkGate malware to employees
A threat actor is using compromised Skype accounts to deliver the DarkGate malware to target organizations, Trend Micro researchers have warned.

Cisco IOS XE zero-day exploited by attackers to deliver implant (CVE-2023-20198)
A previously unknown vulnerability (CVE-2023-20198) affecting networking devices running Cisco IOS XE software is being exploited by a threat actor to take control of the devices and install an implant, Cisco Talos researchers have warned today.

ELITEWOLF: NSA’s repository of signatures and analytics to secure OT
Cyber entities continue to show a persistent interest in targeting critical infrastructure by taking advantage of vulnerable OT assets. To counter this threat, NSA has released a repository for OT Intrusion Detection Signatures and Analytics to the NSA Cyber GitHub.

How to go from collecting risk data to actually reducing risk?
Organizations trying to cope with securing their expanding attack surfaces eventually find themselves at a crossroads: they need to move beyond finding risks to effectively mitigating risk.

Researchers warn of increased malware delivery via fake browser updates
ClearFake, a recently documented threat leveraging compromised WordPress sites to push malicious fake browser updates, is likely operated by the threat group behind the SocGholish “malware delivery via fake browser updates” campaigns, Sekoia researchers have concluded.

Valve introduces SMS-based confirmation to prevent malicious games on Steam
Video game publisher/digital distribution company Valve is forcing developers who publish games on its Steam platform to “validate” new builds with a confirmation code received via SMS.

10 essential cybersecurity cheat sheets available for free
Cheat sheets are concise, to-the-point references tailored for instant insights. This article provides a curated list of 10 essential cybersecurity cheat sheets, all free to download. Whether you’re seeking a quick refresher or a beginner trying to make sense of it all, these resources will help.

Jupyter Notebooks targeted by cryptojackers
Cryptojackers are targeting exposed Jupyter Notebooks to install cryptominers and steal credential files for popular cloud services, researchers have uncovered.

Citrix NetScaler bug exploited in the wild since August (CVE-2023-4966)
A recently patched Citrix NetScaler ADC/Gateway information disclosure vulnerability (CVE-2023-4966) has been exploited by attackers in the wild since late August 2023, Mandiant researchers have revealed.

State-sponsored APTs are leveraging WinRAR bug
A number of government-backed APTs are exploiting CVE-2023-38831, a file extension spoofing vulnerability in WinRAR, a widely used file archiver utility for Windows.

Reinforcing cybersecurity: The network’s role to prevent, detect, and respond to attacks
It’s always DNS. That’s what the famous internet meme popular among sysadmins says anyway. It’s funny because while clearly, every network issue doesn’t resolve to some funky DNS issue, too many network admins have banged their heads against their keyboard for hours only to find out that the culprit was indeed some DNS issue.

The must-knows about low-code/no-code platforms
The era of AI has proven that machine learning technologies have a unique and effective capability to streamline processes that alter the ways we live and work. We now have the option to listen to playlists carefully curated to match our taste by a “machine” that has analyzed our listening activity, or utilize GPS applications that can optimize routes within seconds.

Google ads for KeePass, Notepad++ lead to malware
Users using Google to search for and download the KeePass password manager and the Notepad++ text editor may have inadvertently gotten saddled with malware, says Jérôme Segura, Director of Threat Intelligence at Malwarebytes.

2024 cybersecurity predictions: GenAI edition
Unless you have lived under a rock for the past year, you know that generative artificial intelligence applications, such as ChatGPT, have penetrated many aspects of our online lives.

Google Play Protect takes on malicious apps with code-level scanning
Google is enhancing Google Play Protect’s real-time scanning to include code-level scanning, to keep Android devices safe from malicious and unwanted apps, especially those downloaded (or sideloaded) from outside of the Google Play app store – whether from third-party app stores or other sources.

CISOs and board members are finding a common language
86% of CISOs believe generative AI will alleviate skills gaps and talent shortages on the security team, filling labor-intensive and time-consuming security functions and freeing up security professionals to be more strategic, according to Splunk.

SMBs seek help as cyber threats reach an all-time high
Understanding the evolving threat landscape is the biggest cybersecurity challenge facing SMBs, including non-for-profit organizations – and more than half are calling for help to manage the risks, according to Sage.

How organizations can combat rising cloud costs with FinOps
In this Help Net Security video, Matt Barker, Global Head of Cloud Native Services at Venafi, discusses ways organizations can combat rising cloud costs with FinOps. Not only can implementing FinOps help save money, but it can help companies become more efficient and agile with their software.

Addressing cyber threats in healthcare operational technology
In this Help Net Security video, Estefanía Rojas Campos, OT Security Specialist at Entelgy Innotec Security, discusses securing cyber-physical environments and offers insight on ensuring cybersecurity in hospitals.

Essential cyber hygiene: Making cyber defense cost effective
Strengthening your cyber defenses can be a daunting task. Where do you start? Which tools do you use? How much will it cost? And, what do you risk losing if you do nothing? It’s not always easy to answer these questions, but in the absence of definitive answers, you may struggle to grow your cybersecurity maturity and leave yourself exposed to cyber attacks.

Webinar: Tackle compiler-born vulnerabilities
Join DerScanner and fortify your application security stance against compiler-induced vulnerabilities.

New infosec products of the week: October 20, 2023
Here’s a look at the most interesting products from the past week, featuring releases from Arcitecta, AuditBoard, BackBox, Prevalent, and Thales.



Source link