Week in review: Atlassian Confluence RCE PoC, new Kali Linux, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:
High-risk Atlassian Confluence RCE fixed, PoC available (CVE-2024-21683)
If you’re self-hosting an Atlassian Confluence Server or Data Center installation, you should upgrade to the latest available version to fix a high-severity RCE flaw (CVE-2024-21683) for which a PoC and technical details are already public.
Kali Linux 2024.2 released: 18 new tools, countless updates
Kali Linux 2024.2 is now available. It includes future package compatibility for 32-bit platforms, improvements to GNOME 46 and Xfce, and 18 new tools.
June 2024 Patch Tuesday forecast: Multiple announcements from Microsoft
Microsoft has been busy this month, providing announcements on both products and technology that are reaching end of support and those that are in early preview.
How AI-powered attacks are accelerating the shift to zero trust strategies
In this Help Net Security interview, Jenn Markey, Advisor to The Entrust Cybersecurity Institute, discusses the increasing adoption of enterprise-wide zero trust strategies in response to evolving cyber threats.
Windows Recall will be opt-in and the data more secure, Microsoft says
The insistent public complaints and proof-of-concept tools have have borne fruit: Microsoft has realized that the security of its recently previewed Windows Recall feature leaves much to be desired, and has announced important changes.
NethSecurity: Open-source Linux firewall
NethSecurity is a free, open-source Linux firewall that simplifies network security deployment. It integrates various security features into one platform, including firewalling, intrusion detection and prevention, antivirus, multi-WAN, DNS, and content filtering.
SolarWinds fixes severe Serv-U vulnerability (CVE-2024-28995)
SolarWinds has fixed a high-severity vulnerability (CVE-2024-28995) affecting its Serv-U managed file transfer (MFT) server solution, which could be exploited by unauthenticated attackers to access sensitive files on the host machine.
Sniffnet: Free, open-source network monitoring
Sniffnet is a free, open-source network monitoring tool to help you easily track your Internet traffic. What sets it apart is its strong focus on user experience. Unlike most network analyzers, Sniffnet is built to be easily usable by everyone, regardless of technical expertise.
Zyxel patches critical flaws in EOL NAS devices
Zyxel has released patches for three critical vulnerabilities (CVE-2024-29972, CVE-2024-29973, and CVE-2024-29974) affecting two network-attached storage (NAS) devices that have recently reached end-of-vulnerability-support.
Vulnerability in Cisco Webex cloud service exposed government authorities, companies
The vulnerability that allowed a German journalist to discover links to video conference meetings held by Bundeswehr (the German armed forces) and the Social Democratic Party of Germany (SPD) via their self-hosted Cisco Webex instances similarly affected the Webex cloud service.
TotalRecall shows how easily data collected by Windows Recall can be stolen
Ethical hacker Alexander Hagenah has created TotalRecall, a tool that demonstrates how malicious individuals could abuse Windows’ newly announced Recall feature to steal sensitive information.
PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800)
Security researchers have published a proof-of-concept (PoC) exploit that chains together two vulnerabilities (CVE-2024-4358, CVE-2024-1800) to achieve unauthenticated remote code execution on Progress Telerik Report Servers.
361 million account credentials leaked on Telegram: Are yours among them?
A new trove of 361 million email addresses has been added to Have I Been Pwned? (HIBP), the free online service through which users can check whether their account credentials and other data has been compromised in one or more data breaches.
20 free cybersecurity tools you might have missed
Here, you will find a curated list of free cybersecurity tools you should consider.
No summer break for cybercrime: Why educational institutions need better cyber resilience
The education system isn’t equipped to handle today’s cyberthreats. I’m not just talking about cybersecurity education in schools shaping the technical workforce of the future – America’s schools themselves are prime targets for cybercrime today.
Unpacking CISA’s AI guidelines
In this Help Net Security video, Tom Kennedy, VP of Axonius Federal Systems, discusses the critical junction the guidelines place on participating entities in the federal marketplace.
Security challenges mount as companies handle thousands of APIs
Modern applications are taking over enterprise portfolios, with apps classed as modern now making up 51% of the total, up by more than a quarter in the last year, according to F5.
90% of threats are social engineering
In this Help Net Security video, Jakub Kroustek, Malware Research Director at Gen, discusses the Avast Q1 2024 Threat Report.
Cybersecurity jobs available right now: June 5, 2024
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.
Third-party vendors pose serious cybersecurity threat to national security
In this Help Net Security video, Paul Prudhomme, Principal Security Analyst at SecurityScorecard, discusses the findings of the 2024 Redefining Resilience: Concentrated Cyber Risk in a Global Economy Research report.
Find out which cyber threats you should be concerned about
This article includes excerpts from various reports that offer statistics and insights into the current cyber threat landscape.
Photos: Infosecurity Europe 2024
Infosecurity Europe took place at ExCel London from 4-6 June 2024. Help Net Security was on-site. This gallery takes you inside the event.
Webinar: Exposure management and your attack surface
Join Intruder’s webinar: Focus on what matters most: Exposure management and your attack surface on Wednesday, June 12 at 11:00am ET | 4:00pm BST to gain the insights you need to protect your attack surface today.
eBook: Breaking bad actors
There’s never been a better time to deepen your skills in cybersecurity as the demand for experienced experts continues to grow. Learn how to break today’s bad actors in the eBook.
Infosec products of the month: May 2024
Here’s a look at the most interesting products from the past month, featuring releases from: Abnormal Security, Adaptive Shield, Appdome, AuditBoard, Calix, Cranium, CyberArk, Cybersixgill, Dashlane, Datadog, Detectify, Eclypsium, ExtraHop, FireMon, Forcepoint, ManageEngine, OneTrust, OWASP Foundation, PlexTrac, Proofpoint, Secure Code Warrior, SentinelOne, Snyk, Splunk, Strike Graph, Sumo Logic, Synopsys, Trellix, and Truecaller.
New infosec products of the week: June 7, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Appdome, SailPoint, Tines, Trend Micro, Verimatrix, and Zyxel Networks.