Here’s a summary of the most interesting news, articles, interviews and videos from the past week.
JetBrains IDE users at risk of GitHub access token compromise (CVE-2024-37051)
JetBrains has fixed a critical vulnerability (CVE-2024-37051) that could allow users of its integrated development environments (IDEs) to have their GitHub access tokens compromised.
Chinese hackers compromise 20,000 FortiGate appliances
Coathanger is malware that was specifically built to persist on Fortinet’s FortiGate appliances and is likely still lurking on many devices deployed around the world.
How businesses can integrate token technology into their existing payment systems
In this Help Net Security interview, Mark Nelsen, SVP and Global Head of Consumer Products at Visa, discusses integrating token technology into existing payment systems.
Security and Privacy Strategies for CISOs in a Mobile-First World
In this Help Net Security interview, Lookout CEO Jim Dolce discusses securing mobile devices to mitigate growing cloud threats.
Radare: An open source reverse engineering framework
Radare is an open source, UNIX-like reverse engineering framework and command line toolset that can be used for scripting, modification, and batch analysis.
Cybersecurity jobs open: June 12, 2024
We’ve combed the market to curate roles across a range of skill levels within the cybersecurity field. Check out our weekly selection of currently available cybersecurity roles.
Microsoft delays Windows recall rollout, more security testing needed
Microsoft is delaying the release of “Recall,” a controversial Windows 11 feature that would have allowed users to search their computers for specific content they had previously viewed.
YetiHunter: An open source threat hunting tool for Snowflake environments
Cloud identity protection company Permiso has developed YetiHunter, a threat detection and hunting tool that companies can use to query Snowflake environments for evidence of compromise.
PHP command injection vulnerability exploited to deliver ransomware (CVE-2024-4577)
An OS command injection vulnerability (CVE-2024-4577) in Windows-based PHP in CGI mode is being exploited by the TellYouThePass ransomware gang.
AWS Announces New and Improved Security Features
Amazon Web Services (AWS) announced new and enhanced security features and tools at its annual re:Inforce conference.
Microsoft fixes RCE vulnerabilities in MSMQ, Outlook (CVE-2024-30080, CVE-2024-30103)
With the release of its June 2024 Patch Tuesday, Microsoft provided fixes for a critical MSMQ flaw (CVE-2024-30080) and an RCE vulnerability in Microsoft Outlook (CVE-2024-30103).
Snowflake customer data breaches on the rise
LendingTree subsidiary QuoteWizard and auto parts provider Advance Auto Parts have emerged as victims of attackers attempting to sell data stolen from cloud databases hosted by Snowflake.
Modern Fraud Detection Doesn’t Need to Rely on PII
Trends in online fraud detection often act as the canary in the coal mine in understanding and combating the next generation of online fraud, fraud and cybersecurity threats.
Solving systemic problems with recurring vulnerabilities
In this Help Net Security video, Dr. Pedram Hayati, CEO of SecDim, and Fil Filiposki, founder of AttackForge, explain how their companies formed a strategic collaboration to tackle the massive challenge of resurfacing vulnerabilities.
Preparing for a career in cybersecurity? Check out these statistics
This article includes excerpts from various reports that provide statistics and insights about cybersecurity jobs, skills shortages, and workforce trends.
Urgently Needed: AI Governance in Cyberwar
Although governments are trying to regulate technologies such as AI, there will always be a gap between policy, regulation, and the rapid pace of innovation.
Maximize Productivity with Copilot for Microsoft 365: Security Perspective
In this Help Net Security video, Brian Vecci, Field CTO at Varonis, explains how to unlock the full potential of Microsoft Copilot for 365.
Cybersecurity professionals change strategies to combat AI-powered threats
According to Deep Instinct, 75% of security professionals said they had to change their cybersecurity strategy in the last year due to the rise in AI-powered cyber threats, and 73% said they would place more emphasis on preventative capabilities.
Open Source Security in AI
New AI products are coming to market at a faster pace than any previous technological revolution.
Six Months into SEC Cyber Disclosure Rule
In this Help Net Security video, Mark Millender, Senior Advisor, Global Executive Engagement, Tanium, discusses the collective views of CISOs at large public companies regarding the effectiveness and understanding of the SEC’s cyber disclosure rules, as well as common misconceptions and gray areas to watch out for.
Announces major cybersecurity upgrades to protect American healthcare
The Biden-Harris Administration recognizes that effective cybersecurity is essential to Americans receiving the health care they need, and is working tirelessly to make the health care sector more resilient against cyber attacks.
Cloud migration expands CISO role
The CISO role once focused primarily on information security – creating and implementing policies to protect an organization’s data and IT infrastructure from cybersecurity threats.
GDPR 6th Anniversary: Experts Discuss AI’s Impact
In this Help Net Security video, Chris Denbigh-White, CSO of Next DLP, explains how emerging technologies such as AI are creating new challenges for data protection and how organizations must balance adoption with legality.
The Role of AI in Accelerating Vulnerability Management
With its analytical, predictive and automative capabilities, AI has the potential to reshape many areas of business, especially cybersecurity.
New Information Security Products of the Week: June 14, 2024
Here are the most interesting products from the last week, featuring releases from Acronis, Diligent, Entrust, KELA, Plainsea, and SentinelOne.