Here's a roundup of some of the interesting news, articles, interviews and videos from the past week:
Ransom Lord: Open Source Anti-Ransomware Exploit Tool
RansomLord is an open source tool that automates the creation of PE files, which are used to exploit the pre-encryption of ransomware.
Attackers are probing checkpoint remote access VPN devices.
The company warned Monday that attackers are trying to gain access to Checkpoint VPN devices through local accounts that are protected only by passwords.
How to Combat Alert Fatigue in Cybersecurity
In this HelpNet Security interview, Ken Gramley, CEO of Stamus Networks, discusses the root causes of alert fatigue in cybersecurity and DevOps environments.
Evolution of Security Metrics for NIST CSF 2.0
Effective use of metrics, along with a deep understanding of how security processes perform, is the best way to build greater security agility and enable teams to react more quickly and effectively.
Checkpoint VPN zero-day exploit from early April (CVE-2024-24919)
Attackers are exploiting CVE-2024-24919, a zero-day vulnerability in Checkpoint Security Gateways, to mark and extract password hashes for local accounts, which they then I used to transfer to the network of target organizations.
Encrypted Notepad: Open Source Text Editor
Encrypted Notepad, an open source text editor, ensures that your files are stored and loaded encrypted with AES-256. With no ads, no network connection required, and no unnecessary features, this is a tool that works smoothly.
Cyber Security Jobs Available Now: May 29, 2024
We have scoured the market to bring you a selection of roles that span different skill levels in the field of cyber security. Check out this weekly selection of cyber security jobs available now.
Chronon: Open Source Data Platform for AI/ML Applications
Chronon is an open source, end-to-end feature platform designed for machine learning (ML) teams to build, deploy, manage and monitor data pipelines for machine learning.
NIST says NVD will be back on track by September 2024.
The National Institute of Standards and Technology (NIST) has awarded a contract to an unnamed company/organization to help add emerging Common Vulnerabilities and Exposures (CVEs) to the National Vulnerability Database (NVD), the agency said. announced on Wednesday.
Moonstone slate: North Korea's new threat actor
Microsoft has named another state-linked threat actor: Moonstone Slate (formerly Storm-1789), which is involved in cyber espionage and ransomware attacks to further the North Korean government's goals.
How Fraudsters Stole $37 Million From Coinbase Pro Users
A convincing phishing page and some over-the-phone social engineering allowed a group of crooks to steal more than $37 million from hapless Coinbase Pro users.
Exploitation of PoC for critical FortiSIEM command execution flaws (CVE-2024-23108, CVE-2023-34992)
Horizon3.ai's research has released proof-of-concept (PoC) exploits for CVE-2024-23108 and CVE-2023-34992, vulnerabilities that affect remote, unauthenticated commands on specific FortiNet FortiSEM devices. Allow execution.
Avoiding the Cyber Security Blame Game
Cyber risk management has many components. Those who do it well will conduct comprehensive risk assessments, implement well-documented and well-communicated processes and controls, and fully implement monitoring and review requirements.
Cyber security teams are poised for tougher challenges in 2024.
In this HelpNet security video, Tom Gorup, VP of Security Services at Adgeo, discusses the ever-changing threat landscape.
Human error is still considered the Achilles heel of cybersecurity.
As concerns about cyberattacks continue to rise, CISOs show increasing confidence in their ability to defend against these threats, reflecting a significant shift in the cybersecurity landscape, according to Proofpoint.
NIST unveils ARIA to test and validate AI capabilities, impact.
The National Institute of Standards and Technology (NIST) is launching a new Testing, Evaluation, Verification and Validation (TEVV) program aimed at helping to understand the capabilities and impact of artificial intelligence.
34% of organizations lack cloud cybersecurity skills.
According to Cado Security, today's incident response is too time-consuming and manual, leaving organizations at a disadvantage by failing to effectively investigate and respond to identified threats.
Digital ID Adoption: Implementation and Security Concerns
As digital transformation accelerates, understanding how businesses are preparing for and implementing digital ID technologies is critical to staying ahead in security and efficiency, according to Regula.
A closer look at the impact of GenAI on business
This article includes excerpts from various reports that provide statistics and insights into GenAI and its impact on business.
New infosec products of the week: May 31, 2024
Here's a look at the most exciting products from the past week, including the releases of Adaptive Shield, Dashlane, Detectify, and Truecaller.