Security News > 2023 > June

We'll examine the impact of the shifting role of data centers on network strategies, the implementation of a zero-trust security framework, and how 5G networks might further decentralize workplaces. Historically businesses have relied on remote access VPNs to allow remote employees to access applications and services on their corporate network.

The U.S. Cybersecurity and Infrastructure Security Agency has added a recently patched critical security flaw in Zyxel gear to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation. Federal agencies in the U.S. are mandated to update their devices by June 21, 2023.

WordPress has issued an automatic update to address a critical flaw in the Jetpack plugin that's installed on over five million sites.The vulnerability, which was unearthed during an internal security audit, resides in an API present in the plugin since version 2.0, which was released in November 2012.

An essential aspect of organizational operations is effectively responding to and returning from a disruptive event, commonly called disaster recovery. The primary objective of DR techniques is to restore the utilization of crucial systems and IT infrastructure following a disaster.

Ransomware has become an ever-present threat to individuals, businesses, and even entire nations. In this Help Net Security round-up, we present parts of previously recorded videos from experts in the field that shed light on the pressing ransomware issues.

A 25% increase in the use of phishing kits has been recorded in 2022, according to Group-IB. The key phishing trends observed are the increasing use of access control and advanced detection evasion techniques. The rise in evasive tactics, such as antibot techniques and randomization, poses a significant challenge for conventional detection systems and extends the lifespan of phishing campaigns.

Veza has unveiled Veza for SaaS Apps, a solution to deliver access security and governance across SaaS applications, including Salesforce, JIRA, Coupa, Netsuite, GitHub, Gitlab, Slack, and Bitbucket. The solution allows customers to automate access reviews, find and fix privilege access violations, trim privilege sprawl, and prevent SaaS misconfigurations.

So says Singapore-based security outfit Group-IB, which claims Dark Pink has been active since mid-2021, primarily focused on victims in the Asia-Pacific region - but that appears to be changing. Group-IB's researchers say they've identified five new Dark Pink victims since their January 2023 research on the threat group, bringing the criminals' victim list to 13.