94%of cloud tenants were targeted last year, and62%were successfully compromised. The hard truth is that organizations are having a hard time securing their cloud data—and cyberattackers are ready to exploit that challenge.

Here’s a handy resource you’ll want with you as you map out your plan—Orchestrating the Symphony of Cloud Data Security.

You’ll learn how to:

- Overcome the challenges of securing data in the cloud
- Navigate multi-cloud data security
- Balance data security with cloud economics

t's October -Cybersecurity Awareness Month!- we're offering everyone a chance to jump on the_secprotrain...

Don't miss out on last week's special issue, "Change is Difficult", available free onthe_secproSubstack. Head over and check out what we've got on offer and, if you like what you see, you can sign up to access our articles, templates, podcasts, and the other stuff we have available.

For a limited time, get20% offall subscriptions at the checkout. You can get access toour podcasts,our templates,our security guides, andother_secproeventsfora fifth off. And you can cancel anytime. What's there to lose?

Thanks and enjoy!

Welcome to another_secpro!

It's been a busy week of updates, patches, panics, and remediation, with critical updates coming from Microsoft, Ivanti, and GitLab which protect the way we work and help battle with the adversary. If you've missed out on some important changes (Editor: or need something to read on your phone whilst your computer updates...), check out this week's news section below. We've got your back, even if you're a little behind on the job.

Also, a number of online and hybrid conferences have come on our radar this week - don't miss out on them, even if you're on the other side of the world! You might even see a few names that you recognize from the_secproteam if you're lucky.

As always, make sure to check out the templates, podcasts, and other stuff on ourSubstackand access the very best that we have to offer. You might even learn something!

Cheers!
Austin Miller
Editor-in-Chief

AppOmni-The State of SaaS Security 2024 Report: "Our 2nd annual report examines the industry’s knowledge of and mindset around SaaS security, as well as organizational maturity and goals for cybersecurity programs in 2024. We gathered insights from 644 security decision makers and managers worldwide, diving deep to uncover the real-world security challenges security professionals face from profuse SaaS usage."

Bruce Schneier-Deebot Robot Vacuums Are Using Photos and Audio to Train Their AI: "An Australian news agency is reporting that robot vacuum cleaners from the Chinese company Deebot are surreptitiously taking photos and recording audio, and sending that data back to the vendor to train their AIs."

Bruce Schneier-China Possibly Hacking US “Lawful Access” Backdoor: "The Wall Street Journal is reporting that Chinese hackers (Salt Typhoon) penetrated the networks of US broadband providers, and might have accessed the backdoors that the federal government uses to execute court-authorized wiretap requests. Those backdoors have been mandated by law—CALEA—since 1994."

Bruce Schneier-Largest Recorded DDoS Attack is 3.8 Tbps: "Cloudflare just blocked the current record DDoS attack:3.8 terabits per second. (Lots of good information on the attack, and DDoS in general, at the link.) Newsarticle."

GitLab-GitLab Critical Patch Release: 17.4.2, 17.3.5, 17.2.9: "These versions contain important bug and security fixes, and we strongly recommend that all self-managed GitLab installations be upgraded to one of these versions immediately. GitLab.com is already running the patched version.GitLab Dedicated customers do not need to take action."

Ivanti-October Security Update: "It is important for customers to know: i) We are aware of a limited number of customers running CSA 4.6 patch 518 and prior who have been exploited when CVE-2024-9379 or CVE-2024-9380 are chained with CVE-2024-8963. We have not observed these vulnerabilities being exploited in any version of CSA 5.0. ii) We have no evidence of any other vulnerabilities being exploited in the wild. iii)These vulnerabilities do not impact any other Ivanti products or solutions."

Krebs on Security-Lamborghini Carjackers Lured by $243M Cyberheist: "The parents of a 19-year-old Connecticut honors student accused of taking part in a $243 million cryptocurrency heist in August were carjacked a week later — while out house-hunting in a brand new Lamborghini. Prosecutors say the couple was beaten and briefly kidnapped by six young men who traveled from Florida as part of a botched plan to hold the parents for ransom."

Krebs on Security-Patch Tuesday, October 2024 Edition: "Microsoft today released security updates to fix at least 117 security holes in Windows computers and other software, including two vulnerabilities that are already seeing active attacks. Also, Adobe plugged 52 security holes across a range of products, and Apple has addressed a bug in its new macOS 15 “Sequoia” update that broke many cybersecurity tools."

Microsoft-File hosting services misused for identity phishing: "Microsoft has observed campaigns misusing legitimate file hosting services increasingly use defense evasion tactics involving files with restricted access and view-only restrictions. While these campaigns are generic and opportunistic in nature, they involve sophisticated techniques to perform social engineering, evade detection, and expand threat actor reach to other accounts and tenants. These campaigns are intended to compromise identities and devices, and most commonly lead to business email compromise (BEC) attacks to propagate campaigns, among other impacts such as financial fraud, data exfiltration, and lateral movement to endpoints."

