Security News > 2023 > May

The Dark Pink APT hacking group continues to be very active in 2023, observed targeting government, military, and education organizations in Indonesia, Brunei, and Vietnam. Despite the previous exposure by Group-IB, Dark Pink has not shown any signs of slowing down, and the company says it identified at least five attacks perpetrated by the group following the publication of the previous report.

Offensive Security has released Kali Linux 2023.2, the latest version of its popular penetration testing and digital forensics platform.Aside from updates for existing tools, a new Kali version usually comes with new tools.

Enterprise security firm Barracuda on Tuesday disclosed that a recently patched zero-day flaw in its Email Security Gateway appliances had been abused by threat actors since October 2022 to backdoor the devices. The latest findings show that the critical vulnerability, tracked as CVE-2023-2868, has been actively exploited for at least seven months prior to its discovery.

In this Help Net Security interview, Deepika Chauhan, CPO at DigiCert, talks about the importance of maintaining high trust assurance levels for businesses in today's digital landscape. How does DigiCert define "Digital trust," and why is it essential for businesses to maintain high trust assurance levels in today's digital landscape?

In this Help Net Security video, Jason Lewkowicz, Chief Services Officer at Optiv, discusses mental health in cybersecurity, which needs more attention. There is a confluence of factors - from the cybersecurity talent shortage and reductions in force to volatile financial markets and stagnant budgets - forcing cybersecurity professionals at all levels to work beyond their standard capacity on any given day, leading to emotional stress and burnout.

"Fortinet's report shows that while OT organizations have improved their overall cybersecurity posture, they also have continued opportunity for improvement. Networking and IT teams are under extraordinary pressure to adapt and become more OT-aware, and organizations are shifting to find and employ solutions that implement security across their entire IT/OT environment to reduce their overall security risk," said John Maddison, EVP Products and CMO at Fortinet. While the number of organizations that did not incur a cybersecurity intrusion improved dramatically YoY, there is still significant room for improvement.

Only 16% of organizations avoided paying ransom because they were able to recover from backups. As far as recovery goes, the research reveals that in 93% cyber-events, criminals attempt to attack the backup repositories, resulting in 75% losing at least some of their backup repositories during the attack, and more than one-third of backup repositories being completely lost.

Just days after releasing the second - and supposedly more stable and secure - version of its decentralized finance app, Jimbos Protocol over the weekend was hit by attackers who stole stole 4,090 ETH tokens from the project worth about $7.5 million. The developers behind the Arbitrum-based app were the apparent victims of a flash loan attack and now are scrambling to track down the light-fingered coders and retrieve the lost funds.

It won't be until Slack offers E2EE as well as blocking, muting and reporting features to help protect users from harassment, they claim. "Millions of people use Slack every day to do their work, volunteer, and connect with communities online - including abortion funds and reproductive rights groups that are being targeted by anti-abortion efforts," Caitlin Seeley George, Fight for the Future's campaigns and managing director, told The Register.

Automattic, the company behind the open-source WordPress content management system, has started force installing a security patch on millions of websites today to address a critical vulnerability in the Jetpack WordPress plug-in. According to the official WordPress plug-in repository, the plug-in is maintained by Automattic, and it now has over 5 million active installations.