Week in review: 0-days exploited in Palo Alto Networks firewalls, two unknown Linux backdoors identified


Week in review

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

2,000 Palo Alto Networks devices compromised in latest attacks
Attackers have compromised around 2,000 Palo Alto Networks firewalls by leveraging the two recently patched zero-days (CVE-2024-0012 and CVE-2024-9474), Shadowserver Foundation’s internet-wide scanning has revealed.

Researchers unearth two previously unknown Linux backdoors
ESET researchers have identified multiple samples of two previously unknown Linux backdoors: WolfsBane and FireWood.

ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps
ScubaGear is an open-source tool the Cybersecurity and Infrastructure Security Agency (CISA) created to automatically evaluate Microsoft 365 (M365) configurations for potential security gaps.

Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308)
Apple has released emergency security updates for macOS Sequoia that fix two zero-day vulnerabilities (CVE-2024-44309, CVE-2024-44308) that “may have been actively exploited on Intel-based Mac systems”.

The limits of AI-based deepfake detection
In this Help Net Security interview, Ben Colman, CEO of Reality Defender, discusses the challenges of detecting high-quality deepfakes in real-world applications.

Oracle patches exploited Agile PLM vulnerability (CVE-2024-21287)
Oracle has released a security patch for CVE-2024-21287, a remotely exploitable vulnerability in the Oracle Agile PLM Framework that is, according to Tenable researchers, being actively exploited by attackers.

Enhancing visibility for better security in multi-cloud and hybrid environments
In this Help Net Security interview, Brooke Motta, CEO of RAD Security, talks about how cloud-specific threats have evolved and what companies should be watching out for.

Active network of North Korean IT front companies exposed
An analysis of the websites belonging to companies that served as a front for getting North Korean IT workers remote jobs with businesses worldwide has revealed an active network of such companies originating in China.

Debunking myths about open-source security
In this Help Net Security interview, Stephanie Domas, CISO at Canonical, discusses common misconceptions about open-source security and how the community can work to dispel them.

GitHub Secure Open Source Fund: Project maintainers, apply now!
GitHub is calling on maintainers of open source projects to apply for the newly opened Secure Open Source Fund, to get funding and knowledge to improve the security and sustainability of their software.

Why AI alone can’t protect you from sophisticated email threats
In this Help Net Security interview, Riaz Lakhani, CISO at Barracuda Networks, discusses the effectiveness of AI-based behavioural analysis in combating sophisticated email threats like BEC and VEC.

Microsoft announces new and improved Windows 11 security features
Microsoft has implemented some and is working on delivering several other security-related features and improvements for Windows 11.

Transforming code scanning and threat detection with GenAI
In this Help Net Security interview, Stuart McClure, CEO of Qwiet AI, discusses the evolution of code scanning practices, highlighting the shift from reactive fixes to proactive risk management.

Microsoft plans to limit security products’ access to Windows kernel mode
Microsoft has announced the Windows Resiliency Initiative, aimed at avoiding a repeat of the prolonged worldwide IT outage caused by a buggy CrowdStrike update that took down millions of Windows machines by throwing them into a blue-screen-of-death (BSOD) loop and, in many cases, requiring a manual intervention to restore them.

Major security audit of critical FreeBSD components now available
The FreeBSD Foundation, in partnership with the Alpha-Omega Project, has released the results of an extensive security audit of two critical FreeBSD components: the bhyve hypervisor and the Capsicum sandboxing framework.

Five backup lessons learned from the UnitedHealth ransomware attack
The ransomware attack on UnitedHealth earlier this year is quickly becoming the healthcare industry’s version of Colonial Pipeline, prompting congressional testimony, lawmaker scrutiny and potential legislation. 

US charges five alleged members of Scattered Spider gang
Law enforcement unsealed criminal charges against five alleged members of Scattered Spider, who allegedly targeted employees of companies nationwide with phishing text messages and then used the harvested employee credentials to log in and steal non-public company data and information and to hack into virtual currency accounts to steal millions of dollars in cryptocurrency.

Why the NIS2 Directive causes growing pains for businesses
In this Help Net Security video, Dror Liwer, co-founder of Coro, discusses how the EU’s NIS2, its latest security directive for businesses, officially became enforceable recently. This means EU companies face more demanding requirements for internal cyber resilience strategies and practices.

Dev + Sec: A collaborative approach to cybersecurity
Security teams and developers must recognize that they are playing for the same team and share the same responsibilities and challenges and ultimately the same goal – delivering secure, top-tier products.

AxoSyslog: Open-source scalable security data processor
AxoSyslog is a syslog-ng fork, created and maintained by the original creator of syslog-ng, Balazs Scheidler, and his team.

Preventing credential theft in the age of AI
In this Help Net Security video, Dr. Tina Srivastava, PhD, MIT Lecturer and CEO of Badge, discusses a 20-year cryptography problem – using biometrics for authentication without storing a face/finger/voice print.

Navigating the compliance labyrinth: A CSO’s guide to scaling security
CSOs often need help enforcing policies and collaborating with internal teams when compliance is addressed too late or managed manually. Waiting until later in the company’s growth to tackle compliance can lead to disruptive changes in company culture and operational processes.

How and where to report cybercrime: What you need to know
Cybercrime reporting mechanisms vary across the globe, with each country offering different methods for citizens to report cybercrime, including online fraud, identity theft, and other cyber-related offenses.

Safeguarding the DNS through registries
In this Help Net Security video, Ram Mohan, Chief Strategy Officer at Identity Digital, discusses the role registries play in safeguarding the DNS and the collaborative efforts needed across sectors to combat these threats.

Google report shows CISOs must embrace change to stay secure
Google’s latest report, conducted in partnership with Hypothesis Group, reveals a stark reality for organizations: incremental security measures are no longer sufficient.

Cybersecurity jobs available right now: November 20, 2024
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.

Evaluating GRC tools
In this Help Net Security video, Joel Backaler, Director/Analyst, Risk Technology & Analytics at Gartner, discusses how ERM leaders consider several critical questions to determine which GRC solution tier best aligns with their needs.

Space tech giant Maxar confirms attackers accessed employee data
Satellite and space technology leader Maxar Space Systems has suffered a data breach.

Product showcase: Augmenting penetration testing with Plainsea
Through a seamless, centralized environment for pentesting that is combined with intelligent tools, Plainsea empowers penetration testers to concentrate on identifying security issues, rather than spending days or weeks on single-instance reports.

New infosec products of the week: November 22, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Aon, Arkose Labs, HiddenLayer, Hornetsecurity, Radware, and Tanium.



Source link

case studies

See More Case Studies

Contact us

Partner with Us for Comprehensive IT

We’re happy to answer any questions you may have and help you determine which of our services best fit your needs.

Your benefits:
What happens next?
1

We Schedule a call at your convenience 

2

We do a discovery and consulting meting 

3

We prepare a proposal 

Schedule a Free Consultation