Highlights of Last Week’s Noteworthy News, Articles, Interviews, and Videos
-
Insights on the Digital Operational Resilience Act (DORA) for Organizations
Kris Lovejoy, the Global Security and Resilience Leader at Kyndryl, delves into the implications of the Digital Operational Resilience Act (DORA) on EU organizations, emphasizing ICT risk management and cybersecurity preparedness. -
Enhancing Cloud Communication Security with AI and Automation
Sanjay Macwan, the CIO and CISO at Vonage, sheds light on leveraging AI and automation to bolster security in cloud communications amidst evolving threats. -
OpenARIA: MITRE’s Open-Source Aviation Risk Assessment Tool
MITRE introduces OpenARIA, an open-source iteration of its Aviation Risk Identification and Assessment (ARIA) software suite. -
RiskInDroid: Analyzing Risks in Android Apps
Explore RiskInDroid, an open-source tool utilizing machine learning techniques for quantitative risk analysis of Android applications. -
PyRIT: Identifying Risks in Generative AI Systems
Microsoft’s Python Risk Identification Tool (PyRIT) offers an open-source framework empowering security experts and ML engineers to identify risks in generative AI systems effectively. -
Critical Cisco VPN Vulnerability Patched
Cisco addresses high-severity vulnerabilities, including CVE-2024-20337, in its Secure Client VPN solution, preventing potential exploitation by remote attackers. -
Web-Based PLC Malware Threatens Critical Infrastructure
Researchers from Georgia Tech develop web-based PLC malware capable of targeting major manufacturers’ programmable logic controllers, posing a significant threat to critical infrastructure. -
Apple Mitigates Actively Exploited iOS Zero-Days
Apple resolves two actively exploited iOS zero-day vulnerabilities (CVE-2024-23225, CVE-2024-23296) to safeguard users from malicious attacks. -
NTLM Authentication Hash Theft via Targeted Email Campaigns
Threat actors employ booby-trapped email attachments to pilfer NTLM hashes from employees, aiming to gain unauthorized access to organizations’ computer systems. -
Urgent Patch for Critical TeamCity JetBrains Vulnerabilities
JetBrains swiftly addresses critical security vulnerabilities (CVE-2024-27198, CVE-2024-27199) in TeamCity On-Premises, urging prompt patching to mitigate potential risks. -
GitHub Enhances Security with Default Push Protection
GitHub activates push protection by default for all public repositories, fortifying security measures to prevent inadvertent exposure of sensitive information like API keys. -
Significance of Software Repository Security for OSS
Emphasizing the importance of securing software repositories like GitHub, PyPI, and npm registry to mitigate the prevalence of malicious software packages. -
AI’s Immediate and Future Risks
Mackenzie Jackson highlights the transformative power of AI for malicious actors, underscoring the pressing need for robust cybersecurity measures in the face of evolving threats. -
VMware Addresses Critical Flaws Across Multiple Platforms
VMware patches critical vulnerabilities (CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255) in ESXi, Workstation, Fusion, and Cloud Foundation to prevent potential code execution exploits. -
Phishing Campaigns Target FCC and Crypto Holders
A new phishing scheme utilizes fake Okta SSO pages to target users on platforms like the Federal Communications Commission and various cryptocurrency exchanges, posing a significant security risk. -
Importance of Cyber Maturity Assessment
Delving into the necessity of cyber maturity assessment as a standard practice to gauge organizations’ resilience against evolving cybersecurity threats. -
Securing API Integrations for Data Protection
Highlighting five key strategies to ensure the security of API integrations handling sensitive data such as PII, financial information, and payment card details. -
Advantages of Encrypted Storage for Hybrid Workforces
Ryan Amparo from Kingston Technology explores the benefits of encrypted external SSDs and USBs in securing data for hybrid work environments. -
Challenges of Releasing Vulnerable Applications
Checkmarx reveals that 92% of companies experienced breaches due to vulnerabilities in in-house applications, underscoring the critical need for robust security measures. -
Microsoft’s March 2024 Patch Tuesday Forecast
Microsoft urges users to update their operating systems as the active version nears end-of-support, emphasizing the importance of timely security updates. -
Navigating Healthcare Data Protection Regulations
Chris Bowen, the CISO at ClearDATA, stresses the significance of transparency in digital health companies to navigate regulatory challenges and protect sensitive healthcare data effectively. -
AI Tools and Data Exfiltration Risks
Code42 warns of the escalating threat of data exfiltration, especially from insiders, exacerbated by emerging technologies like AI and generative AI, necessitating proactive security measures. -
Shifts in Identity, Ransomware, and Critical Infrastructure Threat Trends
Michelle Alvarez from IBM X-Force delves into the evolving threat landscape, highlighting key trends observed in 2024 and their implications for future cybersecurity strategies. -
Sophistication of Social Engineering Attacks
LastPass reports that over 95% of IT and security professionals perceive a rise in the sophistication of social engineering attacks, posing a formidable challenge to phishing detection. -
Cybersecurity Challenges in the Education Sector
Kory Daniels, the CISO at Trustwave, addresses the impact of evolving threat landscapes on universities and students, emphasizing the need for proactive cybersecurity measures. -
Establishing an Effective Governance Control Program
Highlighting the critical role of robust governance control programs in fortifying organizations’ security posture against evolving digital threats and ensuring readiness for future risks. -
Impact of Cybercriminal Sentencing
An overview of a cybercriminal’s sentencing, underscoring the consequences of wire fraud and aggravated identity theft, shedding light on the evolving legal landscape in cybersecurity. -
BSidesZagreb 2024: Community-Driven Information Security Conference
Explore photos from BSidesZagreb 2024, a community-driven conference fostering collaboration and knowledge exchange among information security professionals and enthusiasts. -
New Infosec Product Highlights of the Week
A roundup of notable products released in the past week, featuring offerings from Check Point, Delinea, Pentera, and Sentra.
