Security News > 2023 > May

Addigy, makers of mobile device management software MDM Watchdog, released a report today stating that Apple Rapid Security Response updates are not being deployed in about 25% of macOS devices within managed environments. These updates deliver essential security patches between regular software updates and ensure the swift delivery of security updates to devices that run on iOS, iPadOS and macOS. While this strategy is billed to surpass the traditional software update process in terms of speed and efficiency, Addigy has found an unusual scenario that calls for concern.

Spearphishing is a sliver of all email exploits, but the extent to which it succeeds is revealed in a new study from cybersecurity firm Barracuda Network, which analyzed 50 billion emails across 3.5 million mailboxes in 2022, unearthing around 30 million spearphishing emails. The survey queried companies about damages they experienced as a result of email attacks.

Microsoft has released the Windows 11 22H2 KB5026446 update, aka 'Moment 3,' bringing quite a few new and long-awaited features to the operating system. The KB5026446 update is a monthly preview update allowing users to test upcoming fixes and features that will be installed as part of the following month's mandatory Patch Tuesday.

Microsoft has released the optional KB5026435 Preview cumulative update for Windows 10 22H2 with two new features and 18 additional fixes or changes. The KB5026435 cumulative update preview is part of Microsoft's new "Optional non-security preview release" released in the fourth week of every month, allowing admins to test upcoming fixes released on the following month's mandatory Patch Tuesday.

A suspected Iranian state-supported threat actor known as 'Agrius' is now deploying a new ransomware strain named 'Moneybird' against Israeli organizations. Check Point's researchers who discovered the new ransomware strain believe that Agrius developed it to help expand their operations, while the use of 'Moneybird' is yet another one of the threat group's attempts to cover their tracks.

Barracuda, a company known for its email and network security solutions, warned customers today that some of their Email Security Gateway appliances were breached last week by targeting a now-patched zero-day vulnerability. While the flaw was patched over the weekend, Barracuda warned on Tuesday that some of its customers' ESG appliances were compromised by exploiting the now-patched security bug.

At least eight websites associated with shipping, logistics, and financial services companies in Israel were targeted as part of a watering hole attack. Tel Aviv-based cybersecurity company ClearSky attributed the attacks with low confidence to an Iranian threat actor tracked as Tortoiseshell, which is also called Crimson Sandstorm, Imperial Kitten, and TA456.

Indiana, Iowa, and Tennessee all passed state privacy laws, bringing the total number of states with a privacy law up to eight. No private right of action in any of those, which means it's up to the states to enforce the laws.

GitHub has announced that its application security testing tools are now more widely available for subscribers of Microsoft's Azure DevOps Services. "GitHub Advanced Security for Azure DevOps can not only help you find secrets that have already been exposed in Azure Repos, but also help you prevent new exposures by blocking any pushes to Azure Repos that contain secrets," says Aaron Hallberg, Director of Product for Azure DevOps, Microsoft.

If you're involved in securing the applications your organization develops, there is no question that Static Application Security Testing solutions are an important part of a comprehensive application security strategy. With a plethora of players in the market, sometimes making competing claims, it's confusing to know what to look for when selecting a SAST solution.