Security News > 2023 > March

The AI Bill of Rights, bias, and operational challenges amid tightening budgets are pressing issues affecting the adoption of ML as well as project and initiative success, according to Comet. "Our latest survey comes as ML practitioners are facing a new reality, with its own unique set of challenges ahead," said Gideon Mendels, CEO of Comet.

Microsoft has released out-of-band security updates for 'Memory Mapped I/O Stale Data' information disclosure vulnerabilities in Intel CPUs.The Mapped I/O side-channel vulnerabilities were initially disclosed by Intel on June 14th, 2022, warning that the flaws could allow processes running in a virtual machine to access data from another virtual machine.

The long-awaited National Cybersecurity Strategy calls for adopting minimum security standards for critical infrastructure owners and operators, and holding software companies liable for security flaws in their products. "The National Cybersecurity Strategy calls for the modernization of IT. Specifically, the strategy noted all of the inherent vulnerabilities in lots of the ubiquitous legacy software that the federal government depends upon," Bagley said.

The developers of the BlackLotus UEFI bootkit have improved the malware with Secure Boot bypass capabilities that allow it to infected even fully patched Windows 11 systems. BlackLotus is the first public example of UEFI malware that can avoid the Secure Boot mechanism, thus being able to disable security protections that come with the operating system.

SCSW CI/CD over the past decade has become the cornerstone of modern software development. "Today, CI/CD is where application code, build tools, third-party components, secrets, identities and even cloud resources come together," Adrian Diglio, principal program manager of secure software supply chain at Microsoft, told The Register.

American fast food chain Chick-fil-A has confirmed that customers' accounts were breached in a months-long credential stuffing attack, allowing threat actors to use stored rewards balances and access personal information. At the time, Chick-fil-A set up a support page with information on what customers should do if they detect suspicious activity on their accounts.

Google Workspace has expanded its client-side encryption to Gmail and Google Calendar for users of Workspace Enterprise Plus, Education Standard and Education Plus, Google announced on Tuesday. Google Calendar for web browser, and Calendar on Android and iOS mobile apps in beta.

Karl Greenberg: How do password managers protect against this, or what happened to LastPass? Karl Greenberg: So the key aspect of security is zero knowledge on the part of the password manager?

The Chinese cyber espionage hacking group Mustang Panda was seen deploying a new custom backdoor named 'MQsTTang' in attacks starting this year. Mustang Panda is an advanced persistent threat group known to target organizations worldwide in data theft attacks using customized versions of the PlugX malware.

DOUG. Scambaiting, rogue 2FA apps, and we haven't heard the last of LastPass. Alright, let's stay on the subject of 2FA. We are seeing a spike in rogue 2FA apps in both app stores.