Security News > 2023 > April

In this Help Net Security video interview, Theresa Lanowitz, Head of Cybersecurity Evangelism at AT&T Business, discusses the 12th annual Cybersecurity Insights Report, released at RSA Conference...

The web giant's announcement of the resulting new features - marketed under the Google Cloud Security AI Workbench umbrella brand - is pretty long winded, so we thought we'd ask its Bard chat bot to summarize it all. Google Cloud Security AI Workbench is a new platform that uses generative AI to help organizations secure their cloud environments.

As user credentials continue to be a top vector for cyberattacks, organizations are under tremendous pressure to rethink the effectiveness of current authentication initiatives, according to SecureAuth. "Although companies are offering more ways to authenticate such as legacy MFA solutions, these technologies are still easily exploitable with 'MFA bombing', 'man-in-the-middle', and other attacks. SecureAuth's State of Authentication Report further validates that it is time for organizations to move beyond legacy forms of MFAs and onto passwordless technologies," Shikiar added.

The lack of visibility into the software supply chain creates an unsustainable cycle of discovering vulnerabilities and weaknesses in software and IT systems, overwhelming organizations, according to Lineaje. The analysis revealed that 68% of dependencies are on non-Apache Software Foundation open-source projects.

VirusTotal announced on Monday the launch of a new artificial intelligence-based code analysis feature named Code Insight.The new feature is powered by the Google Cloud Security AI Workbench introduced at the RSA Conference 2023 and which uses the Sec-PaLM large language model specifically fine-tuned for security use cases.

If you're a Google Chrome or Microsoft Edge browser fan, you're probably getting updates automatically and you're probably up to date already. Just in case you've missed any updates recently, we suggest you go and check right now, because the Chromium browser core, on which both Edge and Chrome are based, has patched not one but two zero-day remote code execution bugs recently.

A new side-channel attack impacting multiple generations of Intel CPUs has been discovered, allowing data to be leaked through the EFLAGS register. Instead of relying on the cache system like many other side-channel attacks, this new attack leverages a flaw in transient execution that makes it possible to extract secret data from user memory space through timing analysis.

Attackers are exploiting severe vulnerabilities in the widely-used PaperCut MF/NG print management software to install Atera remote management software to take over servers. The two security flaws allow remote attackers to bypass authentication and execute arbitrary code on compromised PaperCut servers with SYSTEM privileges in low-complexity attacks that don't require user interaction.

KuCoin's Twitter account was hacked, allowing attackers to promote a fake giveaway scam that led to the theft of over $22.6K in cryptocurrency. While the account was hacked for only 45 minutes, the crypto exchange says it was enough time for its followers to send 22 Bitcoin and Ethereum transactions, allowing the hackers to steal $22,600.

APC's Easy UPS Online Monitoring Software is vulnerable to unauthenticated arbitrary remote code execution, allowing hackers to take over devices and, in a worst-case scenario, disabling its functionality altogether.While denial-of-service flaws are generally not considered very dangerous, as many UPS devices are located in data centers, the consequences of such an outage are magnified as it could block the remote management of devices.