Week in review: VPNs vulnerable to TunnelCrack attacks, Cybertech Africa 2023


Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Deception technology and breach anticipation strategies
In this Help Net Security interview, Xavier Bellekens, CEO of Lupovis, explains how the implementation of deception-as-a-service offers an extra layer of defense, aiding both the CISO and their team with early warning indicators of potential breaches.

Balancing telecom security, law enforcement, and customer trust
In this Help Net Security interview, Mark O’Neill, CTO at BlackDice Cyber, talks about collaboration, transparent policies, and a security-first mindset. As 5G and IoT emerge, robust measures and AI will navigate challenges and shape the telecom industry’s future.

How CISOs break down complex security challenges
In this Help Net Security interview, Kevin Paige, CISO at Uptycs, provides insights into how he navigates the complex cybersecurity landscape, striking a balance between technical expertise, effective communication, risk management, and adaptive leadership.

The road ahead for ecommerce fraud prevention
In this Help Net Security interview, Eduardo Mônaco, CEO at ClearSale, explains the complexities of ecommerce fraud, discussing the evolution of fraudster tactics, the effectiveness of social footprint analysis in confirming identity, the balance between fraud prevention and customer experience, and techniques to address more advanced fraud types.

Reinventing OT security for dynamic landscapes
From understanding the challenges of disparate OT protocols and the increasing convergence with IT to grappling with the monumental role of human error, our latest interview with Rohit Bohara, CTO at asvin, delves deep into the landscape of OT security.

Major vulnerabilities discovered in data center solutions
Researchers have discovered serious security vulnerabilities in two widely used data center solutions: CyberPower’s PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform and Dataprobe’s iBoot Power Distribution Unit (PDU).

Macs are getting compromised to act as proxy exit nodes
AdLoad, well-known malware that has been targeting systems running macOS for over half a decade, has been observed delivering a new payload that – unbeknown to the owners – enlisted their systems into a residential proxy botnet.
According to AT&T Alien Labs threat intelligence researchers, who analyzed over 150 samples of the malware they found in the wild, many devices are infected.

Almost all VPNs are vulnerable to traffic-leaking TunnelCrack attacks
Several vulnerabilities that affect most VPN products out there can be exploited by attackers to read user traffic, steal user information, or even attack user devices, researchers have discovered.

Ivanti Avalanche vulnerable to attack by unauthenticated, remote attackers (CVE-2023-32560)
Two stack-based buffer overflow bugs (collectively designated as CVE-2023-32560) have been discovered in Ivanti Avalanche, an enterprise mobility management solution.

(Re)check your patched NetScaler ADC and Gateway appliances for signs of compromise
Administrators of Citrix NetScaler ADC and Gateway appliances should check for evidence of installed webshells even if they implemented fixes for CVE-2023-3519 quickly: A recent internet scan by Fox-IT researchers has revealed over 1,800 backdoored NetScaler devices, 69% of which have been patched for the flaw.

LinkedIn users targeted in account hijacking campaign
LinkedIn users are being targeted in an ongoing account hijacking campaign, getting locked out of their accounts; the hacked accounts are held for ransom.

Phishers use QR codes to target companies in various industries
A phishing campaign using QR codes has been detected targeting various industries, with the aim to acquire Microsoft credentials.
The attack begins with victims receiving a phishing email containing a PNG of PDF attachment, prompting them to update Microsoft account security settings or add 2-factor authentication to their account by scanning a QR code.

Citrix ShareFile vulnerability actively exploited (CVE-2023-24489)
CVE-2023-24489, a critical Citrix ShareFile vulnerability that the company has fixed in June 2023, is being exploited by attackers.
GreyNoise has flagged on Tuesday a sudden spike in IP addresses from which exploitation attempts are coming, and the Cybersecurity and Infrastructure Agency (CISA) has added the vulnerability to its Known Exploited Vulnerabilities Catalog.

Zimbra users in Europe, Latin America face phishing threat
ESET researchers have uncovered a mass-spreading phishing campaign aimed at collecting Zimbra account users’ credentials.
The campaign has been active since at least April 2023 and is still ongoing. It targets are a variety of small and medium businesses and governmental entities.

