Week in review: Palo Alto firewalls mitigation ineffective, PuTTY client vulnerable to key recovery attack


Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation
While it initially seemed that protecting Palo Alto Network firewalls from attacks leveraging CVE-2024-3400 would be possible by disabling the devices’ telemetry, it has now been confirmed that this mitigation is ineffectual.

A critical vulnerability in Delinea Secret Server allows auth bypass, admin access
Organizations with on-prem installations of Delinea Secret Server are urged to update them immediately, to plug a critical vulnerability that may allow attackers to bypass authentication, gain admin access and extract secrets.

PuTTY vulnerability can be exploited to recover private keys (CVE-2024-31497)
A vulnerability (CVE-2024-31497) in PuTTY, a popular SSH and Telnet client, could allow attackers to recover NIST P-521 client keys due to the “heavily biased” ECDSA nonces (random values used once), researchers have discovered.

Ransomware in Q1 2024: Frequency, size of payments trending downwards, SMBs beware!
More organizations hit by ransomware gangs are starting to realize that it doesn’t pay to pay up: “In Q1 2024, the proportion of victims that chose to pay touched a new record low of 28%,” ransomware incident response firm Coveware has found.

Cybersecurity jobs available right now: April 17, 2024
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.

Geopolitical tensions escalate OT cyber attacks
In this Help Net Security interview, Andrew Ginter, VP of Industrial Security at Waterfall Security, discusses operational technology (OT) cyber attacks and their 2024 Threat Report.

AI set to enhance cybersecurity roles, not replace them
In this Help Net Security interview, Caleb Sima, Chair of CSA AI Security Alliance, discusses how AI empowers security pros, emphasizing its role in enhancing skills and productivity rather than replacing staff.

Thinking outside the code: How the hacker mindset drives innovation
Keren Elazari is an internationally recognized security analyst, author, and researcher. Since 2000, Keren has worked with leading Israeli security firms, government organizations, innovative start-ups, and Fortune 500 companies. She is the founder of BSidesTLV and Leading Cyber Ladies and a research fellow at Tel Aviv University.

Damn Vulnerable RESTaurant: Open-source API service designed for learning
Damn Vulnerable RESTaurant is an open-source project that allows developers to learn to identify and fix security vulnerabilities in their code through an interactive game.

Protobom: Open-source software supply chain tool
Protobom is an open-source software supply chain tool that enables all organizations, including system administrators and software development communities, to read and generate Software Bill of Materials (SBOMs), file data, and translate this data across standard industry SBOM formats.

LastPass users targeted by vishing attackers
The CryptoChameleon phishing kit is being leveraged by vishing attackers looking to trick LastPass users into sharing their master password.

Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204)
The newest version of Ivanti Avalanche – the company’s enterprise mobile device management (MDM) solution – carries fixes for 27 vulnerabilities, two of which (CVE-2024-29204, CVE-2024-24996) are critical and may allow a remote unauthenticated attacker to execute arbitrary commands on the underlying Windows system.

Cisco Duo provider breached, SMS MFA logs compromised
Hackers have managed to compromise a telephony provider for Duo, the Cisco-owned company providing secure access solutions, and steal MFA (multi-factor authentication) SMS message logs of Duo customers.

New open-source project takeover attacks spotted, stymied
The OpenJS Foundation has headed off a “credible takeover attempt” similar to the one that resulted in a backdoor getting included in the open-source XZ Utils package by someone who called themselves “Jia Tan”.

Who owns customer identity?
When I’m talking with prospective clients, I like to ask: which department owns customer identity? Everyone immediately looks towards a different team. While every team touches customer identity at some point, the teams that own it differ from organization to organization.

5 free red teaming resources to get you started
Here are some free red teaming resources to get you started.

The key pillars of domain security
In this Help Net Security video, Mark Flegg, Global Director of Security Services at CSC, discusses how CISOs often don’t view domains as a foundational component in their security starter plans.

How to protect IP surveillance cameras from Wi-Fi jamming
Gone are the days of criminals cutting camera wires to evade detection: with the proliferation of affordable internet-connected cameras, burglars must resort to Wi-Fi jamming.

Cheap ransomware for sale on dark web marketplaces is changing the way hackers operate
Since June 2023, Sophos X-Ops has discovered 19 junk gun ransomware variants — cheap, independently produced, and crudely constructed — on the dark web.

Enterprises face significant losses from mobile fraud
In this Help Net Security video, John Hughes, SVP, Head of Network Security Business Group at Enea, discusses how, despite advancements, most enterprises continue to incur losses due to mobile fraud, mainly through smishing and vishing.

Understanding next-level cyber threats
In this Help Net Security video, Trevor Hilligoss, VP of SpyCloud Labs, discusses the 2024 SpyCloud Identity Exposure Report, an annual report examining the latest trends in cybercrime and its impact.

Audio deepfakes: What they are, and the risks they present
In this Help Net Security video, Bogdan Botezatu, Director of Threat Research and Reporting at Bitdefender, discusses the growing trend of celebrity audio deepfakes.

Exposing the top cloud security threats
In this Help Net Security video, Michal Lewy-Harush, Aqua Security’s CIO, discusses the top cloud security threat global businesses.

eBook: Why CISSP?
As new cyber threats emerge daily in our connected world, there’s never been a greater urgency for cybersecurity professionals than now. What can CISSP certification do for you?

New infosec products of the week: April 19, 2024
Here’s a look at the most interesting products from the past week, featuring releases from IDnow, Immuta, Privacera, Redgate, ShadowDragon, and Tanium.



Source link