Security News > 2023 > July

Cisco warned customers today of a high-severity vulnerability impacting some data center switch models and allowing attackers to tamper with encrypted traffic.Tracked as CVE-2023-20185, the flaw was found during internal security testing in the ACI Multi-Site CloudSec encryption feature of data center Cisco Nexus 9000 Series Fabric Switches.

As a caution, the company has invalidated existing admin API keys to protect its customer organizations. The reader in question is among JumpCloud customers who received an email today from the firm stating that existing admin API keys had been invalidated while JumpCloud investigates an "Ongoing incident."

Google has released the monthly security updates for Android operating system, which comes with fixes for 46 vulnerabilities. Three of the issues are likely actively exploited in the wild.

Security researchers are warning that tens of thousands of photovoltaic monitoring and diagnostic systems are reachable over the public web, making them potential targets for hackers. These systems are used for remote performance monitoring, troubleshooting, system optimization, and other functions to allow remote management of renewable energy production units.

Review and manage your consent Here's an overview of our use of cookies, similar technologies and how to manage them. Believing that it was safe to do so, she whispered the secret into a hole in the ground only to hear it broadcast far and wide.

A suspected senior member of a French-speaking hacking crew known as OPERA1ER has been arrested as part of an international law enforcement operation codenamed Nervone, Interpol has announced. "The group is believed to have stolen an estimated USD 11 million - potentially as much as 30 million - in more than 30 attacks across 15 countries in Africa, Asia, and Latin America," the agency said.

Microsoft is again pushing a Defender Antivirus update that fixes a known issue triggering Windows Security warnings that Local Security Authority Protection is off. Microsoft acknowledged this issue impacts Windows 11 21H2 and 22H2 systems after numerous user reports about "Local Security Authority protection is off. Your device may be vulnerable." warnings, although LSA Protection was already enabled.

Technical information has emerged for a serious vulnerability affecting multiple Linux kernel versions that could be triggered with "Minimal capabilities." The security issue is being referred to as StackRot and can be used to compromise the kernel and elevate privileges. StackRot impacts all kernel configurations on Linux versions 6.1 through 6.4.

How can organizations transition from a reactive, "Tick-box" mindset to a proactive culture of continuous cyber improvement? This question is central to increasing cyber resilience. So the key question is: How can organizations start building an effective culture of continuous cyber improvement? It all starts with emphasizing real-time security practices.

In this Help Net Security interview, Nadir Izrael, co-founder & CTO of Armis, discusses the global efforts and variations in promoting responsible AI, as well as the necessary measures to ensure responsible AI innovation in the United States. What are your initial impressions of the Biden-Harris Administration's efforts to advance responsible AI? Are they on the right track in managing the risks associated with AI? The effort to address the issue of responsible AI is a proactive step in the right direction.