Last week saw a flurry of activity in the cybersecurity world, with various news stories, articles, interviews, and videos catching the attention of industry professionals. One of the notable events was Veeam’s announcement of patching a high-severity vulnerability (CVE-2024-29212) in their Veeam Service Provider Console (VSPC) and urging customers to apply the patch promptly.
As the month of May progressed, anticipation grew for Patch Tuesday, with experts reminding the community of recent threats and their potential impact. April’s Patch Tuesday had been a busy one, addressing 150 new CVEs.
On the job front, cybersecurity roles were in demand, with various opportunities available across different skill levels. An overview of the available positions was provided to help professionals navigate the job market.
In a surprising turn of events, Zscaler found itself refuting claims of a significant breach after a threat actor named “InteIBroker” put up for sale access to a cybersecurity company, sparking speculation within the industry.
Meanwhile, MITRE shared details of a recent breach they experienced, revealing the timeline of events and confirming that the breach had begun earlier than previously thought.
Preparation for the CISSP exam was also a topic of discussion, with cybersecurity leaders offering practical tips and strategies to help candidates manage their study requirements effectively.
AI tools in cybersecurity were highlighted in an interview with Pukar Hamal, CEO at SecurityPal, emphasizing the importance of integrating AI tools for enhanced security measures.
The open-source tool Pktstat, serving as an alternative to ncurses-based Pktstat, was introduced, providing users with a straightforward option for monitoring ethernet interface traffic.
Google addressed a Chrome zero-day vulnerability (CVE-2024-4671) with an exploit already existing in the wild, underscoring the ongoing battle against cyber threats.
Further, F5’s BIG-IP Next Central Manager faced vulnerabilities (CVE-2024-21793, CVE-2024-26026) that researchers detailed with PoC exploits, highlighting the importance of addressing such issues promptly.
In the realm of cybersecurity initiatives, the US Cybersecurity and Infrastructure Agency (CISA) launched the “Vulnrichment” program to fill the CVE enrichment gap left by the NIST National Vulnerability Database’s recent slowdown.
A new attack method named TunnelVision (CVE-2024-3661) was brought to light, capable of intercepting and snooping on VPN users’ traffic, posing a significant threat to user privacy.
On the ransomware front, the leader of the LockBit ransomware group, Dmitry Khoroshev, was unmasked, shedding light on the individual behind the notorious cyber threats.
As ransomware operations continued to target organizations, there was a noticeable decline in the profitability of such attacks, with ransom payments decreasing along with the average payment amount.
These developments underscored the evolving landscape of cybersecurity, urging professionals to remain vigilant and proactive in safeguarding their digital assets against emerging threats.