In the past week, there have been several notable developments in the cybersecurity world. Google has once again patched a zero-day exploit in Chrome, marking the eighth emergency update for the browser this year. YouTube has been identified as a key platform for cybercrime, with social engineering threats expected to dominate cyber threats in 2024. Authelia, an open source authentication and authorization server, offers 2FA and SSO for applications. Cybersecurity job opportunities are highlighted, showcasing roles available in the field. Fail2Ban, a tool that blocks IP addresses with repeated failed login attempts, was discussed. Strategies for transitioning to a SASE architecture and combatting AI-enhanced BEC attacks were also explored.
US retailers were targeted by a cyber gang known as Storm-0539, which specializes in compromising retailers and creating fraudulent gift cards. Furthermore, compromised courtroom recording software from the developer’s official site was found to contain malware. GitHub fixed a critical authentication bypass bug in its Enterprise Server, while Veeam patched a flaw in Backup Enterprise Manager. Vulnerabilities in QNAP NAS devices and Fluent Bit were also disclosed. Microsoft’s new Windows Recovery feature, Recall, has raised privacy and security concerns.
In the healthcare sector, the HHS has pledged $50 million for an autonomous vulnerability management solution, while CISOs are advised to update email security policies to become AI-ready. Ransomware activity continues to increase, prompting victims to pay ransoms. GenAI poses challenges in the fintech sector, and consumers are cautioned about overestimating their ability to detect deepfakes. The SEC now requires financial institutions to notify customers of breaches within 30 days.
Technological complexity is driving a new wave of identity risks, with security leaders facing challenges in managing these risks. Product showcase highlights Alert, a data breach detector for monitoring important credentials. Additionally, new infosec products launched by CyberArk, OneTrust, PlexTrac, and Strike Graph were featured.
Overall, the cybersecurity landscape remains dynamic and challenging, with ongoing efforts to address emerging threats and vulnerabilities. Stay updated on the latest developments in cybersecurity to protect your organizations and personal information.
Article Source
https://www.helpnetsecurity.com/2024/05/26/week-in-review-google-fixes-yet-another-chrome-zero-day-exploit-youtube-as-a-cybercrime-channel/
