Security News > 2023 > August

The open source project has recently announced a secure communications framework, designed for decentralized peer-to-peer use through a multi-hop mesh routing system that combines strong encryption with untraceability. This same state is, of course, the one demanding that to "Protect children," it should get access to whatever encrypted citizen communication it likes via the Online Safety Bill, which is now rumored to be going through British Parliament in October.

The threat actors behind the HiatusRAT malware have returned from their hiatus with a new wave of reconnaissance and targeting activity aimed at Taiwan-based organizations and a U.S. military procurement system. Besides recompiling malware samples for different architectures, the artifacts are said to have been hosted on new virtual private servers, Lumen Black Lotus Labs said in a report published last week.

While the CRA doesn't demand companies forward an exploited vulnerability's full technical specifications to ENISA, it does require companies to report on a vulnerability "With details"-and these details could be more than enough to attract the attention of a savvy attacker. As the CERT Guide to Coordinated Vulnerability Disclosure puts it: "Mere knowledge of a vulnerability's existence in a feature of some product is sufficient for a skillful person to discover it for themselves."

He discusses the role of Network Detection and Response solutions that leverage machine learning algorithms to improve threat detection and streamline incident response. Effective threat detection requires comprehensive visibility into network activities and the ability to constantly monitor events in the network.

Infosec in brief Someone at Microsoft has some explaining to do after a messed up DNS record caused emails sent from Hotmail accounts Microsoft Outlook Hotmail accounts to be rejected and directed to spam folders overnight beginning Thursday. Microsoft support forum advisors confirmed that the issue was known, which was further confirmed by a look at the Office service status page.

To counteract new and emerging threat methods enhanced by artificial intelligence, specialized email security vendors are leveraging a synergy of AI and human insights to enhance email security, according to IRONSCALES and Osterman Research. Over 74% of respondents have experienced an increase in the use of AI by cybercriminals in the past six months, and over 85% believe that AI will be used to circumvent their existing email security technologies.

In its upcoming 23H2 release slated for fall, one of the standout features that has caught the eye of many is the 'never combine mode' for the taskbar. Previously, Windows 10 users will recall the ability to keep icons on the taskbar separate, which can be especially helpful when juggling multiple windows from the same app.

Google is testing a new feature in the Chrome browser that will warn users when an installed extension has been removed from the Chrome Web Store, usually indicative of it being malware. The problem is that these extensions are churned out quickly, with the developers releasing new ones just as Google removes old ones from the Chrome Web Store.

The Cuba ransomware gang was observed in attacks targeting critical infrastructure organizations in the United States and IT firms in Latin America, using a combination of old and new tools. BlackBerry's Threat Research and Intelligence team, which spotted the latest campaign in early June 2023, reports that Cuba now leverages CVE-2023-27532 to steal credentials from configuration files.

How CISOs break down complex security challengesIn this Help Net Security interview, Kevin Paige, CISO at Uptycs, provides insights into how he navigates the complex cybersecurity landscape, striking a balance between technical expertise, effective communication, risk management, and adaptive leadership. Reinventing OT security for dynamic landscapesFrom understanding the challenges of disparate OT protocols and the increasing convergence with IT to grappling with the monumental role of human error, our latest interview with Rohit Bohara, CTO at asvin, delves deep into the landscape of OT security.