Security News > 2023 > February

It's a challenge for IT security chiefs because unstructured data's decentralized nature makes it harder to maintain effective and consistent security controls that govern access to it. "Concepts of best practice in data storage have evolved rapidly since the SolarWinds hack," says Kevin Noreen, Senior Product Manager - Unstructured Data Storage Security at Dell Technologies.

Cameras are getting smaller and smaller, changing the scale and scope of surveillance.

As attack surfaces expand and applications become more complex, regular pen tests become a crucial component of a strong web application security posture. Pen testing is often conducted periodically, which results in a "Security sprint" every time a new test is scheduled.

Cybersecurity researchers have unearthed a new piece of evasive malware dubbed Beep that's designed to fly under the radar and drop additional payloads onto a compromised host. Other instructions the malware is capable of accepting from a command-and-control server include the ability to execute DLL and EXE files.

Google announced on Tuesday that it's officially rolling out Privacy Sandbox on Android in beta to eligible mobile devices running Android 13. "The Privacy Sandbox Beta provides new APIs that are designed with privacy at the core, and don't use identifiers that can track your activity across apps and websites," the search and advertising giant said.

Korean car-makers Hyundai and Kia will issue software updates to some of their models after a method of stealing them circulated on TikTok, leading to many thefts and even some deaths. The "Kia Challenge" started circulating in mid-2022 and explained that it's possible to remove the steering column covering on some Hyundai and Kia models by force, exposing a slot that fits a USB-A plug.

Attack surface management is a make or break for organizations, but before we get to the usual list of best practices, we need to accept that attack surface management is not limited to the surface. Defining the fundamentals of ASM. ASM falls under the larger umbrella of exposure management, along with vulnerability management and validation management.

Apple this week released bug-splatting updates to its operating systems and Safari browser, to fix a zero-day vulnerability in its WebKit browser engine that's reported to have been actively exploited. Apple's advisory says the company "Is aware of a report that this issue may have been actively exploited." It credits an anonymous researcher for reporting the bug and its iOS advisory also acknowledges "The Citizen Lab at The University of Toronto's Munk School for their assistance."

Adam Shostack, the author of "Threat Modeling: Designing for Security", and the co-author of "The New School of Information Security", recently launched his new book - "Threats: What Every Engineer Should Learn From Star Wars". In this Help Net Security video interview, Shostack talks about the new book.

Last week, the Identity Defined Security Alliance, a nonprofit that provides vendor-neutral resources to help organizations reduce the risk of a breach by combining identity and security strategies, announced Jeff Reich as the organization's new Executive Director. In this Help Net Security interview, you can learn more about identity security and the evolving threat landscape.