Week in review: Terrapin SSH attack, Mr. Cooper breach


Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Creating a formula for effective vulnerability prioritization
In this Help Net Security interview, Michael Gorelik, CTO and Head of Malware Research at Morphisec, provides insights into the business impact of vulnerabilities.

Subdominator: Open-source tool for detecting subdomain takeovers
Subdominator is a dependable and fast open-source command-line interface tool to identify subdomain takeovers.

EMBA: Open-source security analyzer for embedded devices
The EMBA open-source security analyzer is tailored as the central firmware analysis tool for penetration testers and product security groups.

SSH vulnerability exploitable in Terrapin attacks (CVE-2023-48795)
Security researchers have discovered a vulnerability (CVE-2023-48795) in the SSH cryptographic network protocol that could allow an attacker to downgrade the connection’s security by truncating the extension negotiation message.

MongoDB corporate systems breached, customer data exposed
Database management company MongoDB has suffered a breach: attackers have gained access to some of its corporate systems and customer data and metadata.

Qakbot returns in fresh assault on hospitality sector
The Qakbot botnet has been disrupted this summer, but cybercriminals are not ready to give up on the malware: Microsoft’s threat analysts have spotted a new phishing campaign attempting to deliver it to targets in the hospitality industry.

Microsoft is working on a more secure print system for Windows
After announcing a gradual elimination of third-party printer drivers on Windows earlier this year, Microsoft has now unveiled its plan for enhancing security by introducting Windows Protected Print Mode (WPP).

Mr. Cooper breach exposes sensitive info of over 14 million customers
Mortgage company Mr. Cooper has confirmed that personal information of over 14.6 million customers has been exposed in its October 2023 data breach.

Citrix Bleed leveraged to steal data of 35+ million Comcast Xfinity customers
Telecommunications company Comcast has confirmed a breach that exposed personal information of more than 35.8 million of Xfinity customers.

8220 gang exploits old Oracle WebLogic vulnerability to deliver infostealers, cryptominers
The 8220 gang has been leveraging an old Oracle WebLogic Server vulnerability (CVE-2020-14883) to distribute malware, the Imperva Threat Research team has found.

Correct bad network behavior to bolster application experience
Network performance defines how well an application runs and how happy a person who is using it is. That, in short, is what user experience (UX) and application experience (AX) are all about.

Wiz and Apiiro partner to provide context-driven security from code to cloud
In this Help Net Security video interview, John Leon, VP of Ecosystems & Partnerships at Apiiro, discusses how the partnership and technical integration enables Wiz and Apiiro to share prioritized security findings with context, including inventory, vulnerabilities, issues, and configuration findings.

Ransomware trends and recovery strategies companies should know
In this article, you will find excerpts from ransomware attacks surveys we covered in 2023.

The impact of prompt injection in LLM agents
As organizations move closer to adopting and integrating LLM-powered agents into real-world scenarios, there is the threat of attackers being able to transform an agent into a confused deputy via prompt injection and “jailbreak” techniques.

Supply chain emerges as major vector in escalating automotive cyberattacks
In this Help Net Security video, Jay Yaneza, Cybersecurity Architect at VicOne, discusses how, in the first half of the year, cyberattacks on the automotive sector caused losses exceeding $11 billion.

Information-blocking rule in 21st Century Cures Act redefines data exchange in healthcare
A Verato survey offers perspectives on the data management strategies of healthcare executives, highlighting the crucial role of Healthcare Master Data Management (hMDM) in addressing key gaps, facilitating seamless data exchange, and aligning with the mandates of the 21st Century Cures Act.

AI’s efficacy is constrained in cybersecurity, but limitless in cybercrime
One of the biggest issues in adopting AI-driven solutions in cybersecurity is trust-building. Many organizations are skeptical about security firms’ AI-powered products.

How executives adapt to rising cybersecurity concerns in mobile networks
In this Help Net Security video, Rowland Corr, VP & Head of Government Relations at Enea, discusses the implications of burner phones and the crisis of confidence in network operators as they struggle to protect consumers from sophisticated (usually state-sponsored) cyber threats.

Law enforcement seizes ALPHV/Blackcat sites, offers decryptor to victims
The US Justice Department announced today a disruption campaign against the Blackcat/ALPHV ransomware group and let victims know that there is a decryptor they can use.

Why data, AI, and regulations top the threat list for 2024
The new year finds us confronted by a landscape characterized by political uncertainty, social fragmentation, escalating geopolitical tensions, and a turbulent macro-economic backdrop, making it crucial for security leaders to strategically prepare for the forthcoming challenges.

A closer look at the manufacturing threat landscape
In this Help Net Security video, Kory Daniels, CISO at Trustwave, discusses recent comprehensive research highlighting the distinct cybersecurity threats confronting manufacturers.

86% of cyberattacks are delivered over encrypted channels
Threats over HTTPS grew by 24% from 2022, underscoring the sophisticated nature of cybercriminal tactics that target encrypted channels, according to Zscaler.

New insights into the global industrial cybersecurity landscape
In this Help Net Security video, William Noto, VP and Industry Principal for Claroty, discusses their recent global survey of 1,100 IT and OT security professionals who work in critical infrastructure sectors.

Are organizations moving away from passwords?
In this article, you will find excerpts from authentication surveys we covered in 2023. These findings will enable your organizations to prepare and craft better authentication strategies in the future.

11 GenAI cybersecurity surveys you should read
In this article, you will find excerpts from generative AI surveys we covered in 2023. These findings can help with future cybersecurity strategies.

Balancing AI’s promise with privacy and intellectual property concerns
In this article, you will find excerpts from AI surveys we covered in 2023. These surveys will give your organization insight into statistics that can help create AI security strategies moving forward.

Product showcase: ImmuniWeb AI Platform
ImmuniWeb AI Platform offers web and mobile penetration tests that one can easily configure, schedule and launch in few minutes.

Product showcase: DCAP solution FileAuditor for data classification and access rights audit
FileAuditor scans all file storages and checks them for compliance with security policies. It examines files’ names, directory they are kept in, reveals, which users have access to the files, and what’s the most important, it analyzes each files’ content.

New infosec products of the week: December 22, 2023
Here’s a look at the most interesting products from the past week, featuring releases from Argus Cyber Security, Cleafy, Kasada, and Stratus.



Source link