Security News > 2023 > April

VMware has released updates to resolve multiple security flaws impacting its Workstation and Fusion software, the most critical of which could allow a local attacker to achieve code execution. The vulnerability, tracked as CVE-2023-20869, is described as a stack-based buffer-overflow vulnerability that resides in the functionality for sharing host Bluetooth devices with the virtual machine.

Maler also highlights the challenges encountered by various industries in implementing decentralized digital identities. Decentralized identity is a nascent area, and we're at an exciting moment in time where decentralized digital identities are gaining traction across various industries.

A study conducted among CISOs worldwide from various industries sheds light on their strategies amid a challenging threat environment, identifies obstacles from business functions, and highlights their requirements for achieving success. "Our research shows CISOs are motivated by a mission to protect. Yet, CISOs tell us they feel unsupported, unheard, and invisible," said Bryan Palma, CEO of Trellix.

In just under a year's time, organizations will have had to comply with several new requirements under version 4.0 of the Payment Card Industry Data Security Standard. About PCI DSS. PCI DSS comprises 12 requirements to protect payment card data and has changed very little in the last ten years.

The increase in reported ransomware victims across Q1 2023 reflects the continued prevalence of ransomware as a worldwide, industry agnostic threat, according to GuidePoint Security. The report is based on data obtained from publicly available resources, including threat groups themselves, and insight into the ransomware threat landscape.

The top challenges when implementing an effective cyber/IT risk management program include an increase in the quantity and severity of cyber threats, a lack of funding and a lack of staffing/cyber risk talent. Given the financial and reputational consequences of cyberattacks, corporate board rooms are putting pressure on CISOs to identify and mitigate cyber/IT risk.

Find out why extended detection and response was at the center of Cisco's launch activities at RSA, including the company's announcement about its cloud-based XDR service. XDR is not SIEM. Gillis explained that XDR serves a different purpose than traditional security information and event management.

Apache Superset until earlier this year shipped with an insecure default configuration that miscreants could exploit to login and take over the data visualization application, steal data, and execute malicious code. Ai again checked to see how many Superset instances were configuring their app with a public default secret key.

Microsoft is investigating ongoing Microsoft 365 issues preventing some Exchange Online customers from accessing their mailboxes. According to outage monitoring platform Downdetector, thousands of Microsoft 365 report experiencing server connection and login issues, as well as when accessing their Outlook mailboxes.

ETHOS is still under initial cooperative development, the nonprofit entity behind the project said in a press release, with founding members including OT and ICS security firms and tech consultancies such as 1898 & Co., Claroty, NetRise, and Schneider Electric. The companies founded ETHOS in response to Uncle Sam's CISA's Shields Up initiative and the Biden administration's various 100 day sprints to improve cybersecurity in critical sectors.