Security News > 2024 > March > Week in review: Attackers use phishing emails to steal NTLM hashes, Patch Tuesday forecast
What organizations need to know about the Digital Operational Resilience ActIn this Help Net Security interview, Kris Lovejoy, Global Security and Resilience Leader at Kyndryl, discusses the impact of the Digital Operational Resilience Act on organizations across the EU, particularly in ICT risk management and cybersecurity.
Cisco patches Secure Client VPN flaw that could reveal authentication tokensCisco has fixed two high-severity vulnerabilities affecting its Cisco Secure Client enterprise VPN and endpoint security solution, one of which could be exploited by unauthenticated, remote attackers to grab users' valid SAML authentication token.
Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly!JetBrains has fixed two critical security vulnerabilities affecting TeamCity On-Premises and is urging customers to patch them immediately.
Immediate AI risks and tomorrow's dangers"At the most basic level, AI has given malicious attackers superpowers," Mackenzie Jackson, developer and security advocate at GitGuardian, told the audience last week at Bsides Zagreb.
Integrating software supply chain security in DevSecOps CI/CD pipelinesIn this Help Net Security video, Henrik Plate, Security Researcher at Endor Labs, talks about this report, which provides actionable measures to integrate the various building blocks of software supply chain security assurance into CI/CD pipelines to enhance the preparedness of organizations to address supply chain security in the development and deployment of cloud-native applications.
95% believe LLMs making phishing detection more challengingMore than 95% of responding IT and security professionals believe social engineering attacks have become more sophisticated in the last year, according to LastPass.
News URL
Related news
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Beware of phishing emails delivering backdoored Linux VMs! (source)
- November 2024 Patch Tuesday forecast: New servers arrive early (source)
- New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Microsoft slips Task Manager and processor count fixes into Patch Tuesday (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- Phishing emails increasingly use SVG attachments to evade detection (source)
- December 2024 Patch Tuesday forecast: The secure future initiative impact (source)