Security News > 2023 > April

When Adobe released security updates for its ColdFusion application development platform last month, it noted that one of the vulnerabilities had been exploited in the wild "In very limited attacks." CVE-2023-26360 is an improper access control vulnerability that could result in arbitrary code execution in the context of the current user, and was reported to Adobe by security consultants Charlie Arehart and Pete Freitag.

The threat actor known as Arid Viper has been observed using refreshed variants of its malware toolkit in its attacks targeting Palestinian entities since September 2022. Also known by the names APT-C-23 and Desert Falcon, the hacking group has been linked to attacks aimed at Palestine and the Middle East at least since 2014.

There are essentially two ways to share files and documents out of a SaaS application, although the terminology used by M365, Salesforce, Google Workspace, and Box is slightly different. Sharing a file with anyone who has the link is much less cumbersome.

Security breaches could have catastrophic consequences for any business, from costly downtime to exposure of customer data that could result in fines and lawsuits. Now you can get lifetime access to one of the most comprehensive high-quality bundles of security training courses ever seen on the market, The Complete 2023 Cyber Security Developer & IT Skills Bundle.

eFile.com, an IRS-authorized e-file software service provider used by many for filing their tax returns, has been caught serving JavaScript malware. Security researchers state the malicious JavaScript file existed on eFile.com website for weeks.

The Department of Justice declared the confiscation of digital currency valued at approximately $112 million connected to fraudulent cryptocurrency investments. In these schemes, fraudsters cultivate long-term relationships with victims met online, eventually enticing them to make investments in fraudulent cryptocurrency trading platforms.

Australia's Westpac bank re-wrote its job ads for infosec roles after finding the language it used deterred female candidates. The land down under, like most other lands, has a shortage of cyber security professionals.

Two vulnerabilities affecting various QNAP operating systems have been uncovered by Sternum.These vulnerabilities enable authenticated remote users to access secret values, requiring owners to take immediate action by updating their operating system(s).

Australia has joined the growing list of nations that have decided TikTok represents an unacceptable risk when running on government-owned devices, so has decided not to allow it onto those machines. Citing "Advice from intelligence and security agencies," attorney-general Mark Dreyfus today announced the national government will "Prohibit the TikTok app on devices issued by Commonwealth departments and agencies. The direction will come into effect as soon as practicable."

Encouraging collaboration between your disaster recovery and cybersecurity teams can offer several benefits for your company, as both teams deal with risks, incidents, and the overall resilience of the organization's technology infrastructure. Enhanced incident response: By working together, the teams can develop comprehensive incident response plans that address both cybersecurity threats and other disaster scenarios.