Security News > 2023 > March

The U.S. Cybersecurity and Infrastructure Security Agency has added three security flaws to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation. The most critical of the three is CVE-2022-35914, which concerns a remote code execution vulnerability in the third-party library htmlawed present in Teclib GLPI, an open source asset and IT management software package.

Boeing said on Tuesday its anti-jam ground-based satellite communications system had passed the necessary tests to validate it for use in the U.S. Space Force's Pathfinder program. The tests proved PTW was resistant to jamming but also validated hardware and software integration between PTES and the Department of Defense's satellite communications architecture.

With 10% of startups failing in the first year, making wise and future-proof decisions for your new cybersecurity venture is essential. While there's no blueprint for building the perfect cybersecurity startup, there are tips and tricks that can set you on the right path and help you avoid falling into that dreaded 10%. Which three decisions could help your cybersecurity startup on the path to success? Let's dive in.

In this Help Net Security video, Avani Desai, CEO at Schellman, talks about how teaching STEM subjects like cybersecurity is essential for addressing the staffing crisis and ensuring that organizations have the talent to protect themselves from cyber threats in the years to come. Teaching STEM subjects like cybersecurity can help promote diversity and inclusion in the tech industry.

After combing through 350,000 reports to find 650 API-specific vulnerabilities from 337 different vendors and tracking 115 published exploits impacting these vulnerabilities, the results clearly illustrate that the API threat landscape is becoming more dangerous, according to Wallarm. In 2022 there was a significant increase in API-related CVEs, growing +78% from H1 to H2. Although growth has stabilized over the past two quarters, the research team expects an increase in 2023.

Three of the principals of an Australian scheme that offered free payroll services to tech contractors have been found guilty of conspiring to defraud the Commonwealth and conspiring to deal with the proceeds of crime. Plutus Payroll claimed it could offer a free service because it was paid in advance by employers that hired contractors, and was not obliged to make income tax payments instantly.

92% of organizations have fallen victim to successful phishing attacks in the last 12 months, while 91% of organizations have admitted to experiencing email data loss, according to Egress. "The growing sophistication of phishing emails is a major threat to organizations and needs to be urgently addressed," said Jack Chapman, VP of Threat Intelligence, Egress.

Acer has confirmed someone broke into one of its servers after a miscreant put up for sale a 160GB database of what's claimed to be the Taiwanese PC maker's confidential information. "We have recently detected an incident of unauthorized access to one of our document servers for repair technicians," an Acer spokesperson told The Register on Tuesday.

If you're still running post-support DrayTek Vigor routers it may be time to junk them, or come up with some other workaround, as a cunning malware variant is setting up shop in the kit. The operators behind the Hiatus malware campaign are hijacking DrayTek Vigor router models 2960 and 3900 powered by MIPS, i386 and Arm-based processors to in turn attack businesses in North and Latin America as well as in Europe, according to researchers with Lumen's Black Lotus Labs threat intelligence unit.

The Sharp Panda cyber-espionage hacking group is targeting high-profile government entities in Vietnam, Thailand, and Indonesia with a new version of the 'Soul' malware framework. Check Point identified a new campaign using the malware that started in late 2022 and continues through 2023, employing spear-phishing attacks for initial compromise.