Week in review: Exploited Citrix Bleed vulnerability, Atlassian patches critical Confluence bug


Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

AI threat landscape: Model theft and inference attacks emerge as top concerns
In this Help Net Security interview, Guy Guzner, CEO at Savvy, discusses the challenges and opportunities presented by in-house AI models, the security landscape surrounding them, and the future of AI cybersecurity.

A closer look at healthcare’s battle with AI-driven attacks
In this Help Net Security interview, Troy Hawes, Managing Director at Moss Adams, discusses how AI-powered cyberattacks affect healthcare organizations, the crucial role AI-powered predictive analytics can play in preempting cyber threats, and how healthcare organizations can protect their staff and patients from deception and exploitation.

KandyKorn macOS malware lobbed at blockchain engineers
North Korean hackers are using novel MacOS malware named KandyKorn to target blockchain engineers of a cryptocurrency exchange platform.

From Windows 9x to 11: Tracing Microsoft’s security evolution
In this Help Net Security interview, we feature security researcher Alex Ionescu, the co-author of Windows Internals, one of the founding employees of CrowdStrike, now running his consulting company, Winsider Seminars & Solutions, where he continues to do security research focusing on platform security.

How human behavior research informs security strategies
In this Help Net Security interview, Kai Roer, CEO at Praxis Security Labs, explores the theoretical underpinnings, practical implications, and the crucial role of human behavior in cybersecurity.

Citrix Bleed: Mass exploitation in progress (CVE-2023-4966)
CVE-2023-4966, aka “Citrix Bleed”, a critical information disclosure vulnerability affecting Citrix NetScaler ADC/Gateway devices, is being massively exploited by threat actors.

Atlassian patches critical Confluence bug, urges for immediate action (CVE-2023-22518)
Atlassian is urging enterprise administrators to update their on-premises Confluence Data Center and Server installations quickly to plug a critical security vulnerability (CVE-2023-22518) that could lead to “significant data loss if exploited by an unauthenticated attacker.”

MITRE ATT&CK v14 released
MITRE has released MITRE ATT&CK v14, the newest iteration of its popular investigation framework / knowledge base of tactics and techniques employed by cyber attackers.

F5 BIG-IP vulnerabilities leveraged by attackers: What to do?
The two BIG-IP vulnerabilities (CVE-2023-46747, CVE-2023-46748) F5 Networks has recently released hotfixes for are being exploited by attackers in the wild, the company has confirmed.

Attackers exploiting Apache ActiveMQ flaw to deliver ransomware (CVE-2023-46604)
Ransomware-wielding attackers are trying to break into servers running outdated versions of Apache ActiveMQ by exploiting a recently fixed vulnerability (CVE-2023-46604).

Microsoft launches new initiative to augment security
Nearly 22 years after Bill Gates announced a concerted Microsoft-wide push to deliver Trustworthy Computing, the company is launching the Secure Future Initiative, to boost the overall security of Microsoft’s products and its customers and users.

Google expands bug bounty program to cover AI-related threats
Google has expanded its bug bounty program, aka Vulnerability Rewards Program (VRP), to cover threats that could arise from Google’s generative AI systems.

F5 fixes critical BIG-IP vulnerability, PoC is public (CVE-2023-46747)
F5 Networks has released hotfixes for two vulnerabilities affecting its BIG-IP multi-purpose networking devices/modules, including a critical authentication bypass vulnerability (CVE-2023-46747) that could lead to unauthenticated remote code execution (RCE).

BiBi-Linux wiper targets Israeli companies
Attackers have started using new wiper malware called BiBi-Linux to attack Israeli companies and destroy their data.

The dangers of dual ransomware attacks
The FBI has recently warned about dual ransomware attacks, a new trend that involves criminals carrying out two or more attacks in close proximity to each other.

Finding the right approach to security awareness
In this Help Net Security video, Larry Zorio, CISO at Mark43, explains how security awareness and training is one of the most important controls you can focus on, and it’s really good hygiene for your company. It is a control that can span your company and create a cybersecurity-conscious culture.

Logging Made Easy: Free log management solution from CISA
CISA launched a new version of Logging Made Easy (LME), a straightforward log management solution for Windows-based devices that can be downloaded and self-installed for free.

Vulnerability management metrics: How to measure success
Without the right metrics, vulnerability management is pretty pointless. If you’re not measuring, how do you know it’s working? So how do you know what to focus on? The list is potentially endless, and it can be hard to know what’s really important.

How security observability can help you fight cyber attacks
In this Help Net Security video, Jack Coates, Senior Director of Product Management, Observe, discusses how security observability can give customers the power to identify attacks, the cost structure to afford security countermeasures, and the user experience to merge security use cases with operational use cases.

White House issues Executive Order for safe, secure, and trustworthy AI
President Biden issued a landmark Executive Order to ensure that America leads the way in seizing the promise and managing the risks of artificial intelligence (AI).

6 steps to accelerate cybersecurity incident response
Modern security tools continue to improve in their ability to defend organizations’ networks and endpoints against cybercriminals. But the bad actors still occasionally find a way in.

Why legacy system patching can’t wait
In this Help Net Security video, Joao Correia, Technical Evangelist of TuxCare, discusses a false sense of security, fear of change, and the complexity of outdated software can be daunting to well-meaning security professionals.

Companies scramble to integrate immediate recovery into ransomware plans
More than one-third of companies still do not have a well-rounded, holistic ransomware strategy in place, according to Zerto.

How cybercriminals adapt and thrive amidst changing consumer trends
In this Help Net Security video, Usman Choudhary, CPTO at VIPRE Security Group, discusses how cybercriminals modify their tactics to align with shifting consumer behaviors while taking advantage of technological advancements to carry out their activities and elude capture.

Ransomware attacks set to break records in 2023
Ransomware attacks continue at a record-breaking pace, with Q3 2023 global ransomware attack frequency up 11% over Q2 and 95% year-over-year (YoY), according to Corvus Insurance.

Cyber attacks cause revenue losses in 42% of small businesses
85% of small business leaders say they are ready to respond to a cyber incident despite a record-high 73% reporting an attack in 2023, according to Identity Theft Resource Center.

The hidden costs of data breaches for small businesses
Nearly 8 in 10 small business leaders admit they are anxious about the safety of their company’s sensitive data and information, according to Shred-it.

Product showcase: LayerX browser security extension
LayerX has developed a secure enterprise browser extension that can be mounted on any browser.

Infosec products of the month: October 2023
Here’s a look at the most interesting products from the past month, featuring releases from: Appdome, Arcitecta, AuditBoard, BackBox, Cloaked, ComplyCube, Darktrace, Data Theorem, Flexxon, Fortanix, Fortinet, Jumio, LogicMonitor, Malwarebytes, ManageEngine, Nutanix, Prevalent, Progress, SailPoint, Thales, Vanta, Veriff, and Wazuh.

New infosec products of the week: November 3, 2023
Here’s a look at the most interesting products from the past week, featuring releases from Action1, Enzoic, Immuta, and Snappt.



Source link