Security News > 2023 > August

Password security remains highly relevant even as cybersecurity strategies move toward a passwordless future. Of the 100 Black Hat USA 2023 attendees Delinea polled, 54% said passwordless is a viable concept, while 79% agreed that passwords are evolving or becoming obsolete.

The future of telecommunication was also a hot topic at the premier VON: Evolution Africa event, the first to take place in Africa in its 26-year history. Cybertech Africa in Rwanda included an exciting exhibition of innovative cyber companies and startups, with three of those startups selected to pitch their ideas to the audience, and more hoping for the chance to present.

The Clorox Company has some cleaning up to do as some of its IT systems remain offline and operations "Temporarily impaired" following a security breach.Upon detection, we immediately took steps to stop the activity and took certain systems offline.

Two stack-based buffer overflows collectively tracked as CVE-2023-32560 impact Ivanti Avalanche, an enterprise mobility management solution designed to manage, monitor, and secure a wide range of mobile devices. The flaws are rated critical and are remotely exploitable without user authentication, potentially allowing attackers to execute arbitrary code on the target system.

LinkedIn is being targeted in a wave of account hacks resulting in many accounts being locked out for security reasons or ultimately hijacked by attackers. As reported today by Cyberint, many LinkedIn users have been complaining about the account takeovers or lockouts and an inability to resolve the problems through LinkedIn support.

Ironically, perhaps, bank cash machines, better known as ATMs, make a perfect location for card skimming equipment. ATMs almost always grab onto your card mechanically and draw it right into the machine, out of sight and reach.

A threat actor has compromised close to 2,000 thousand Citrix NetScaler servers in a massive campaign exploiting the critical-severity remote code execution tracked as CVE-2023-3519. Security researchers at cybersecurity company Fox-IT and the Dutch Institute of Vulnerability Disclosure have discovered a large-scale campaign that planted webshells on Citrix Netscaler servers vulnerable to CVE-2023-3519.

Threat actors' use of Cloudflare R2 to host phishing pages has witnessed a 61-fold increase over the past six months. "The majority of the phishing campaigns target Microsoft login credentials, although there are some pages targeting Adobe, Dropbox, and other cloud apps," Netskope security researcher Jan Michael said.

Is your organization constantly under threat from credential phishing? Even with comprehensive security awareness training, many employees still fall victim to credential phishing scams. What if you could outsmart these criminals and protect your organization?

With Microsoft Defender for Cloud, cloud security posture management features are now available for Google Cloud Platform, as well as AWS and Azure. Almost 90% of enterprises use more than one public cloud provider, according to Flexera's 2023 State of the Cloud survey.