Building a secure future without traditional passwords
In this Help Net Security round-up, we present segments from previously recorded videos in which security experts in the field share their perspectives on the future of passwordless authentication.

How manufacturers can navigate cybersecurity regulations amid NIST 2.0
In this Help Net Security video, Ahmik Hindman, Sr. Network & Security Solution Consultant at Rockwell Automation, discusses the evolving cybersecurity landscape and what the new cybersecurity framework could mean for manufacturers.

How threats to mid-sized businesses impact us all
In this Help Net Security video, Paul Cragg, CTO at NormCyber, discusses how organizations grapple with many cyber threats. For smaller in-house IT teams, distinguishing between minor events and genuine threats becomes an overwhelming challenge since even a single overlooked incident can lead to severe consequences.

SEC cybersecurity rules shape the future of incident management
In this Help Net Security video, Doug Barbin, President and National Managing Principal at Schellman, shares his perspective on what this means for enterprises moving forward.

Kubernetes clusters face widespread attacks across numerous organizations
In this Help Net Security video, Assaf Morag, Lead Threat Intelligence Analyst at Aqua Security, discusses research that discovered openly accessible and unprotected Kubernetes clusters belonging to more than 350 organizations, open-source projects, and individuals.

A closer look at the new TSA oil and gas pipeline regulations
In this Help Net Security video, Chris Warner, OT Senior Security Consultant at GuidePoint Security, discusses how these newly introduced provisions mandate pipeline owners and operators to proactively enhance their systems’ security and protect against potential cybersecurity threats in the oil and natural gas sector.

Ransomware: To pay or not to pay
Comprehensive security plans and programs must focus on defense, but also on answering these key question: “How will the organization respond to a ransomware attack?”, and “At what point will the option of paying the ransom be on the table?”

Why the “voluntary AI commitments” extracted by the White House are nowhere near enough
Representatives from Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and OpenAI recently convened at the White House for a meeting with President Biden with the stated mission of “ensuring the responsible development and distribution of artificial intelligence (AI) technologies”.

4 ways simulation training alleviates team burnout
Burnout is endemic in the cybersecurity industry, damaging the mental and physical health of cyber professionals and leaving organizations underskilled, understaffed, and overexposed to cyber risk as security leaders and team members leave for more promising career opportunities elsewhere or drop out of the industry entirely.

Product showcase: Free email security test by ImmuniWeb Community Edition
To help companies and organizations to quickly assess their exposure to email-related security, privacy and compliance risks, ImmuniWeb has recently enhanced its Community Edition with a free email security test available online.

Cybertech Africa 2023 marks the first gathering for innovation and networking in the region
Over a hundred speakers, dozens of businesses, organizations, and startups, innovation, tech, and cyber ecosystems, top-notch speakers, renowned universities, senior government officials, and thousands of attendees – C-level executives, decision-makers, and students – gathered for two days at Cybertech Africa 2023 to examine and share innovative solutions to cyber challenges facing the continent.

Navigating generative AI risks and regulatory challenges
The mass availability of generative AI, such as OpenAI’s ChatGPT and Google Bard, became a top concern for enterprise risk executives in the second quarter of 2023, according to Gartner.

Heavy workloads driving IT professionals to resign
A quarter of IT professionals are seriously contemplating leaving their current jobs within the next six months, potentially costing US companies upwards of 145 billion dollars, according to Ivanti.

Federal agencies gear up for zero trust executive order deadline
Federal agencies are prepared to meet the zero trust executive order requirements from the Biden Administration with just over a year until the deadline, according to Swimlane.

30% of phishing threats involve newly registered domains
Phishing remains the most dominant and fastest growing internet crime, largely due to the ubiquity of email and the ceaseless issue of human error that is preyed upon by today’s threat actors, according to Cloudflare.

New infosec products of the week: August 18, 2023
Here’s a look at the most interesting products from the past week, featuring releases from Action1, MongoDB, Bitdefender, SentinelOne and Netskope.



Source link