Security News > 2023 > August

In this Help Net Security video, Andy Hornegold, Product Lead at Intruder, dives into API security and explores how several recent high-profile breaches were caused by simple failings - which didn't require sophisticated security to prevent. The number of APIs is increasing year on year as more organizations are building APIs to facilitate automation.

Open-Source Intelligence refers to gathering, assessing, and interpreting public information to address specific intelligence queries. The OWASP Amass project performs network mapping of attack surfaces and external asset discovery using open-source information gathering and active reconnaissance techniques.

A critical authentication bypass bug in MobileIron Sentry has been exploited in the wild, its maker Ivanti said in an advisory on Monday. This vulnerability, tracked as CVE-2023-38035, is a 9.8-of-10 flaw in terms of CVSS severity, and strictly speaking lies within Ivanti Sentry, formerly known as MobileIron Sentry.

With America outspending the rest of the world on space technologies, those systems and their blueprints are a highly alluring and lucrative target for sticky-fingered spies, Uncle Sam has reminded industry. In a joint alert on Friday, America's National Counterintelligence and Security Center, the FBI, and the US Air Force warned that "Foreign intelligence entities" are poking around for security holes in commercial space tech, and their efforts to exploit these systems pose a risk to US national and economic security.

Researchers from Italy and the UK have discovered four vulnerabilities in the TP-Link Tapo L530E smart bulb and TP-Link's Tapo app, which could allow attackers to steal their target's WiFi password. TP-link Tapo is a smart device management app with 10 million installations on Google Play.

That's because "Fake airplane" mode doesn't itelf snoop on or try to steal private data belonging to other apps, but works simply by showing you what you hope to see, namely visual clues that imply that your device is offline even when it isn't. You can imagine that determined scammers, cryptoconfidence tricksters and spyware peddlers might be keen to find a way to hide "Fake airplane" treachery in otherwise unexceptionable looking apps in order to make it through the App Store verification process.

A legitimate-looking ad for Amazon in Google search results redirects visitors to a Microsoft Defender tech support scam that locks up their browser. Clicking on the Google ad will redirect the person to a tech support scam pretending to be an alert from Microsoft Defender stating that you are infected with the ads(exe).

The incident, Tesla disclosed in a data breach notification with the state of Maine and accompanying letter [PDF] to those affected, was the fault of two Tesla employees whom it alleged stole the info before sharing it with German business news outlet Handelsblatt. The 100GB of data it received from the leakers, which Handelsblatt has dubbed the "Tesla files," includes an "Abundance" of customer data, and PII for more than 100,000 Tesla employees - including Elon Musk.

Cisco-owned multi-factor authentication provider Duo Security is investigating an ongoing outage that has been causing authentication failures and errors starting three hours ago. The outage also led to Core Authentication Service issues across multiple Duo servers, triggering Azure Auth authentication errors for Azure Conditional Access integrations in a systemwide outage.

TechRepublic Premium Wearable Device Policy Wearable devices are becoming more common as a result of technological advancements and new capabilities. These devices may exist in the form of clothing, watches or eyewear and can serve as standalone gadgets or may link to another device such as a smartphone, tablet or laptop.