Security News > 2023 > August

In this Help Net Security interview, Kevin Valk, co-CEO at Codean, discusses the consequences of relying solely on automated tools for software security. He explains how these tools can complement human knowledge to enhance software security analysis and emphasizes the need for the security industry to prioritize the symbiotic relationship between humans and machines.

ChatGPT has attracted hundreds of millions of users and was initially praised for its transformative potential. Concerns for safety controls and unpredictability have landed it on IT leaders' list of apps to ban in the workplace.

"The most effective CISOs stay apprised of existing and emerging risks so they can provide leadership with context around the most significant threats facing the business, to influence investments and risk decisions accordingly." 63% of top-performing CISOs proactively engage in securing emerging technologies like artificial intelligence, machine learning and blockchain, compared with just 38% of bottom-performing CISOs.

After more than 15 years in the wild, the Qakbot botnet, a zombie network of over 700,000 computers worldwide, is hanging on the FBI's trophy wall for now. A multinational action called Operation "Duck Hunt" - led by the FBI, the Department of Justice, the National Cybersecurity Alliance, Europol, and crime officials in France, Germany, the Netherlands, Romania, Latvia and the U.K. - was able to gain access to the Qakbot network and shut down the malicious botnet, which has affected 700,000 computers worldwide.

American entertainment giant Paramount Global disclosed a data breach after its systems got hacked and attackers gained access to personally identifiable information.Paramount said in breach notification letters signed by Nickelodeon Animation Studio EVP Brian Keane sent to affected individuals that the attackers had access to its systems between May and June 2023.

Nearly a third of organizations compromised by Chinese cyberspies via a critical bug in some Barracuda Email Security Gateways were government units, according to Mandiant. Mandiant continues to recommend people dump and replace their at-risk Barracuda equipment.

Microsoft will soon allow users in the European Union, as well as from Iceland, Liechtenstein, and Norway, to once again open all links in Windows using their default web browser rather than forcing the use of Microsoft Edge. As the company said when it released Windows 11 Insider Preview Build 23531 to the Dev Channel on Friday, links in Windows systems apps will no longer open using Microsoft Edge, ignoring the users' browser of choice.

Apple announced today that iOS security researchers can now apply for a Security Research Device by the end of October. The company added that iPhones provided through the Security Research Device Program should only be used by authorized people and never leave the premises of the security research facility.

All-in-One WP Migration, a popular data migration plugin for WordPress sites with 5 million active installations, suffers from unauthenticated access token manipulation that could allow attackers to access sensitive site information. All-in-One WP Migration is a user-friendly WordPress site migration tool for non-technical and inexperienced users, allowing seamless exports of databases, media, plugins, and themes into a single archive that is easy to restore on a new destination.

A controversial United Nations proposal has a new foe, Microsoft, which has joined the growing number of organizations warning delegates that the draft version of the UN cybercrime treaty only succeeds in justifying state surveillance - not stopping criminals, as originally intended. "The risk is that the treaty will not be a tool for prosecuting criminals but rather a weapon that allows for intrusive data access and surveillance instruments," she wrote in a LinkedIn post.