Security News > 2023 > May

TechRepublic Premium Bring your own device policy PURPOSE The purpose of this Bring your own device policy from TechRepublic Premium is to provide requirements for BYOD usage and establish the steps that both users and the IT department should follow to initialize, support and remove devices from company access. These requirements must be followed as documented in order to protect company systems .....

TechRepublic Premium Bring your own device policy PURPOSE The purpose of this Bring your own device policy from TechRepublic Premium is to provide requirements for BYOD usage and establish the steps that both users and the IT department should follow to initialize, support and remove devices from company access. These requirements must be followed as documented in order to protect company systems .....

TechRepublic Premium Bring your own device policy PURPOSE The purpose of this Bring your own device policy from TechRepublic Premium is to provide requirements for BYOD usage and establish the steps that both users and the IT department should follow to initialize, support and remove devices from company access. These requirements must be followed as documented in order to protect company systems .....

Mandiant security researchers have discovered a new malware called CosmicEnergy designed to disrupt industrial systems and linked to Russian cybersecurity outfit Rostelecom-Solar. CosmicEnergy was discovered after a sample was uploaded to the VirusTotal malware analysis platform in December 2021 by someone with a Russian IP address.

A new botnet called Dark Frost has been observed launching distributed denial-of-service attacks against the gaming industry. "The Dark Frost botnet, modeled after Gafgyt, QBot, Mirai, and other malware strains, has expanded to encompass hundreds of compromised devices," Akamai security researcher Allen West said in a new technical analysis shared with The Hacker News.

Zyxel has released software updates to address two critical security flaws affecting select firewall and VPN products that could be abused by remote attackers to achieve code execution. Both the flaws - CVE-2023-33009 and CVE-2023-33010 - are buffer overflow vulnerabilities and are rated 9.8 out of 10 on the CVSS scoring system.

Register Kettle If there's one thing that's more all the rage these days than this AI hype, it's warrantless spying by the Feds. As we reported this week, the FBI abused its foreign surveillance powers in a "Persistent and widespread" manner to probe protesters, political campaign donors, and others, according to a court opinion.

The double-blind password strategy, also known as "Horcruxing", "Password splitting", or "Partial passwords", involves storing the long and complex part of a password in a password manager and keeping the short unique identifier, such as a PIN code or word, to yourself. Since the password manager never knows about the abc5 portion of the password, attackers will never have the complete picture and access, even if they hack your password manager.

A hospital with 2,000 employees in the E.U. deployed Cynet protections across its environment. The hospital was in the process of upgrading several expensive imaging systems that were still supported by Windows XP and Windows 7 machines.

An unnamed government entity associated with the United Arab Emirates was targeted by a likely Iranian threat actor to breach the victim's Microsoft Exchange Server with a "Simple yet effective" backdoor dubbed PowerExchange. The custom implant achieves this by making use of the Exchange Web Services API to connect to the victim's Exchange Server and uses a mailbox on the server to send and receive encoded commands from its operator.