Written by 3:01 pm AI, AI problems, AI Threat, Latest news

### Recap: Phishing Emails Exploit NTLM Hashes in Cyber Attacks & Patch Tuesday Preview

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: W…

Highlights of Last Week’s Noteworthy News, Articles, Interviews, and Videos

  • Insights on the Digital Operational Resilience Act (DORA) for Organizations
    Kris Lovejoy, the Global Security and Resilience Leader at Kyndryl, delves into the implications of the Digital Operational Resilience Act (DORA) on EU organizations, emphasizing ICT risk management and cybersecurity preparedness.

  • Enhancing Cloud Communication Security with AI and Automation
    Sanjay Macwan, the CIO and CISO at Vonage, sheds light on leveraging AI and automation to bolster security in cloud communications amidst evolving threats.

  • OpenARIA: MITRE’s Open-Source Aviation Risk Assessment Tool
    MITRE introduces OpenARIA, an open-source iteration of its Aviation Risk Identification and Assessment (ARIA) software suite.

  • RiskInDroid: Analyzing Risks in Android Apps
    Explore RiskInDroid, an open-source tool utilizing machine learning techniques for quantitative risk analysis of Android applications.

  • PyRIT: Identifying Risks in Generative AI Systems
    Microsoft’s Python Risk Identification Tool (PyRIT) offers an open-source framework empowering security experts and ML engineers to identify risks in generative AI systems effectively.

  • Critical Cisco VPN Vulnerability Patched
    Cisco addresses high-severity vulnerabilities, including CVE-2024-20337, in its Secure Client VPN solution, preventing potential exploitation by remote attackers.

  • Web-Based PLC Malware Threatens Critical Infrastructure
    Researchers from Georgia Tech develop web-based PLC malware capable of targeting major manufacturers’ programmable logic controllers, posing a significant threat to critical infrastructure.

  • Apple Mitigates Actively Exploited iOS Zero-Days
    Apple resolves two actively exploited iOS zero-day vulnerabilities (CVE-2024-23225, CVE-2024-23296) to safeguard users from malicious attacks.

  • NTLM Authentication Hash Theft via Targeted Email Campaigns
    Threat actors employ booby-trapped email attachments to pilfer NTLM hashes from employees, aiming to gain unauthorized access to organizations’ computer systems.

  • Urgent Patch for Critical TeamCity JetBrains Vulnerabilities
    JetBrains swiftly addresses critical security vulnerabilities (CVE-2024-27198, CVE-2024-27199) in TeamCity On-Premises, urging prompt patching to mitigate potential risks.

  • GitHub Enhances Security with Default Push Protection
    GitHub activates push protection by default for all public repositories, fortifying security measures to prevent inadvertent exposure of sensitive information like API keys.

  • Significance of Software Repository Security for OSS
    Emphasizing the importance of securing software repositories like GitHub, PyPI, and npm registry to mitigate the prevalence of malicious software packages.

  • AI’s Immediate and Future Risks
    Mackenzie Jackson highlights the transformative power of AI for malicious actors, underscoring the pressing need for robust cybersecurity measures in the face of evolving threats.

  • VMware Addresses Critical Flaws Across Multiple Platforms
    VMware patches critical vulnerabilities (CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255) in ESXi, Workstation, Fusion, and Cloud Foundation to prevent potential code execution exploits.

  • Phishing Campaigns Target FCC and Crypto Holders
    A new phishing scheme utilizes fake Okta SSO pages to target users on platforms like the Federal Communications Commission and various cryptocurrency exchanges, posing a significant security risk.

  • Importance of Cyber Maturity Assessment
    Delving into the necessity of cyber maturity assessment as a standard practice to gauge organizations’ resilience against evolving cybersecurity threats.

  • Securing API Integrations for Data Protection
    Highlighting five key strategies to ensure the security of API integrations handling sensitive data such as PII, financial information, and payment card details.

  • Advantages of Encrypted Storage for Hybrid Workforces
    Ryan Amparo from Kingston Technology explores the benefits of encrypted external SSDs and USBs in securing data for hybrid work environments.

  • Challenges of Releasing Vulnerable Applications
    Checkmarx reveals that 92% of companies experienced breaches due to vulnerabilities in in-house applications, underscoring the critical need for robust security measures.

  • Microsoft’s March 2024 Patch Tuesday Forecast
    Microsoft urges users to update their operating systems as the active version nears end-of-support, emphasizing the importance of timely security updates.

  • Navigating Healthcare Data Protection Regulations
    Chris Bowen, the CISO at ClearDATA, stresses the significance of transparency in digital health companies to navigate regulatory challenges and protect sensitive healthcare data effectively.

  • AI Tools and Data Exfiltration Risks
    Code42 warns of the escalating threat of data exfiltration, especially from insiders, exacerbated by emerging technologies like AI and generative AI, necessitating proactive security measures.

  • Shifts in Identity, Ransomware, and Critical Infrastructure Threat Trends
    Michelle Alvarez from IBM X-Force delves into the evolving threat landscape, highlighting key trends observed in 2024 and their implications for future cybersecurity strategies.

  • Sophistication of Social Engineering Attacks
    LastPass reports that over 95% of IT and security professionals perceive a rise in the sophistication of social engineering attacks, posing a formidable challenge to phishing detection.

  • Cybersecurity Challenges in the Education Sector
    Kory Daniels, the CISO at Trustwave, addresses the impact of evolving threat landscapes on universities and students, emphasizing the need for proactive cybersecurity measures.

  • Establishing an Effective Governance Control Program
    Highlighting the critical role of robust governance control programs in fortifying organizations’ security posture against evolving digital threats and ensuring readiness for future risks.

  • Impact of Cybercriminal Sentencing
    An overview of a cybercriminal’s sentencing, underscoring the consequences of wire fraud and aggravated identity theft, shedding light on the evolving legal landscape in cybersecurity.

  • BSidesZagreb 2024: Community-Driven Information Security Conference
    Explore photos from BSidesZagreb 2024, a community-driven conference fostering collaboration and knowledge exchange among information security professionals and enthusiasts.

  • New Infosec Product Highlights of the Week
    A roundup of notable products released in the past week, featuring offerings from Check Point, Delinea, Pentera, and Sentra.

Visited 2 times, 1 visit(s) today
Tags: , , , Last modified: March 11, 2024
Close Search Window
Close