Security News > 2022 > April

Microsoft on Thursday disclosed that it addressed a pair of issues with the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region. "By exploiting an elevated permissions bug in the Flexible Server authentication process for a replication user, a malicious user could leverage an improperly anchored regular expression to bypass authentication to gain access to other customers' databases," Microsoft Security Response Center said.

Now more than ever, it is critical that organizations address the issue of burnout among cyber employees before the talent pool dries up. The most effective way for organizations to mitigate this level of burnout is to thoroughly understand the pressure security practitioners are under, then take effective actions.

Ivanti Wavelink announced the results of a joint survey with VDC Research regarding the state of industrial supply chain operations and the adoption of Industrial Internet of Things solutions. For industrial organizations, IIoT platforms offer significant promise to unlock new business models, deliver improved customer experiences, address the disruptive impact of downtime, and ultimately provide greater operational resilience.

During the research, the attack surface management team analyzed instances hosting internet-facing databases. The findings showed that in the second half of 2021, the number of public-facing databases increased by 16% to 165,600 with most of them stored on the servers in the US. The number of databases exposed to the open web has been growing every quarter to reach its peak of 91,200 in Q1 2022.

The cyber skills gap is driving a significant increase in reliance on external managed service providers, according to the Neustar International Security Council. 89% of security professionals participating in the survey, conducted in March 2022, said their organizations had somewhat or greatly increased their reliance on external providers due to the ongoing talent shortage.

As of March 31, 2022, the findings uncovered that 90% of companies are not fully compliant with CCPA and CPRA Data Subject Access Request requirements. Further, 95% of companies are using error prone and time consuming manual processes for GDPR DSAR requirements.

Cyber attacks will continue to be a threat to businesses, but with Dell Technologies you can have peace of mind that your data and IT assets are secure, protected, and available. We stop at nothing to help thwart threats with intrinsically secure infrastructure and devices, comprehensive detection and response, data protection, and cyber-recovery.

Microsoft is working on a built-in VPN functionality for the Edge browser called 'Edge Secure Network', but there's a catch - it is not a proper replacement for your VPN. Edge's Secure Network is powered by Cloudflare - one of the most trusted DNS hosts in the industry - and it aims to protect your device and sensitive data as you browse. The feature is in the early stage of development available to select users in Edge Canary and it's not a full-fledged VPN service offered in rival browsers like Opera.

Network-attached storage appliance maker QNAP on Wednesday said it's working on updating its QTS and QuTS operating systems after Netatalk last month released patches to contain seven security flaws in its software. Netatalk is an open-source implementation of the Apple Filing Protocol, allowing Unix-like operating systems to serve as file servers for Apple macOS computers.

Calling TA410 an umbrella group comprised of three teams dubbed FlowingFrog, LookingFrog and JollyFrog, Slovak cybersecurity firm ESET assessed that "These subgroups operate somewhat independently, but that they may share intelligence requirements, an access team that runs their spear-phishing campaigns, and also the team that deploys network infrastructure." TA410 - said to share behavioral and tooling overlaps with APT10 - has a history of targeting U.S-based organizations in the utilities sector as well as diplomatic entities in the Middle East and Africa.