Security News > 2023 > February

UK regulators are investigating a cyberattack against financial technology firm ION, while the LockBit ransomware gang has threatened to publish the stolen data on February 4 if the software provider doesn't pay up. According to a statement posted on ION Market's website, its ION Cleared Derivatives division "Experienced a cybersecurity event" on January 31.

F5 has warned of a high-severity flaw impacting BIG-IP appliances that could lead to denial-of-service (DoS) or arbitrary code execution. The issue is rooted in the iControl Simple Object Access...

A Chinese high-altitude surveillance balloon, spotted drifting over the US, has caused concern about national security - but the Department of Defense says it will not be shot down by F22s at this time. "The United States Government has detected and is tracking a high altitude surveillance balloon that is over the continental United States right now," read a statement from Pentagon press secretary brigadier general Pat Ryder.

The U.S. Cybersecurity and Infrastructure Security Agency on February 2 added two security flaws to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The first of the two vulnerabilities is CVE-2022-21587, a critical issue impacting versions 12.2.3 to 12.2.11 of the Oracle Web Applications Desktop Integrator product.

Protecting CNI is a difficult task, thanks to a combination of a lack of skilled professionals, legacy systems and a lack of security investment that leaves them open to attack. While one would assume that these systems should run the latest and greatest security measures, due to their sensitive nature, many of these systems operate on legacy machines that can't be reset and can't be patched.

Enterprises have a limited number of analysts running their security operations centers and are deploying multiple tools in an attempt to address their cloud security challenges, according to ManageEngine. ManageEngine's study has also revealed a surge in cloud adoption, with 72% of respondents using multi-cloud applications and another 5% using hybrid cloud systems.

"The findings indicate a sizable disconnect between market promises and team perceptions. As a result, teams lack the holistic visibility and context to zero in on adversary behaviour to identify the causes of major incidents and breaches. As a result, large-scale data breaches and multi-million-dollar remediation efforts are taking a toll on organizations' brands, customer retention, and act as a distraction to business momentum and budgets," said Steve Moore, Chief Security Strategist at Exabeam. 4% of U.S. security professionals report not using a SIEM platform, and of those respondents, 81% were confident.

Nickolas Sharp, 36, of Portland Oregon now faces a maximum of 35 years in prison after pleading to one count of transmitting a program to a protected computer that intentionally caused damage, one count of wire fraud, and one count of making false statements to the FBI. "Nickolas Sharp's company entrusted him with confidential information that he exploited and held for ransom. Adding insult to injury, when Sharp wasn't given his ransom demands, he retaliated by causing false news stories to be published about the company which resulted in his company's market capitalization plummeting by over $4 billion," US Attorney Damian Williams said in a statement Thursday. "Sharp's guilty plea today ensures that he will face the consequences of his destructive actions."

An ongoing Google ads malvertising campaign is spreading malware installers that leverage KoiVM virtualization technology to evade detection when installing the Formbook data stealer. In a Google advertising campaign spotted by Sentinel Labs, threat actors push the Formbook information-stealing malware as virtualized.

Windows 10 users are reportedly being blocked from accessing their desktops by full-screen trial offers for the Microsoft 365 productivity suite. They are displayed during the Windows Out of Box Experience before loading the Windows desktop.