Security News > 2023 > April

TechRepublic Premium Mobile device security policy PURPOSE This Mobile Device Security Policy from TechRepublic Premium provides guidelines for mobile device security needs in order to protect businesses and their employees. This policy can be customized as needed to fit the needs of your organization.

TechRepublic Premium Mobile device security policy PURPOSE This Mobile Device Security Policy from TechRepublic Premium provides guidelines for mobile device security needs in order to protect businesses and their employees. This policy can be customized as needed to fit the needs of your organization.

TechRepublic Premium Mobile device security policy PURPOSE This Mobile Device Security Policy from TechRepublic Premium provides guidelines for mobile device security needs in order to protect businesses and their employees. This policy can be customized as needed to fit the needs of your organization.

The browser is also exposed to multiple types of cyber threats and operational risks. LayerX, Browser Security platform provider, has polled more than 150 CISOs across multiple verticals and geolocations.

Google has updated Google Authenticator, its mobile authenticator app for delivering time-based one-time authentication codes, and now allows users to sync their codes to their Google account. They can later be seamlessly synced to a new device once the Google Authenticator app is installed on it and connected to the users' Google account.

A.I. could advance the public good, not private profit, and bolster democracy instead of undermining it. An A.I. built for public benefit could be tailor-made for those use cases where technology can best help democracy.

VMware has fixed one critical and three important flaws in its VMware Workstation and Fusion virtual user session software.As explained by VMware, CVE-2023-20869 is a critical stack-based buffer-overflow vulnerability in the functionality for sharing host Bluetooth devices with the virtual machine, which allows a malicious actor with local administrative privileges to execute code as the virtual machine's VMX process running on the host.

Hackers are deploying new Linux malware variants in cyberespionage attacks, such as a new PingPull variant and a previously undocumented backdoor tracked as 'Sword2033. PingPull is a RAT first documented by Unit 42 last summer in espionage attacks conducted by the Chinese state-sponsored group Gallium, also known as Alloy Taurus.

The maintainers of the Apache Superset open source data visualization software have released fixes to plug an insecure default configuration that could lead to remote code execution. Ai, described the issue as "a dangerous default configuration in Apache Superset that allows an unauth attacker to gain remote code execution, harvest credentials, and compromise data."

There is, of course, also a darker side to generative AI which researchers have been busily investigating since ChatGPT's public launch on the GPT-3 natural language large language model last November. Heinemeyer raises the important issue of measurement - how can we quantify what, if any, effect AI is having on cyberattacks beyond speculation and inference? On this, normal measurements such as the number of emails created, or their links or attachments, are a blunt tool.