Security News > 2023 > September

According to new research from Censys, an internet intelligence platform, more than 2,000 TB of unprotected data, including full databases and documents, are currently accessible in open directories around the world. Figure A. Open directories can be found via Google Dorks, which are queries that can be used on the Google search engine to find specific content, such as open directories.

The North Korean 'Lazarus' hacking group targeted employees of an aerospace company located in Spain with fake job opportunities to hack into the corporate network using a previously unknown 'LightlessCan' backdoor. The hackers utilized their ongoing "Operation Dreamjob" campaign, which entails approaching a target over LinkedIn and engaging in a fake employee recruitment process that, at some point, required the victim to download a file.

Malicious ads served inside Microsoft Bing's artificial intelligence (AI) chatbot are being used to distribute malware when searching for popular tools. The findings come from Malwarebytes, which...

Progress Software has issued hotfixes for a critical security vulnerability (with a maximum CVSS score of 10.0) and seven other flaws in its WS_FTP Server Ad hoc Transfer Module and WS_FTP Server manager interface.The most severe flaw, CVE-2023-40044, affects all versions of the software, allowing a pre-authenticated attacker to exploit a .NET deserialization vulnerability to run remote commands.

Rather than running from the potential of this evolving technology, individual organizations should be embracing AI tools in their cyber defense strategies. As AI continues to advance, we expect to see additional applications that creatively utilize the technology - meaning that our cyber defenses will need to continually evolve as well.

VMware customers have growing concerns about the state of the virtualization software and the company behind it - ranging from rising licensing costs, ransomware vulnerabilities and a diminishing quality of support, according to VergeIO. 84% of respondents indicated that they were concerned about VMware's current and future costs, with many highlighting "Per-core" renewal quotes and licensing agreements that require a commitment to year-over-year spending increases as additional points of distress. With a rise in ransomware attacks exploiting specific VMware vulnerabilities, 77% of customers worried about their data resiliency.

Global financial crime compliance costs for financial institutions exceed $206 billion. Financial crime professionals embrace AI. While certain industries are still determining the ways in which AI and ML will bring about an influence, 71% of professionals in financial crime compliance indicate that their organizations are already enhancing data utilization through advanced analytics.

The California State Legislature passed Senate Bill 362, known as the Delete Act, to simplify the process for consumers to ask to remove their personal data gathered by data brokers. In this Help Net Security video, Dr. Chris Pierson, CEO of BlackCloak, discusses why this bill matters to CISOs.

Cisco is warning of attempted exploitation of a security flaw in its IOS Software and IOS XE Software that could permit an authenticated remote attacker to achieve remote code execution on...

Despite the economic uncertainty and inflation, security budgets generally continued to rise but at a lower rate than prior years, according to new research from IANS and Artico Search. Respondents reported an average security budget increase of 6%, a significant decrease from the 17% increase in the previous budget cycle and marks a 65% reduction in growth.