Security News > 2022 > April

Autodesk needed scalable and secure cloud security to build new applications and extend internal data centers. Fortinet's Adaptive Cloud Security enabled Autodesk to implement a scalable, secure VPC model that would both satisfy the north-south firewall requirement and facilitate minimal latency for east-west traffic.

SafeStack Academy's community-centric Secure Development training gives developers, testers, analysts, and architects the skills they need to build high-quality, secure software at speed. Courses, qualifications, hands-on labs, and monthly seminars cover essential application security topics like finding and fixing vulnerabilities, threat assessment, and DevSecOps, with new courses released regularly.

Making your software more secure is a process that takes careful planning, a lot of collaboration, and a healthy dose of iterating as you learn more. It's the type of journey that goes more smoothly when you have a map.

The Australian Competition & Consumer Commission is raising awareness about a spike in money recovery scams. The agency warns in an alert today that reports of money recovery scams this year have increased in Australia by 725% compared to the same period in 2021.

First, German federal police in coordination with US law enforcement seized Hydra servers and cryptocurrency wallets containing $25 million in Bitcoin, thus shutting down the online souk. Later on Tuesday, the US Justice Department announced criminal charges against one of the alleged Hydra operators and system administrators, 30-year-old Dmitry Olegovich Pavlov of Russia.

The US State Department this week launched an agency responsible for developing online defense and privacy-protection policies and direction as the Biden administration seeks to integrate cybersecurity into America's foreign relations. "The last few years have made evident how vital cybersecurity and digital policy are to America's national security," said Secretary of State Antony Blinken during a ribbon-cutting ceremony for the new Bureau of Cyberspace and Digital Policy.

The U.S. Cybersecurity and Infrastructure Security Agency on Monday added the recently disclosed remote code execution vulnerability affecting the Spring Framework, to its Known Exploited Vulnerabilities Catalog based on "Evidence of active exploitation." The critical severity flaw, assigned the identifier CVE-2022-22965 and dubbed "Spring4Shell", impacts Spring model-view-controller and Spring WebFlux applications running on Java Development Kit 9 and later.

Germany's Federal Criminal Police Office, the Bundeskriminalamt, on Tuesday announced the official takedown of Hydra, the world's largest illegal dark web marketplace. " Bitcoins amounting to currently the equivalent of approximately €23 million were seized, which are attributed to the marketplace," the BKA said in a press release.

The once-every-four-weeks security update to Mozilla's Firefox browser officially arrived today. The regular version of Firefox is now 99.0, while the Extended Support Release, which gets security fixes without any feature updates, is now 91.8.0 ESR. Add together the first two numbers in the ESR release triplet and you should get the same value as the first number in the regular release.

Cash App is notifying 8.2 million current and former US customers of a data breach after a former employee accessed their account information. Block, Inc., the owner of Cash App, disclosed in a Form 8-K SEC filing that the breach occurred on December 10th, 2021, after a former employee downloaded internal Cash App reports while no longer employed at the company.