Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:
Fortinet releases patches for publicly undisclosed critical FortiManager vulnerability
In the last couple of days, Fortinet has released critical security updates for FortiManager, to fix a critical vulnerability that is reportedly being exploited by Chinese threat actors.
VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812)
Broadcom has released new patches for previously fixed vulnerabilities (CVE-2024-38812, CVE-2024-38813) in vCenter Server, one of which hasn’t been fully addressed the first time and could allow attackers to achieve remote code execution.
Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383)
Attackers have exploited an XSS vulnerability (CVE-2024-37383) in the Roundcube Webmail client to target a governmental organization of a CIS country, Positive Technologies (PT) analysts have discovered.
The Internet Archive breach continues
Cybersecurity troubles are not over for the Internet Archive (IA), the nonprofit organization behind the popular digital library site: after the recent DDoS attacks, defacement and data breach, an email sent via its Zendesk customer service platform has shown that some of its IT assets remain compromised.
Exploited: Cisco, SharePoint, Chrome vulnerabilities
Threat actors have been leveraging zero and n-day vulnerabilities in Cisco security appliances (CVE-2024-20481), Microsoft Sharepoint (CVE-2024-38094), and Google’s Chrome browser (CVE-2024-4947).
The future of cyber insurance: Meeting the demand for non-attack coverage
In this Help Net Security interview, Michael Daum, Head of Global Cyber Claims for Allianz Commercial, discusses the significant rise in cyber claims in 2024, driven by an increase in data breaches and ransomware attacks.
Enhancing national security: The four pillars of the National Framework for Action
In this Help Net Security interview, John Cohen, Executive Director, Program for Countering Hybrid Threats at the Center for Internet Security, discusses the four pillars of the National Framework for Action, emphasizing how these measures can combat the exploitation of technology and social media by threat actors.
Effective strategies for measuring and testing cyber resilience
In this Help Net Security interview, Detective Superintendent Ian Kirby, CEO of the National Cyber Resilience Centre Group (NCRCG), discusses the emerging cyber threats and strategies organizations can use to increase cyber resilience.
Myths holding women back from cybersecurity careers
In this Help Net Security interview, Dr Kathryn Jones, Head of School, Computer Science and Informatics at Cardiff University, discusses the challenges and misconceptions that deter women from pursuing careers in cybersecurity.
Building secure AI with MLSecOps
In this Help Net Security interview, Ian Swanson, CEO of Protect AI, discusses the concept of “secure AI by design.”
Aranya: Open-source toolkit to accelerate secure by design concepts
SpiderOak launched its core technology platform as an open-source project called Aranya. This release provides the same level of security as the company’s platform, which is already in use by the Department of Defense.
Argus: Open-source information gathering toolkit
Argus is an open-source toolkit that simplifies information gathering and reconnaissance.
Achieving peak cyber resilience
Countering cyberthreats like ransomware is an inescapable aspect of today’s business operating environment. No organization is immune.
How to fend off a quantum computer attack
In this Help Net Security video, IEEE member Marc Lijour explains quantum computing and offers insight into how to fend off a quantum computer attack.
Should the CISOs role be split into two functions?
84% of CISOs believe the role needs to be split into two functions – one technical and one business-focused, to maximize security and organizational resilience, according to Trellix.
What’s more important when hiring for cybersecurity roles?
When building a cybersecurity team, you likely asked yourself, “Should I focus on certifications or real-world skills?”
Hackers are finding new ways to leverage AI
AI adoption and integration has continued its rapid momentum within the hacking community, according to Bugcrowd.
Evolving cloud threats: Insights and recommendations
In this Help Net Security video, Austin Zeizel, Threat Intelligence Consultant at IBM X-Force, discusses the cloud threat landscape.
IT security and government services: Balancing transparency and security
Whether residents are accessing public records or leveraging self-service features, it is essential that local and state governments provide technology that enables agency and transparency. But this is only successful if that technology provides ease of access.
Phishing scams and malicious domains take center stage as the US election approaches
Phishing scams aimed at voters, malicious domain registrations impersonating candidates, and other threat activity designed to exploit unassuming victims take center stage as the US election approaches, according to Fortinet.
Evolving cybercriminal tactics targeting SMBs
In this Help Net Security video, David Langlands, Chief Security Officer at Todyl, discusses these evolving cyber threats.
Cybersecurity jobs available right now: October 23, 2024
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.
How to enable Safe Browsing in Google Chrome on Android
To safeguard your data, Google Chrome uses Safe Browsing to protect you from: harmful websites and extensions, malicious or intrusive advertisements, malware, phishing attacks, and social engineering threats.
Whitepaper: Securing GenAI
The ultimate guide to AI security: key AI security risks, vulnerabilities and strategies for protection. 61% of companies use AI, but few secure it. This whitepaper covers the key AI risks being overlooked from LLMs to RAG.
New infosec products of the week: October 25, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Fastly, IBM, Ivanti, Kusari, and Nucleus Security.