Security News > 2023 > March

The Federal Trade Commission has proposed to ban the online counseling service BetterHelp from sharing its customers' sensitive mental health data with advertising networks and marketers. A settlement between the FTC and BetterHelp also requires the company to pay $7.8 million as restitution to its users whose sensitive data has been shared with third parties such as Facebook and Snapchat.

5 open source Burp Suite penetration testing extensions you should check outWhen it comes to assessing the security of computer systems, penetration testing tools are critical for identifying vulnerabilities that attackers may exploit. LastPass breach: Hacker accessed corporate vault by compromising senior developer's home PCLastPass is, once again, telling customers about a security incident related to the August 2022 breach of its development environment and subsequent unauthorized access to the company's third-party cloud storage service that hosted backups.

The Play ransomware gang has begun to leak data from the City of Oakland, California, that was stolen in a recent cyberattack. The initial data leak consists of a 10GB multi-part RAR archive allegedly containing confidential documents, employee information, passports, and IDs.

A secret Bing Chat 'Celebrity' mode allows users to instruct the AI to impersonate celebrities, answering questions and talking like the person it imitates. Microsoft is constantly testing new, hidden features in Bing Chat that allow you to turn it into different chat modes, such as gaming, personal assistant, or a friend who can help you with your problems.

"The threat actor was able to capture the employee's master password as it was entered after the employee authenticated with MFA and gained access to the DevOps engineer's LastPass corporate vault," detailed the company´s recent security incident report. LastPass issued recommendations for affected users and businesses in two security bulletins.

TPM is a hardware-based technology that provides operating systems with tamper-resistant secure cryptographic functions. While a TPM is required for some Windows security features, such as Measured Boot, Device Encryption, Windows Defender System Guard, Device Health Attestation, it is not required for other more commonly used features.

"In today's economic reality, security budgets have not necessarily been cut down, but buyers are far more careful in their purchasing decisions and rightfully so. We believe that you cannot secure what you do not know, so knowing should be a basic commodity. Once you understand the magnitude of your SaaS attack layer, you can make an educated decision as to how you are going to solve it. Discovery is the natural and basic first step and it should be accessible to anyone." said Galit Lubetzky Sharon, Wing's Co-Founder and CTO. The company reported that within the first few weeks of launching, over 200 companies enrolled in their self-service free discovery tool, adding to the company's existing customer base. The challenge is that SaaS applications are often onboarded by employees without involving IT or security teams.

A new ATM malware strain dubbed FiXS has been observed targeting Mexican banks since the start of February 2023. "The ATM malware is hidden inside another not-malicious-looking program," Latin American cybersecurity firm Metabase Q said in a report shared with The Hacker News.

The US Secret Service and Immigration and Customs Enforcement agencies have failed to follow the law and official policy regarding the use of cell-site simulators, according to a government audit. The Department of Homeland Security Office of the Inspector General looked at CSS deployment by the Secret Service and ICE and found, "Secret Service and ICE HSI did not always adhere to Federal statute and CSS policies when using CSS during investigations involving exigent circumstances."

SCSW On a scale of 1 to 10, 10 being the highest risk, Snap Chief Information Security Officer Jim Higgins rates software supply chain risk "About 9.9". Ten, for the record, is "Always security hygiene," he told The Register.