Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

It seems like every other day there is a public announcement of a compromise involving unauthorised access to Microsoft 365. Privately, my security consultancy team are called in more often than we would like to deconstruct a compromise and determine if a notifiable data breach has occurred.

This is an analysis of the impacts and implications on cybersecurity practices, benefits, challenges, and how to deal with the transition to the new NIST CSF 2.0 framework. NIST released an update to its Cyber Security Framework (CSF) in February 2024. Two of the most obvious takeaways from this version are the addition of a new pillar and the expansion of its application beyond critical infrastructure.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! WordPress is often an easy target from lack coding, but in this case a curious injection at source. But how?

A critical exploit just hit the scene, targeting cdn.polyfill.io, a popular domain for polyfills. Over 110,000 websites have been compromised by this attack, embedding malware into JavaScript assets. But don’t worry, we’ve got your back.

On June 25, 2024, Progress Software, the parent company of the MOVEit software suite, officially released details for two critical vulnerabilities identified in MOVEit Gateway and MOVEit Transfer, CVE-2024-5805 and CVE-2024-5806 respectively. MOVEit Transfer is a managed file transfer solution that supports the exchange of files and data between servers, systems and applications within and between organizations.

From chatbots like ChatGPT to the large language models (LLMs) that power them, managing and mitigating potential AI vulnerabilities is an increasingly important aspect of effective cybersecurity. Kroll’s new AI insights hub explores some of the key AI security challenges informed by our expertise in helping businesses of all sizes, in a wide range of sectors. Some of the topics covered on the Kroll AI insights hub are outlined below.

Remcos is a form of malware presented as legitimate software, purportedly useful for conducting surveillance and performing penetration tests. It functions as an advanced Remote Access Trojan (RAT), enabling complete monitoring and manipulation of Windows computers from XP onwards.

OpenAI has reported launching its latest flagship model, GPT-4o, alongside a suite of advanced tools now available to free ChatGPT users. This move aligns with OpenAI's mission to advance AI technology and make it accessible and beneficial to everyone.

The future of SOC automation is dynamic and rapidly evolving, promising to revolutionize how security operations centers (SOCs) tackle their most pressing challenges. As cybersecurity threats grow in volume and sophistication, SOC teams are increasingly overwhelmed by alert fatigue, false positives, and a critical shortage of skilled professionals.

While reviewing common TTPs in malware campaigns used last year Outpost24’s Cyber Threat Intelligence team, KrakenLabs, came across several reports and articles describing a novel infection technique being used to distribute various types of malware not necessarily related to each other. For example, this article analyzing Amadey and this one talking about Redline.