Security News > 2023 > May

In September 2023, Google Chrome will stop showing the lock icon when a site loads over HTTPS, partly due to the now ubiquitous use of the protocol. "We redesigned the lock icon in 2016 after our research showed that many users misunderstood what the icon conveyed. Despite our best efforts, our research in 2021 showed that only 11% of study participants correctly understood the precise meaning of the lock icon," the team explained.

T-Mobile has revealed a second data breach that occurred in 2023, which reportedly exposed customer data and account PINs, leaving many T-Mobile users vulnerable to potential fraud and identity theft."In March 2023, the measures we have in place to alert us to unauthorized activity worked as designed and we were able to determine that a bad actor gained access to limited information from a small number of T-Mobile accounts between late February and March 2023," T-Mobile explained in a letter to customers affected by the breach.

iAPX May 3, 2023 6:37 AM. "Unusual traffic" is suspect traffic, that's why traffic is monitored and everything "Unusual" is logged to be audited if not immediately launching an alarm! If they couldn't have a good network hygiene when evaluating a new solution, there are few chances they do it for production systems where it's more complex with a lot more traffic.

Apple and Google have teamed up to work on a draft industry-wide specification that's designed to tackle safety risks and alert users when they are being tracked without their knowledge or permission using devices like AirTags. "The first-of-its-kind specification will allow Bluetooth location-tracking devices to be compatible with unauthorized tracking detection and alerts across Android and iOS platforms," the companies said in a joint statement.

Threat actors are actively exploiting an unpatched five-year-old flaw impacting TBK digital video recording devices, according to an advisory issued by Fortinet FortiGuard Labs. The vulnerability in question is CVE-2018-9995, a critical authentication bypass issue that could be exploited by remote actors to gain elevated permissions.

The U.S. Cybersecurity and Infrastructure Security Agency on Tuesday released an Industrial Control Systems advisory about a critical flaw affecting ME RTU remote terminal units. The security vulnerability, tracked as CVE-2023-2131, has received the highest severity rating of 10.0 on the CVSS scoring system for its low attack complexity.

DDoS: DDoS attacks request a huge number of connections, to exhausts resources and potentially lead to a crash as the attack overwhelms both APIs and the backend systems that supply data to the APIs. Man in the middle attacks: MITM attacks occur when an outsider discreetly positions themself in a conversation between a user and an API endpoint, eavesdropping or impersonating one of the parties in a bid to steal or modify private data.

Security teams must adopt automation and incorporate security measures into code to keep up with the quickly evolving software development. Tython allows security teams to build custom security reference architectures and design patterns as code.

On average, five out of every 1,000 enterprise users attempted to download malware in Q1 2023, and new malware families and variants represented 72% of those malware downloads. As the top two malware types, Trojans accounted for 60% of malware downloads in Q1 and phishing downloads accounted for 13%. Evaluation of primary communication channels for attackers.

Sponsored Post The importance of certifications such as the GIAC has never been greater for infosec professionals. With GIAC Certification Categories and GIAC Certification Portfolios, they now have multiple ways in which to demonstrate their knowledge and expertise and earn industry-recognised certifications.