Security News > 2023 > July
CISOs believe they have adequate data protection measures, yet many have dealt with the loss of sensitive data over the past year. As the economic downturn pressures security budgets, how can CISOs optimize their resources to manage cybersecurity risks effectively?
Quantum computing is poised to revolutionize the way we secure and privatize data. It can potentially disrupt our existing encryption methods, endangering sensitive data from various sources in ways even beyond what we've experienced with AI. In this Help Net Security video, Tommaso Gagliardoni, Global Practice Lead in Quantum Security at Kudelski Security, discusses quantum-based attacks.
DevSecOps, short for Development, Security, and Operations, is an approach that emphasizes the integration of security practices and principles into every stage of the software development lifecycle. It aims to bridge the gap between development teams, security teams, and operations teams, fostering collaboration and shared responsibility for the security of software applications.
Experts at Group-IB noted both an increase in the number of scams as well as the number of people engaged in scam activity, both driven by the more frequent use of social media to spread scams and the growing automation of scam processes. In the APAC region, 58% of scam resources targeting companies in seven core economic sectors used this vector, while in Europe, messengers remained the primary vector for scam activity.
While it seemed like automotive cybersecurity would never outpace these modern laptop-wielding gearheads, John Heldreth, Head of Car Security Operations at Volkswagen AG, had a different idea. Taking a unique approach, John offers another way to view cybersecurity.
CVSS 9.8 - Multiple CVEs: Siemens RUGGEDCOM ROX switches running software versions 2.16.0 or older are packed with vulnerabilities that could allow an attacker to send malformed HTTP packets to achieve MITM status and execute arbitrary code. CVSS 9.8 - Multiple CVEs: Experion's PKS, LX and PlantCruise contain a series of vulnerabilities that could cause DoS or let an attacker elevate permissions and remotely execute code.
Windows 11 23H2 is taking a step further into the world of artificial intelligence with the introduction of Windows Copilot, its centralized AI assistant. [...]
Researchers at the RWTH Aachen University in Germany published a study revealing that tens of thousands of container images hosted on Docker Hub contain confidential secrets, exposing software,...
Microsoft patches four exploited zero-days, but lags with fixes for a fifthFor July 2023 Patch Tuesday, Microsoft has delivered 130 patches; among them are four for vulnerabilites actively exploited by attackers, but no patch for CVE-2023-36884, an Office and Windows HTML RCE vulnerability exploited in targeted attacks aimed at defense and government entities in Europe and North America. Apple pushes out emergency fix for actively exploited zero-dayApple has patched an actively exploited zero-day vulnerability by releasing Rapid Security Response updates for iPhones, iPads and Macs running the latest versions of its operating systems.
Ukraine's Computer Emergency Response Team (CERT-UA) is warning that the Gamaredon hacking operates in rapid attacks, stealing data from breached systems in under an hour. [...]