Security News > 2024 > March > Week in review: Attackers use phishing emails to steal NTLM hashes, Patch Tuesday forecast
What organizations need to know about the Digital Operational Resilience ActIn this Help Net Security interview, Kris Lovejoy, Global Security and Resilience Leader at Kyndryl, discusses the impact of the Digital Operational Resilience Act on organizations across the EU, particularly in ICT risk management and cybersecurity.
Cisco patches Secure Client VPN flaw that could reveal authentication tokensCisco has fixed two high-severity vulnerabilities affecting its Cisco Secure Client enterprise VPN and endpoint security solution, one of which could be exploited by unauthenticated, remote attackers to grab users' valid SAML authentication token.
Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly!JetBrains has fixed two critical security vulnerabilities affecting TeamCity On-Premises and is urging customers to patch them immediately.
Immediate AI risks and tomorrow's dangers"At the most basic level, AI has given malicious attackers superpowers," Mackenzie Jackson, developer and security advocate at GitGuardian, told the audience last week at Bsides Zagreb.
Integrating software supply chain security in DevSecOps CI/CD pipelinesIn this Help Net Security video, Henrik Plate, Security Researcher at Endor Labs, talks about this report, which provides actionable measures to integrate the various building blocks of software supply chain security assurance into CI/CD pipelines to enhance the preparedness of organizations to address supply chain security in the development and deployment of cloud-native applications.
95% believe LLMs making phishing detection more challengingMore than 95% of responding IT and security professionals believe social engineering attacks have become more sophisticated in the last year, according to LastPass.
News URL
Related news
- December 2024 Patch Tuesday forecast: The secure future initiative impact (source)
- New Windows zero-day exposes NTLM credentials, gets unofficial patch (source)
- Week in review: Veeam Service Provider Console flaws fixed, Patch Tuesday forecast (source)
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- Microsoft holds last Patch Tuesday of the year with 72 gifts for admins (source)
- Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others (source)
- European companies hit with effective DocuSign-themed phishing emails (source)
- What Is Patch Tuesday? Microsoft’s Monthly Update Explained (source)
- January 2025 Patch Tuesday forecast: Changes coming in cybersecurity guidance (source)
- Week in review: Exploited Ivanti Connect Secure zero-day, Patch Tuesday forecast (source)