Security News > 2023 > February

More than a fifth of the passwords protecting network accounts at the US Department of the Interior-including Password1234, Password1234!, and ChangeItN0w!-were weak enough to be cracked using standard methods, a recently published security audit of the agency found. In all, the auditors cracked 18,174-or 21 percent-­of the 85,944 cryptographic hashes they tested; 288 of the affected accounts had elevated privileges, and 362 of them belonged to senior government employees.

A new exploit has been devised to "Unenroll" enterprise- or school-managed Chromebooks from administrative control. Enrolling ChromeOS devices makes it possible to enforce device policies as set by the organization via the Google Admin console, including the features that are available to users.

The Wazuh open source platform plays a critical role in monitoring Kubernetes and other components of an organization's infrastructure. Kubernetes is an open source container management solution that automates the deployment and scaling of containers and also manages the life cycle of containers.

The Brazilian threat actors behind an advanced and modular point-of-sale malware known as Prilex have reared their head once again with new updates that allow it to block contactless payment transactions. Having evolved out of ATM-focused malware into PoS malware over the years since going operational in 2014, the threat actor steadily incorporated new features that are designed to facilitate credit card fraud, including a technique called GHOST transactions.

Help Net Security is in Israel this week for Cybertech Tel Aviv 2023, talking to the key players from the cybersecurity industry and businesses from a wide range of sectors, who gathered to...

Cybertech Tel Aviv 2023 is under way at the Tel Aviv Expo. The conference and exhibition gathers cybersecurity experts, businesses and startups from around the world, and Help Net Security is there to take it all in.

Miscreants using malicious OAuth applications abused Microsoft's "Verified publisher" status to gain access to organizations' cloud environments, then steal data and pry into to users' mailboxes, calendars, and meetings. According to researchers with Proofpoint, which uncovered the campaign in early December, hijacking the "Verified publisher" status enabled the cybercriminals to satisfy some of Microsoft's requirements for distributing OAuth applications.

Microsoft on Tuesday said it took steps to disable fake Microsoft Partner Network accounts that were used for creating malicious OAuth applications as part of a malicious campaign designed to breach organizations' cloud environments and steal email.On top of that, Microsoft said it implemented additional security measures to improve the vetting process associated with the Microsoft Cloud Partner Program and minimize the potential for fraud in the future.

Here's everything you need to know about what services need an AML revamp and how they should go about it. Gather enough data as fast as possible, and you can instantly spot bad actors and block them out, and move to more extensive KYC procedures to ensure their names do not appear on any AML lists and gauge the true intentions of suspicious users, saving money on unnecessary KYC and AML screenings.

IT departments continue to face immense pressure to get vulnerability and patch management right as threat actors use new and old methods to exploit network endpoints. Are we ready for what's next? As vulnerabilities continue to increase, what strategies should security professionals use to gain visibility into these threats, prioritize them, and manage the ongoing risk to endpoints? What will the vulnerability landscape look like in 2023, and what new challenges will security and IT teams face?