Mozilla-Mozilla Foundation Security Advisory 2024-51: CVE-2024-9680: "Use-after-free in Animation timeline" has been patched and requires an urgent update.AllFirefox users should attend to that straight away!

OpenAI-An update on disrupting deceptive uses of AI: "Since the beginning of the year, we’ve disrupted more than 20 operations and deceptive networks from around the world that attempted to use our models. To understand the ways in which threat actors attempt to use AI, we’ve analyzed the activity we’ve disrupted, identifying an initial set of trends that we believe can inform debate on how AI fits into the broader threat landscape. Today, we are publishing OpenAI’s latest threat intelligence report, which represents a snapshot of our understanding as of October 2024."

Unit 42-Contagious Interview: DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malware: "Unit 42 has tracked activity from threat actors associated with the Democratic People’s Republic of Korea (DPRK), where they pose as recruiters to install malware on tech industry job seekers’ devices. We call this activity theCL-STA-240 Contagious Interview campaign, and we first published about it in November 2023. Since that publication, we’ve observed additional online activity from the fake recruiters, as well as code updates to two pieces of malware associated with the campaign; the BeaverTail downloader and the InvisibleFerret backdoor."

goliate/hidden-tear: It's a ransomware-like file crypter sample which can be modified for specific purposes. Simples.

ncorbuk/Python-Ransomware - A Python Ransomware Tutorial with a YouTube tutorial explaining code and showcasing the ransomware with victim/target roles.

ForbiddenProgrammer/conti-pentester-guide-leak: Leaked pentesting manuals given to Conti ransomware crooks.

codesiddhant/Jasmin-Ransomware: Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks. Jasmin helps security researchers to overcome the risk of external attacks.

ISC2 Security Congress 2024(October 14th): "ISC2 Security Congress is just around the corner! Join thousands of cybersecurity experts from across the globe as we lead the charge against emerging threats and protect what matters most in today's digital landscape. Regular Pricing has been extended just for you! Register today and save $200."

Exploring the 2024 Horizon Report | Cybersecurity and Privacy Edition(October 15th): This webinar will explore the trends, challenges, and key technology developments identified by a panel of experts in the 2024 Horizon Report | Cybersecurity and Privacy Edition. Members of the Horizon Report team and panel will highlight contextual trends and challenges and discuss how key technologies can assist higher education cybersecurity and privacy professionals in meeting challenges and capitalizing on opportunities for the future. Implications of trends and key technologies will be considered from different institutional perspectives.

The Impact of Generative AI on Kids’ Privacy, Safety, and Security(October 15th): In our increasingly digital world, the boundaries of our expectations related to privacy, security and online safety are stretched more and more by emerging technologies, policies, and practices. The Future of Privacy Forum, AARNet, and the Australian Strategic Policy Institute (ASPI) invite you to the second in our event series on privacy, security, and online safety of young people in Australia. This session will focus on potential risks and benefits related to children’s use of the growing suite of generative AI tools and methods for combatting existing and emerging harms to young people online, including the impact of the upcoming updates to Australia’s Privacy Act and the ongoing work of various Australian digital platform regulators on generative AI and AI governance.

Red Hat Summit: Connect 2024(October 15th, 17th, & 22nd): Red Hat® Summit: Connect is coming to cities across Asia Pacific. Join us as we explore the future of Al, hybrid cloud, open source technology, and IT. With plenty of opportunities to engage during sessions, demos, and networking, this year's in-person event will give you access to Red Hat experts and industry leaders- all at no cost.

BSidesNYC Conference(October 19th): BSidesNYC is an information security conference coordinated by security professionals within the tri-state area as part of the larger BSides framework. The conference prides itself on building an environment focused on technical content covering various security topics - from offensive security to digital forensics and incident response.

SecTor(October 23rd-26th): SecTor is renowned for bringing together international experts to discuss underground threats and corporate defenses. This cyber security conference offers a unique opportunity for IT security professionals, managers, and executives to connect and learn from experienced mentors. This year, SecTor introduces the ‘Certified Pentester’ program, including a full-day practical examination, adding to the event’s educational offerings.

LASCON 2024(October 24-25th): The Lonestar Application Security Conference (LASCON) is an annual event in Austin, TX, associated with OWASP, gathering 400+ web app developers, security engineers, mobile developers, and infosec professionals. Being in Texas, home to numerous Fortune 500 companies, and located in Austin, a startup hub, LASCON attracts leaders, security architects, and developers to share innovative ideas, initiatives, and technology advancements in application security.