Security News > 2023 > July

Details have emerged about a now-patched flaw in OpenSSH that could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions."This vulnerability allows a remote attacker to potentially execute arbitrary commands on vulnerable OpenSSH's forwarded ssh-agent," Saeed Abbasi, manager of vulnerability research at Qualys, said in an analysis last week.

IBM released its annual Cost of a Data Breach Report, showing the global average cost of a data breach reached $4.45 million in 2023 - an all-time high for the report and a 15% increase over the last 3 years. Data breaches disclosed by the attacker cost nearly $1 million more on average compared to studied organizations that identified the breach themselves.

Cybersecurity researchers said they have discovered what they say is the first open-source software supply chain attacks specifically targeting the banking sector. "These attacks showcased advanced techniques, including targeting specific components in web assets of the victim bank by attaching malicious functionalities to it," Checkmarx said in a report published last week.

In this Help Net Security interview, Debbie Gordon, CEO of Cloud Range explains the concept of a cyber range, its crucial role in preparing for real-world cyber threats, and the importance of realism in cyber training scenarios. Gordon also discusses how cyber ranges facilitate the identification of vulnerabilities and provides advice on maximizing the benefits of cyber range training.

Infosec in brief A security weakness in Google Cloud Build could have allowed attackers to tamper with organizations' code repositories and application images, according to Orca Security researchers. The issue, as Google describes it, is more about poorly defined permissions.

Data breach costs rose to $4.45 million per incident in 2023, IBM found in its annual Cost of a Data Breach report. Average data breach cost rose to $4.45 million per incident.

In this Help Net Security video, Marc Gaffan, CEO at IONIX, discusses how businesses' biggest cybersecurity mistake is not protecting the full external attack surface that continues to expand to include a businesses' entire digital supply chain. This is driven by third-party vendors, cloud, shadow IT, and managed services like SaaS applications.

Digital identity plays a vital role in enabling digital interactions, safeguarding privacy, and facilitating seamless transactions in the digital realm. The next advanced digital progression involves linking a person's real identity with the physical government ID, enabling individuals to verify their identity through a mobile device from any location.

The report found that consumers and businesses alike are keeping fraud and security top of mind amid uncertain economic conditions with nearly two-thirds of people surveyed reporting they're very or somewhat concerned with online security. Just over half of businesses report a high level of concern about fraud risk with leading areas including transaction fraud, cybercrime and identity theft.

This article will explore Windows 11 23H2 features, from dynamic lighting to Windows Copilot upgrades. Microsoft has unveiled the Windows Copilot, the first AI assistant unified within a PC platform, in its latest Windows 11 23H2 update.