Security News > 2023 > February
What's more dangerous than Chinese spy balloons? Unsafe software and other technology products, according to America's Cybersecurity and Infrastructure Agency Director Jen Easterly. "Government can work to advance legislation to prevent technology manufacturers from disclaiming liability by contract, establishing higher standards of care for software in specific critical infrastructure entities, and driving the development of a safe harbor framework to shield from liability companies that securely develop and maintain their software products and services," Easterly said.
The U.S. Cybersecurity & Infrastructure Security Agency has added CVE-2022-36537 to its "Known Exploited Vulnerabilities Catalog" after threat actors began actively exploiting the remote code execution flaw in attacks. CVE-2022-36537 is a high-severity flaw impacting the ZK Framework versions 9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1, enabling attackers to access sensitive information by sending a specially crafted POST request to the AuUploader component.
Microsoft says the KB5022913 February 2023 non-security preview release is incompatible with some third-party UI customization apps and is causing boot issues on Windows 11 22H2 systems. In a new update to the Windows Health Dashboard, the company explained that using third-party UI customization applications could potentially prevent Windows from starting up properly.
In a filing today to America's financial watchdog about the snafu, Dish confirmed "The outage was due to a cyber-security incident," though it didn't share any details as to what the incident was, nor did the broadband biz directly answer our questions to that end when asked. Without an actual statement from Dish, or internal information that The Register could verify, it falls to speculation to determine whether ransomware was the cause of Dish's troubles, but luckily the corporation included one tidbit that could point to such: the culprits did make off with some data.
We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.
There's no date on the update, but as far as we can make out, LastPass just [2023-02-27] published a short document entitled Incident 2 - Additional details of the attack. As you probably remember, because the bad news broke just before the Christmas holiday season in December 2022, LastPass suffered what's known in the jargon as a lateral movement attack.
With a focus on the security of web app firewalls, pen tests target application programming interfaces, servers and any leaky point of entry. Security firm Pentera's second annual report on pen testing deployment in the U.S. and Europe found that 92% of organizations are lifting their overall IT security budgets.
Cybersecurity company Bitdefender has released a free MortalKombat ransomware decryptor that victims can use to restore their files without paying a ransom. This quick cracking is likely because MortalKombat is based on Xorist, a commodity ransomware family decryptable since 2016.
Satellite broadcast provider and TV giant Dish Network has finally confirmed that a ransomware attack was the cause of a multi-day network and service outage that started on Friday.As BleepingComputer reported, this widespread outage hit Dish.com, the Dish Anywhere app, Boost Mobile, and other websites and networks owned and operated by Dish Network.
The latest version of Google Chrome for macOS includes new optimizations that increase battery life on MacBooks. The reason why Google is optimizing Chrome battery consumption on Macs is likely because users report that Safari has much better performance on the system, leading them to use Apple's browser instead. Chrome's latest improvements will also be felt by those using older Apple hardware like Intel-based Macbooks.