Security News > 2023 > July

A phishing campaign that security researchers named SmugX and attributed to a Chinese threat actor has been targeting embassies and foreign affairs ministries in the UK, France, Sweden, Ukraine, Czech, Hungary, and Slovakia, since December 2022. The lures used in the SmugX campaign betray the threat actor's target profile and indicates espionage as the likely objective of the campaign.

This policy from TechRepublic Premium provides guidelines to safeguard company information, reduce business and legal risks and protect company investments and reputation. Its adjunct policy, the Network security policy, covers the systems and devices that transport and store data.

TechRepublic Premium Essential Travel Tips for Business Pros Business travel can be stressful and exhausting, but seasoned road warriors know a thing or two about minimizing the hassles and making trips go smoothly. This guide rounds up advice from professionals who travel regularly on business.

It's an awkward Monday for Dublin Airport after pay and benefits details for some 2,000 staff were apparently "Compromised" following a recent attack on professional service provider Aon. Victims of the criminals exploiting the MOVEit flaws include multiple US government agencies, Ofcom, the BBC, British Airways and Aer Lingus.

Microsoft's Edge browser has recently enhanced its 'Edge Secure Network' feature, which now offers 5GB of data, significantly increasing from the previously offered 1GB. The Edge Secure Network uses Cloudflare's routing to encrypt your internet connection and secure your data against online threats, such as hacking attempts.Importantly, Microsoft ensures the user's Microsoft account identity is not shared with the service provider during a Secure Network connection.

In this TechRepublic How to Make Tech Work tutorial, Jack Wallen shows you how to add the Docker Scout feature to the Docker CLI. You might have heard of Docker Scout, which is an image analyzer that ships with Docker Desktop. This tool makes it easy for developers to view vulnerabilities found in Docker images.

A Chinese nation-state group has been observed targeting Foreign Affairs ministries and embassies in Europe using HTML smuggling techniques to deliver the PlugX remote access trojan on compromised systems. "The campaign uses new delivery methods to deploy a new variant of PlugX, an implant commonly associated with a wide variety of Chinese threat actors," Check Point said.

Hundreds of thousands of FortiGate firewalls are vulnerable to a critical security issue identified as CVE-2023-27997, almost a month after Fortinet released an update that addresses the problem.CVE-2023-27997 is exploitable and allows an unauthenticated attacker to execute code remotely on vulnerable devices with the SSL VPN interface exposed on the web.

While security cameras are commonplace in American cities, self-driving cars represent a new level of access for law enforcement and a new method for encroachment on privacy, advocates say. Crisscrossing the city on their routes, self-driving cars capture a wider swath of footage.

The U.S. Cybersecurity and Infrastructure Security Agency has placed a set of eight flaws to the Known Exploited Vulnerabilities catalog, based on evidence of active exploitation. This includes six shortcomings affecting Samsung smartphones and two vulnerabilities impacting D-Link devices.