Security News > 2023 > August

In a new HiatusRAT malware campaign, threat actors have targeted a server belonging to the U.S. Department of Defense in what researchers described as a reconnaissance attack. The website's affiliation with contract proposals suggests that the attackers might be seeking publicly accessible information about military requisites or trying to find information on Defense Industrial Base-affiliated organizations.

This policy provides guidelines for the appropriate use of electronic communications. It covers topics such as privacy, confidentiality and security; ensures electronic communications resources are used for appropriate purposes; informs employees regarding the applicability of laws and company policies to electronic communications; and prevents disruptions to and misuse of company electronic communications resources, services and activities.

A New York fintech biz is set to pay $1 million in fines under a US Securities and Exchange Commission order that claims it advertised "Annualized" returns on Titan Crypto of up to 2,700 percent, a number based on a "Purely hypothetical account." Titan Global Capital Management provided investment strategies to clients and prospective clients solely through a mobile app, the SEC said.

Even if you join the Microsoft 365 Insiders Beta channel to test the new feature, there is no guarantee that Python in Excel will be available, as Microsoft is rolling it out slowly to test the feature. The new Python in Excel feature brings a new 'PY' function that allows users to embed Python code directly in a cell to be executed like any macro or regular Excel function.

How to Quickly Give Users sudo Privileges in Linux If you have users that need certain admin privileges on your Linux machines, here's a walk-through of the process for granting full or specific rights. How many times have you created a new user on a Linux machine, only to find out that new user doesn't have sudo privileges? Without the ability to use sudo, that user is limited in what they can do.

There's mounting evidence that Akira ransomware targets Cisco VPN products as an attack vector to breach corporate networks, steal, and eventually encrypt data. Akira ransomware is a relatively new ransomware operation launched in March 2023, with the group later adding a Linux encryptor to target VMware ESXi virtual machines.

So something that cons you into believing that urgent email really is from the head of your department doesn't seem at all far fetched, and that means we all have to be ever alert and super-prepared to meet a tsunami of evolving cyber security threats. Ransomware attacks fuelled by generative AI have doubled this year according to recent research.

A new State of SaaS Security Posture Management Report from SaaS cybersecurity provider AppOmni indicates that Cybersecurity, IT, and business leaders alike recognize SaaS cybersecurity as an increasingly important part of the cyber threat landscape. When asked to rate the SaaS cybersecurity maturity level of their organizations, 71% noted that their organizations' SaaS cybersecurity maturity has achieved either a mid-high level or the highest level.

Typically, Automatic License Plate Recognition technology is used to search for plates linked to specific crimes. In this case it was used to examine the driving patterns of anyone passing one of Westchester County's 480 cameras over a two-year period.

Ivanti is urging administrators of Ivanti Sentry gateways to patch a newly discovered vulnerability that could be exploited to change configuration, run system commands, or write files onto the vulnerable system. CVE-2023-38035 is an API authentication bypass flaw that may enable unauthenticated attackers to access APIs that are used to configure the Ivanti Sentry on the administrator portal/interface, which runs by default on port 8443.