Security News > 2023 > April

The U.S. Cybersecurity and Infrastructure Security Agency has added two vulnerabilities to its Known Exploited Vulnerabilities catalog, based on evidence of active exploitation. The development comes as tech news site Ars Technica disclosed late last month that Android apps digitally signed by China's e-commerce company Pinduoduo weaponized the flaw to seize control of the devices and steal sensitive data, citing analysis from mobile security firm Lookout.

The growing need of SMEs and SMBs for structured cybersecurity services can be leveraged by MSPs and MSSPs to provide strategic cybersecurity services such as virtual CISO services, leading to recurring revenues and high margins while differentiating service provider from their competitors. There is a consensus among MSPs and MSSPs that starting a vCISO practice poses a great business opportunity, but how can you successfully pull it off?

"The kernel failed to protect applications that attempted to protect against Spectre v2, leaving them open to attack from other processes running on the same physical core in another hyperthread," the vulnerability disclosure explains. Linux kernel 6.0 debuts, Linus Torvalds teases 'core new things' coming in version 6.1 Older AMD, Intel chips vulnerable to data-leaking 'Retbleed' Spectre variant Apple gets lawsuit over Meltdown and Spectre dismissed Boffins release tool to decrypt Intel microcode.

To improve security, the cybersecurity industry needs to follow the aviation industry's shift from a blame culture to a "Just" culture, according to director of the Information Systems Audit and Control Association Serge Christiaans. While acknowledging that improved technology, more mature processes and improved leadership all helped to improve aviation safety, the former pilot and field CISO at tech consultancy Sopra Steria said the biggest improvements came from a change to a "Just culture" that accepts people will make mistakes and by doing so makes it more likely errors will be reported.

The illicit market for crypto giveaway scams has expanded, offering various services to facilitate fraudulent activity. The proliferation of fake crypto giveaways can be attributed to the increased availability of tools for scammers, even those with limited technical skills.

On average, organizations store 61% of their sensitive data in the cloud, and most have experienced at least one cybersecurity breach, threat and/or theft of data, with 75% experiencing all three, according to Skyhigh Security. "Today, data is everywhere, traversing devices, cloud applications, the web and infrastructure, so it comes as no surprise that one of the biggest challenges organizations face is securing their vital data," said Rodman Ramezanian, global cloud threat lead, Skyhigh Security.

How are data teams conquering the complexity of the modern data stack? Unravel Data has asked 350+ data scientists, engineers, analysts, and others who rely upon real-time data insights for decision-making to share their practices. "For the third year in a row we've had the opportunity to take the pulse of enterprise data teams to better understand the daily challenges they face as they accelerate their ambitious big data analytics programs," said Kunal Agarwal, CEO of Unravel Data.

Microsoft is warning of a phishing campaign targeting accounting firms and tax preparers with remote access malware allowing initial access to corporate networks. With the USA reaching the end of its annual tax season, accountants are scrambling to gather clients' tax documents to complete and file their tax returns.

Google on Thursday outlined a set of initiatives aimed at improving the vulnerability management ecosystem and establishing greater transparency measures around exploitation. Mitigating such risks requires addressing the root cause of the vulnerabilities and prioritizing modern secure software development practices to eliminate entire classes of threats and block potential attack avenues.

The FBI has detained a 21-year-old Air National Guardsman suspected of leaking a trove of classified Pentagon documents on Discord. He also controlled a private Discord server, and allegedly posted photographs of the classified Pentagon documents to impress the private group's 25 members, which included netizens in Europe, Asia, and South America.