Security News > 2023 > February

Cloud and application security is everyone's responsibility - there isn't much of a choice. Many enterprise cloud customers make the mistake of believing that they are free from obligation when it comes to application security, and they deploy the apps in the cloud, exposing themselves to security gaps at the seam of enterprise and cloud vendor infrastructures.

Quantum computing has surged in popularity recently, with its revolutionary computational capabilities transforming the technology sector. In this Help Net Security video, Vanesa Diaz, CEO at LuxQuanta, talks about how precautions must be taken ahead of this new quantum age, where cybersecurity solutions require significant attention and developments to ensure the protection and security of data.

High-risk users represent approximately 10% of the worker population and are found in every department and function of the organization, according to Elevate Security research. High-risk users represent a sizable threat to the organization.

Job seekers, students, and career changers around the world want to pursue roles related to science, technology, engineering, and mathematics across different industries, but say they are not familiar with career options, according to IBM. At the same time, online training and digital credentials are emerging as a recognized pathway to opportunity as respondents plan to seek new jobs in the year ahead. Career options concerns. Respondents also cited concerns that career options may not be available to them.

A week after the US Cybersecurity and Infrastructure Security Agency and FBI released a recovery script to help victims of the widespread ESXiArgs ransomware attacks recover infected systems, an updated variant of the malware aimed at vulnerable VMware ESXi virtual machines can't be remediated with the government agencies' code, according to Malwarebytes. "This makes recovery next to impossible," Arntz wrote in a post this week, noting reports from victims of recent ESXiArgs attacks about the ransomware's new encryptor.

Security researchers are seeing threat actors switching to a new and open-source command and control framework known as Havoc as an alternative to paid options such as Cobalt Strike and Brute Ratel. Among its most interesting capabilities, Havoc is cross-platform and it bypasses Microsoft Defender on up-to-date Windows 11 devices using sleep obfuscation, return address stack spoofing, and indirect syscalls.

GitHub has updated the AI model of Copilot, a programming assistant that generates real-time source code and function recommendations in Visual Studio, and says it's now safer and more powerful. CoPilot will introduce a new paradigm called "Fill-In-the-Middle," which uses a library of known code suffixes and leaves a gap for the AI tool to fill, achieving better relevance and coherence with the rest of the project's code.

These cover a wide range of Intel products including Xeon processors, network adapters, and also software. One, CVE-2022-38090, has a severity rating of medium and affects a number of Intel processors, including the 3rd Gen Xeon Scalable server chips, which have only recently been superseded by the 4th Gen "Sapphire Rapids" products.

Russian national Vladislav Klyushin was found guilty of participating in a global scheme that involved hacking into U.S. computer networks to steal confidential earnings reports, which helped the criminals net $90,000,000 in illegal profits. Klyushin was extradited to the U.S. in December 2021 to face charges of hacking into the systems of two U.S.-based filing agents that American companies used to file earnings reports through the Securities and Exchange Commissions system.

Figure C. FTC: Crypto scams posted small numbers but lucrative in aggregate. In a June 2022 note, the U.S. Federal Trade Commission said that crypto is proving a lucrative scam channel, with more than 46,000 people reportedly having lost a total of over $1 billion in crypto to scams since 2021.