Security News > 2023 > June

MITRE has released its annual list of the Top 25 "Most dangerous software weaknesses" for the year 2023. "These weaknesses lead to serious vulnerabilities in software," the U.S. Cybersecurity and Infrastructure Security Agency said.

In this Help Net Security interview, Ryan Woodley, CEO of Netcraft, discusses the importance of monitoring, collecting, and analyzing internet data to gain a profound understanding of the internet. The aim is to generate a vast, rich pool of data, which is processed using advanced algorithms and data enrichment techniques.

Fujitsu Japan is in the spotlight again for all the wrong reasons, after fumbling its attempt to fix the nation's troubled ID card scheme. One use of the cards is to arrange for administrative documents to be printed at convenience stores or government offices.

In the dynamic business landscape where third-party relationships assume a critical role, organizations confront various risks that can profoundly affect their security and compliance requirements, according to Panorays. 84% of organizations prioritize third-party security risk management, indicating a growing awareness of the potential threats posed by third-party relationships.

IT teams are struggling to monitor and enforce BYOD policies during summer months when more employees are often traveling or working remotely, according to ThreatX. With more endpoints and applications in use, and often personal rather than corporate issued, the risk to corporate data may increase. 55% of employees admit to relying solely on their mobile devices while working from vacation and holiday destinations in the summer.

One of the two men who admitted stealing more than $23 million in royalty payments for songs played on YouTube has been sentenced to nearly six years behind bars for his role in what prosecutors called "One of the largest music-royalty frauds ever." Teran pleaded guilty to conspiracy, wire fraud, and money laundering in January, following a November 2021 indictment in which a federal grand jury charged him and Batista with 30 felony counts.

Microsoft offers different Word document security solutions. Microsoft Word offers several ways to secure a document so that other people can't view or edit it.

Ransomware attacks from the 8Base group claimed the second largest number of victims over the past 30 days, says VMware. Analyzing ransomware attacks in June 2023, VMware found 8Base hit almost 80 victims over the past 30 days, second only to the LockBit 3 gang, which compromised almost 100 organizations.

Number two on MITRE's list is the less complex but still annoying cross-site scripting bug, which was key in four CVEs in the known exploited vulnerabilities catalog maintained by Uncle Sam's CISA. This bug type is a fancy form of a failure to sanitize user input. Number three - SQL injection flaws - account for four known exploited bugs in the CISA catalog.

A new report from Kaspersky reveals the top cyber threats for SMBs in 2023. The biggest cybersecurity threat to SMBs is the use of exploits by attackers; there were 483,980 detections in the five first months of 2023.