ZeroDay Alert Zone Weekend Edition - Week of 31st March 2024

Welcome to the ZeroDay Alert Zone Newsletter! In this edition, we bring you curated updates and insights from the cybersecurity landscape. Stay informed and prepared to defend against evolving cyber threats with our comprehensive coverage.

A newly discovered vulnerability in the Linux "wall" command, dubbed WallEscape and tracked as CVE-2024-28085, could potentially allow attackers to leak user passwords and hijack clipboards on certain Linux distributions. The flaw stems from improper filtering of escape sequences, permitting unprivileged users to display arbitrary text on other users' terminals. This vulnerability affects Ubuntu 22.04 and Debian Bookworm, with recommendations for users to update to util-linux version 2.40 to mitigate the risk​ (The Hacker News)​.

Microsoft releases patches for 61 vulnerabilities, including two critical vulnerabilities affecting Windows Hyper-V

Microsoft’s March 2024 Patch Tuesday included patches for two critical CVEs found in Windows Hyper-V.

• CVE-2024-21407, which has a CVSS score of 8.1 out of 10

• CVE-2024-21408, which has a CVSS score of 5.5 out of 10

Worldwide Agenda ransomeware wave targets VMware ESXI servers

A recent wave of ransomware attacks targeting VMware ESXi servers. This kind of attack typically involves exploiting vulnerabilities in VMware ESXi servers to deploy ransomware, impacting organizations by encrypting their data and demanding a ransom for decryption keys. For detailed information and a comprehensive analysis, you would need to visit the Dark Reading website directly. Source: https://www.darkreading.com/cloud-security/agenda-ransomware-vmware-esxi-servers

Qilin ransomware gang claims cyber attack on the Big Issue
A ransomware attack on the systems of publisher and social enterprise Big Issue Group has been claimed by the Qilin gang: Source: https://www.computerweekly.com/news/366575475/Qilin-ransomware-gang-claims-cyber-attack-on-the-Big-Issue

Market Research Papers:

Gen AI is here to stay: What it means for cyber security

The PwC article emphasizes the enduring impact of Generative AI (GenAI) on cybersecurity, spotlighting the risks of unregulated GenAI applications and the necessity for comprehensive security measures. It discusses the evolution of AI laws, the emergence of "shadow GenAI," and the challenges in data governance and insider threats. Moreover, it stresses the importance of integrating AI into existing security frameworks and preparing for GenAI's specific risks. The article also outlines strategies for AI security governance, technical implementation, and the use of AI in enhancing cybersecurity operations. For more details, visit the PwC website.

Boards need to brush up on cybersecurity governance, survey finds

This is an article about cybersecurity governance summarized from the article. It discusses the importance of boards having a strong understanding of cybersecurity. The SEC’s new cyber disclosure rules are increasing the pressure on boards to improve their oversight. Many boards lack sufficient training on cybersecurity. This can lead to boards failing to ask critical questions about cybersecurity or make poor decisions. Strong cybersecurity governance can help mitigate cyber risks.

CSA Releases Key Findings from Singapore Cybersecurity Health Report 2023

the findings of a cybersecurity report by the Cyber Security Agency of Singapore (CSA). It discusses the cybersecurity awareness and practices of Singaporean organizations. The report found that most organizations recognize the importance of cybersecurity and have adopted some measures. However, many have not adopted all the recommended measures, leaving them vulnerable to cyberattacks. The report recommends that organizations take full advantage of CSA’s resources to improve their cybersecurity posture. Source of read : https://www.csa.gov.sg/News-Events/Press-Releases/2024/csa-releases-key-findings-from-singapore-cybersecurity-health-report-2023

Unleashing productivity in government

Advances in AI, including generative AI, provide an opportunity for a decade or more of deep productivity improvements in government.Source of report : https://www2.deloitte.com/us/en/insights/industry/public-sector/government-trends.html#unleashing-productivity-in-government

Financial Insights on Cybersecurity Companies:

PAGERDUTY (NYSE: PD)

PagerDuty is a digital operation platform that provides reliable notifications, on-call, scheduling automatic escalations, and other functionality to help teams detect and fix problems quickly.

RBC Capital analyst Matthew Hedberg maintained a Buy rating on PagerDuty on March 15 and set a price target of $30.00. The company’s shares closed last Tuesday at $22.14. Source: https://www.tipranks.com/news/blurbs/analysts-offer-insights-on-technology-companies-pagerduty-pd-and-uipath-path

Cybersecurity Startups to Watch:

Top 21 Cybesecurity Start Ups

https://www.esecurityplanet.com/products/hot-cybersecurity-startups/

Stay informed, stay vigilant. Protect your digital assets and subscribe to the ZeroDay Alert Zone Newsletter for regular updates on cybersecurity threats and best practices.

Don't miss out on the latest cybersecurity updates and insights! Subscribe to the ZeroDay Alert Zone Newsletter today and stay ahead of evolving cyber threats. From implementing Zero Trust controls to financial insights on cybersecurity stocks, our newsletter delivers valuable information straight to your inbox. Join us in safeguarding your digital world. Subscribe now]