Week in review: Patched curl and libcurl vulnerability, 15 free M365 security training modules


Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Turning military veterans into cybersecurity experts
In this Help Net Security interview, James Murphy, the Director of the TechVets Programme at the Forces Employment Charity and member of Fortinet’s Veterans Program Advisory Council, discusses the challenges that military veterans face when transitioning from military to civilian life.

Unmasking the limitations of yearly penetration tests
In this Help Net Security interview, Charles d’Hondt, Head of Operations, Ambionics Security, talks about the necessity of implementing continuous penetration testing because yearly ones are not enough.

Exploit writers invited to probe Chrome’s V8 engine, Google Cloud’s KVM
Google is asking bug hunters and exploit writers to develop 0-day and n-day exploits in Chrome’s V8 JavaScript engine and Google Cloud’s Kernel-based Virtual Machine (KVM).

GNOME users at risk of RCE attack (CVE-2023-43641)
If you’re running GNOME on you Linux system(s), you are probably open to remote code execution attacks via a booby-trapped file, thanks to a memory corruption vulnerability (CVE-2023-43641) in the libcue library.

Microsoft fixes exploited WordPad, Skype for Business zero-days (CVE-2023-36563, CVE-2023-41763)
On this October 2023 Patch Tuesday, Microsoft has released 103 patches and has fixed three actively exploited vulnerabilities (CVE-2023-36563, CVE-2023-41763, CVE-2023-44487).

Curl project squashes high-severity bug in omnipresent libcurl library (CVE-2023-38545)
Curl v8.4.0 is out, and fixes – among other things – a high-severity SOCKS5 heap buffer overflow vulnerability (CVE-2023-38545).

Microsoft 365 email senders urged to implement SPF, DKIM and DMARC
In the wake of Google’s announcement of new rules for bulk senders, Microsoft is urging Microsoft 365 email senders to implement SPF, DKIM and DMARC email authentication methods.

Critical Atlassian Confluence vulnerability exploited by state-backed threat actor
A critical flaw in Atlassian Confluence Data Center and Server (CVE-2023-22515) has been exploited by a state-backed threat actor, Microsoft’s threat analysts have pinpointed.

Sic Permission Slip on data brokers that use your data
Permission Slip, an iPhone and Android app developed by Consumer Reports, helps users ask companies and data brokers to stop sharing their personal data and/or delete it.

Microsoft Defender can automatically contain compromised user accounts
The “contain user” feature select Microsoft Defender for Endpoint customers have been trying out since November 2022 is now available to a wider pool of organizations, Microsoft has announced.

Selective disclosure in the identity wallet: How users share the data that is really needed
Name, date of birth, address, email address, passwords, tax records, or payroll – all this sensitive user data is stored by companies in huge databases to identify individuals for digital services.

15 free Microsoft 365 security training modules worth your time
Managing Microsoft 365 can be difficult for many businesses, primarily regarding fortifying cybersecurity. Thankfully, there are complimentary Microsoft 365 security training modules.

Automotive cybersecurity: A decade of progress and challenges
In this Help Net Security video, Samantha Beaumont, Principal Security Consultant at IOActive, sheds light on the challenges and possible solutions to the cybersecurity threats that modern vehicles encounter.

Companies rethinking degree requirements for entry-level cybersecurity jobs
While the threat landscape is evolving for most on the front lines, little has changed in recent years, according to ISACA.

Why zero trust delivers even more resilience than you think
Ten years ago, zero trust was an exciting, innovative perspective shift that security experts were excited to explore; today, it’s more likely to be framed as an inevitable trend than as a mere option on the security menu.

Why security is the bedrock of success for mainframe projects
In this Help Net Security video, Petra Goude, Global Practice Leader for Core Enterprise & Cloud at Kyndryl, discusses how security is the most important factor in defining a customer’s transformation strategy.

Endpoint malware attacks decline as campaigns spread wider
Organizations that don’t inspect SSL/TLS traffic at the network perimeter are likely missing most malware.

Keeping up with the demands of the cyber insurance market
Although cyber insurance could still be considered a nascent area of the market, getting a policy is now a priority for many company boards to reduce any financial losses resulting from a security incident and reassure stakeholders and investors.

How cyber fusion is helping enterprises modernize security operations
In this Help Net Security video, Avkash Kathiriya, Sr. VP – Research and Innovation at Cyware, explains how cyber fusion is helping enterprises modernize their security operations and turn their SOC from reactive to proactive.

Cybersecurity pros predict rise of malicious AI
76% of cybersecurity professionals believe the world is very close to encountering malicious AI that can bypass most known cybersecurity measures, according to Enea.

Quantum risk is real now: How to navigate the evolving data harvesting threat
To secure data today from the risks of tomorrow, organizations need to take proactive measures in securing data against quantum risks.

Introducing the book: Irreducibly Complex Systems
In this Help Net Security video interview, David Hunt, CTO at Prelude, discusses his book – Irreducibly Complex Systems: An Introduction to Continuous Security Testing.

eBook: Cybersecurity career hacks for newcomers
Are you excited to pursue a cybersecurity career but unsure where to begin? Whether you’re a student, an incoming professional, or ready to work in a different field, the tried-and-tested career hacks in this eBook will help you get your start in cybersecurity.

Cloud security and functionality: Don’t settle for just one
The CIS Hardened Images are virtual machine images that are pre-hardened to the security recommendations of the CIS Benchmarks.

New infosec products of the week: October 13, 2023
Here’s a look at the most interesting products from the past week, featuring releases from Appdome, Flexxon, Fortanix, Fortinet, SailPoint, and Vanta.



Source link