Security News > 2023 > January

The notorious information-stealer known as Vidar is continuing to leverage popular social media services such as TikTok, Telegram, Steam, and Mastodon as an intermediate command-and-control server. What's new in the latest version of the malware is that the gathered data is encoded prior to exfiltration, a change from the previous variants that have been known to send the compressed file data in plaintext format.

Fortinet has warned of a high-severity flaw affecting multiple versions of FortiADC application delivery controller that could lead to the execution of arbitrary code. The vulnerability, tracked as CVE-2022-39947 and internally discovered by its product security team, impacts the following versions -.

CircleCI states it is currently investigating a security incident, according to email notifications being received by CircleCI users. Breach follows CircleCI's 'reliability' update.

The reality of VPN vs. ZTNA. For a while now, VPN has been the proven, go-to solution when thinking about the best way to provide secure connectivity and ensure safety of data in transit. According to a recent poll, 81% of respondents currently utilize VPN to support remote work and 87% of the respondents who still use VPN say they have implemented at least one other solution to close the gaps.

The Irish Data Protection Commission has fined Meta Platforms €390 million over its handling of user data for serving personalized ads in what could be a major blow to its ad-fueled business model. To that end, the privacy regulator has ordered Meta Ireland to pay two fines - a €210 million fine over violations of the E.U. General Data Protection Regulation related to Facebook, and a €180 million for similar violations in Instagram.

Every SOC on the planet is grappling with the challenges of integrating detection techniques and response processes for public cloud computing. This presentation by Rich Mogull, SVP Cloud Security at FireMon, delves into the details with a framework for modernizing response operations, combined with technical details and examples.

Data backup has traditionally been in the operational domain of IT, while security teams have been responsible for threats to data from attacks. With many backup and recovery companies now referring to themselves as data protection platforms and with a list of new terminology and features representing a new paradigm in the backup world, staying on top of the new terms and features is complex.

An ex-General Electric engineer has been sentenced to two years in prison after being convicted of stealing the US giant's turbine technology for China. New York resident Xiaoqing Zheng, 59, who used to be employed at GE Power and specialized in turbine sealing technology, was convicted of conspiracy to commit economic espionage at the end of March after a jury trial in the Northern District of New York courthouse.

A new Linux malware downloader created using SHC has been spotted in the wild, infecting systems with Monero cryptocurrency miners and DDoS IRC bots. According to ASEC researchers, who discovered the attack, the SHC loader was uploaded to VirusTotal by Korean users, with attacks generally focused on Linux systems in the same country.

Texas-based cloud computing provider Rackspace has confirmed that the Play ransomware operation was behind a recent cyberattack that took down the company's hosted Microsoft Exchange environments. While Crowdstrike didn't name the victim in their report, Rackspace officials have revealed in recent local media interviews and emails to BleepingComputer that the OWASSRF exploit was found on its network and Play ransomware was behind last month's ransomware attack.