Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools


Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572)
For October 2024 Patch Tuesday, Microsoft has released fixes for 117 security vulnerabilities, including two under active exploitation: CVE-2024-43573, a spoofing bug affecting the Windows MSHTML Platform, and CVE-2024-43572, a remote code execution flaw in the Microsoft Management Console (MMC).

SOC teams are frustrated with their security tools
Security operations center (SOC) practitioners believe they are losing the battle detecting and prioritizing real threats – due to too many siloed tools and a lack of accurate attack signal, according to Vectra AI.

Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680)
Mozilla has pushed out an emergency update for its Firefox and Firefox ESR browsers to fix a vulnerability (CVE-2024-9680) that is being exploited in the wild.

EU adopts Cyber Resilience Act to secure connected products
The EU Council has adopted the Cyber Resilience Act (CRA), a new law that aims to make consumer products with digital components safe(r) to use.

Unlocking the power of cryptographic agility in a quantum world
In this Help Net Security interview, Glen Leonhard, Director of Key Management at Cryptomathic, discusses the role of cryptographic agility in mitigating risks posed by quantum computing.

Internet Archive data breach, defacement, and DDoS: Users’ data compromised
The Internet Archive has suffered a data breach, leading to the compromise of email addresses, screen names and bcrypt password hashes of some 31 million users.

Investing in Privacy by Design for long-term compliance
In this Help Net Security interview, Bojan Belušić, Head of Information Security & IT Operations at Microblink, discusses the relationship between Privacy by Design and regulatory frameworks like GDPR.

Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409)
If you run a self-managed GitLab installation with configured SAML-based authentication and you haven’t upgraded it since mid-September, do it now, because security researchers have published an analysis of CVE-2024-45409 and an exploit script that may help attackers gain access as any user on GitLab.

Balancing legal frameworks and enterprise security governance
In this Help Net Security interview, Tom McAndrew, CEO at Coalfire, discusses the balance organizations must strike between legal compliance and effective enterprise security governance in the context of evolving regulatory frameworks.

Ivanti fixes three CSA zero-days exploited in the wild (CVE-2024-9379, CVE-2024-9380, CVE-2024-9381)
Ivanti has patched three additional Cloud Service Appliance (CSA) zero-day flaws, which have been exploited by attackers in conjuction with a zero-day bug the company accidentally fixed in September.

Cultivating a security-first mindset: Key leadership actions
In this Help Net Security interview, Emily Wienhold, Cyber Education Specialist at Optiv, discusses how business leaders can promote a security-first culture within their organizations.

Qualcomm zero-day under targeted exploitation (CVE-2024-43047)
An actively exploited zero-day vulnerability (CVE-2024-43047) affecting dozens of Qualcomm’s chipsets has been patched by the American semiconductor giant.

How hybrid workforces are reshaping authentication strategies
In this Help Net Security interview, Brian Pontarelli, CEO at FusionAuth, discusses the evolving authentication challenges posed by the rise of hybrid and remote workforces.

American Water shuts down systems after cyberattack
American Water, the largest water and wastewater utility company in the US, has shut down some of its systems following a cyberattack.

Transforming cloud security with real-time visibility
In this Help Net Security interview, Amiram Shachar, CEO at Upwind, discusses the complexities of cloud security in hybrid and multi-cloud environments. He outlines the need for deep visibility into configurations and real-time insigh

Linux systems targeted with stealthy “Perfctl” cryptomining malware
Thousands of Linux systems are likely infected with the highly elusive and persistent “perfctl” (or “perfcc“) cryptomining malware and many others still could be at risk of getting compromised, Aqua Security researchers revealed last week.

Rspamd: Open-source spam filtering system
Rspamd is an open-source spam filtering and email processing framework designed to evaluate messages based on a wide range of rules, including regular expressions, statistical analysis, and integrations with custom services like URL blacklists.

Widening talent pool in cyber with on-demand contractors
Filling roles within the cyber sector is an ongoing battle. The shortfall of workers risks creating a vicious cycle within existing cyber teams: With fewer team members to spread the workload on, you risk burning out security professionals.

DORA regulation’s nuts and bolts
Dimitri Chichlo, CISO at BforeAI, sees firsthand nation-state attacks on banks and how they are setting up legitimate infrastructure to commit fraud. In this Help Net Security video, he discusses the DORA regulation’s nuts and bolts and what is at stake for financial institutions and ICT third-party service providers.

Websites are losing the fight against bot attacks
These statistics highlight the need for organizations to prioritize and strengthen their security measures against bot attacks.

The role of self-sovereign identity in enterprises
As personal data becomes increasingly commodified and centralized, the need for individuals to reclaim control over their identities has never been more urgent.

30% of customer-facing APIs are completely unprotected
70% of customer-facing APIs are secured using HTTPS, leaving nearly one-third of these APIs completely unprotected, according to F5.

The case for enterprise exposure management
For several years, external attack surface management (EASM) has been an important focus for many security organizations and the vendors that serve them.

YARA: Open-source tool for malware research
YARA is a powerful tool designed primarily to aid malware researchers in identifying and categorizing malware samples, though its applications are broader.

Cybersecurity jobs available right now: October 9, 2024
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.

What you need to know to select the right GRC framework, North American Edition
Governance, risk, and compliance (GRC) frameworks help professionals assess an organization’s risk posture, align technological initiatives with business goals, and ensure regulatory compliance. However, choosing the appropriate framework can be a complex and challenging task. Inside this North American guide (EU guide available here), you’ll find answers to these questions and more.

Webinar: ManageEngine Log360 product demo
Discover how ManageEngine Log360, a comprehensive SIEM solution empowers you to prevent internal security breaches, safeguard your network from external threats, protect sensitive data, and ensure compliance with stringent regulatory mandates.

Meet the shared responsibility model with new CIS resources
All CIS Foundations Benchmarks consist of 50–60 recommendations you can use to get started with security on your cloud service provider (CSP) platform. You can then build upon this foundation by using CIS Cloud Service Category Benchmarks.

How to setup passkeys in Apple Passwords app
Beginning with iOS 18, iPadOS 18, macOS Sequoia, and visionOS 2, the Passwords app allows you to manage your passwords, passkeys, and verification codes.

New infosec products of the week: October 11, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Action1, BreachLock, Commvault, Dashlane, Data Theorem, Edgio, Frontegg, and Qualys.



Source link