Week in review: Exploitable flaws in corporate VPN clients, malware loader created with gaming engine

Week in review

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Researchers reveal exploitable flaws in corporate VPN clients
Researchers have discovered vulnerabilities in the update process of Palo Alto Networks (CVE-2024-5921) and SonicWall (CVE-2024-29014) corporate VPN clients that could be exploited to remotely execute code on users’ devices.

Cybercriminals used a gaming engine to create undetectable malware loader
Threat actors are using an ingenious new way for covertly delivering malware to a wide variety of operating systems and platforms: they have created a malware loader that uses Godot Engine, an open-source game engine.

The effect of compliance requirements on vulnerability management strategies
In this Help Net Security interview, Steve Carter, CEO of Nucleus Security, discusses the ongoing challenges in vulnerability management, including prioritizing vulnerabilities and addressing patching delays.

Black Friday shoppers targeted with thousands of fraudulent online stores
Building fake, fraudulent online stores has never been easier: fraudsters are registering domain names for a pittance, using the SHOPYY e-commerce platform to build the websites, and leveraging large language models (LLMs) to rewrite existing product listings to perfect their search engine performance.

Deploy a SOC using Kali Linux in AWS
The Kali SOC in AWS project is a Terraform-based implementation that enables the deployment of a Security Operations Center (SOC) in AWS, utilizing the Kali Linux toolset for purple team activities.

Choosing the right secure messaging app for your organization
In this Help Net Security interview, Liad Shnell, CTO at Rakuten Viber, discusses what organizations should look for in secure messaging apps, including encryption, privacy standards, and ease of integration.

RomCom hackers chained Firefox and Windows zero-days to deliver backdoor
Russia-aligned APT group RomCom was behind attacks that leveraged CVE-2024-9680, a remote code execution flaw in Firefox, and CVE-2024-49039, an elevation of privilege vulnerability in Windows Task Scheduler, as zero-days earlier this year.

Starbucks, grocery stores impacted by Blue Yonder ransomware attack
Supply chain management SaaS vendor Blue Yonder announced on November 21 that it experienced a ransomware attack that impacted its managed services hosted environment.

Faraway Russian hackers breached US organization via Wi-Fi
Forest Blizzard, a threat group associated with Russia’s GRU military intelligence service, repeatedly breached a US-based organization via compromised computer systems of nearby firms, which they leveraged to authenticate to the target’s enterprise Wi-Fi network.

Practical strategies to build an inclusive culture in cybersecurity
In this Help Net Security interview, Alona Geckler, Chief of Staff, SVP of Business Operations at Acronis, shares her insights on the diversity environment in the cybersecurity and IT industries. She discusses the progress made over the past two decades, initiatives to foster inclusivity, and the remaining challenges.

Microsoft asks Windows Insiders to try out the controversial Recall feature
Participants of the Windows Insider Program that have a Qualcomm Snapdragon-powered Copilot+ PC can now try out Recall, the infamous snapshot-taking, AI-powered feature that was met with much criticism when it was unveiled earlier this year.

Overcoming legal and organizational challenges in ethical hacking
In this Help Net Security interview, Balázs Pózner, CEO at Hackrate, discusses the essential technical skills for ethical hackers and how they vary across different security domains.

How to recognize employment fraud before it becomes a security issue
The combination of remote work, the latest technologies, and never physically meeting your employees has made it very easy for job applicants to mask their true identities from their employer and commit employment fraud.

Modernizing incident response in the AI era
In this Help Net Security video, Gourav Nagar, Director of Information Security at Bill, discusses modernizing incident response in the era of AI and the cloud.

Hottest cybersecurity open-source tools of the month: November 2024
This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments.

AI Kuru, cybersecurity and quantum computing
As we continue to delegate more infrastructure operations to artificial intelligence (AI), quantum computers are advancing towards Q-day (i.e., the day when quantum computers can break current encryption methods).

How the role of observability is changing within organizations
In this Help Net Security video, Nic Benders, Chief Technical Strategist at New Relic, discusses the key findings of a recent 2024 Observability Forecast report.

VPN vulnerabilities, weak credentials fuel ransomware attacks
Attackers leveraging virtual private network (VPN) vulnerabilities and weak passwords for initial access contributed to nearly 30% of ransomware attacks, according to Corvus Insurance.

Zero-day data security
In this Help Net Security video, Carl Froggett, CIO of Deep Instinct, discusses the complexities of modern cloud architectures and why current defenses are falling short.

QScanner: Linux command-line utility for scanning container images, conducting SCA
QScanner is a Linux command-line utility tailored for scanning container images and performing Software Composition Analysis (SCA).

Domain security posture of Forbes Global 2000 companies
In this Help Net Security video, Vincent D’Angelo, Global Director of Corporate Development and Strategic Alliances with CSC, analyzes the domain security of the Forbes Global 2000.

Wireshark 4.4.2: Security updates, bug fixes, updated protocol support
Wireshark, the popular network protocol analyzer, has reached version 4.4.2. It is used for troubleshooting, analysis, development and education.

Assessing AI risks before implementation
In this Help Net Security video, Frank Kim, SANS Institute Fellow, explains why more enterprises must consider many challenges before implementing advanced technology in their platforms.

Cybersecurity jobs available right now: November 26, 2024
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.

Ransomware payments are now a critical business decision
Despite the efforts of law enforcement agencies to stop and bring to justice those responsible for ransomware attacks, the situation is not improving.

Why cybersecurity leaders trust the MITRE ATT&CK Evaluations
The “MITRE Engenuity ATT&CK Evaluations: Enterprise” stand out as an essential resource for cybersecurity decision makers to navigate this challenge.

Infosec products of the month: November 2024
Here’s a look at the most interesting products from the past month, featuring releases from: Absolute, Arkose Labs, Atakama, BlackFog, Eurotech, HiddenLayer, Hornetsecurity, Nirmata, Radware, Rakuten Viber, Symbiotic Security, Tanium, and Vectra AI.

More about

Don't miss