Security News > 2023 > September

Digital information exchange can be safer, cheaper and more environmentally friendly with the help of a new type of random number generator for encryption developed at Linköping University. Experimental setup of the quantum random number generator.

Implementing a robust backup strategy for safeguarding crucial business data is more essential than ever. Without such a plan, organizations risk paying ransoms and incurring expenses related to investigations and lost productivity.

69% of organizations in the education sector suffered a cyberattack within the last 12 months, according to Netwrix. What's more, 3 out of 4 attacks in the education sector were associated with a compromised on-premises user or admin account, compared to 48% for other sectors.

This lack of ESG program readiness raises the risk of reporting incomplete or incorrect data and leaves organizations unprepared to maintain compliance with future regulations, including the forthcoming ESG rules from the Securities and Exchange Commission. Over 75% of respondents said they currently collect evidence for ESG metrics, and 26% reported that they plan to begin performing internal ESG audits in the next year.

Vladislav Klyushin, the Russian owner of security penetration testing firm M-13, was jailed for nine years in the US on Thursday, for his involvement in a cyber-crime operation that stole top corporations' confidential financial information to make $93 million through insider trading. His alleged Russian co-conspirators, Ivan Ermakov and Nikolai Rumiantcev, remain at large.

Microsoft is rolling out a new version of the Paint application on Windows 11 Insider builds that can remove the background from any picture with the click of a button. You can see a demonstration of the background removal below using the Windows wallpaper.

Top admin, HR managers, devs go on transatlantic deny-list The US and UK governments named and sanctioned 11 Russians said to be connected to the notorious Trickbot cybercrime crew this week.…

The U.S. Cybersecurity and Infrastructure Security Agency has added to its catalog of known exploited vulnerabilities a critical-severity issue tracked as CVE-2023-33246 that affects Apache's RocketMQ distributed messaging and streaming platform. CISA is warning federal agencies that they should patch the CVE-2023-33246 vulnerability for Apache RocketMQ installations on their systems by September 27.

State-backed hacking groups have breached a U.S. aeronautical organization using exploits targeting critical Zoho ManageEngine and Fortinet vulnerabilities, a joint advisory published by CISA, the FBI, and the United States Cyber Command revealed on Thursday. CISA was part of the incident response between February and April and said the hacking groups had been in the compromised aviation organization's network since at least January after hacking an Internet-exposed server running Zoho ManageEngine ServiceDesk Plus and a Fortinet firewall.

State-backed hacking groups have breached a U.S. aeronautical organization using exploits targeting critical Zoho and Fortinet vulnerabilities, a joint advisory published by CISA, the FBI, and the United States Cyber Command revealed on Thursday. CISA was part of the incident response between February and April and said the hacking groups had been in the compromised aviation organization's network since at least January after hacking an Internet-exposed server running Zoho ManageEngine ServiceDesk Plus and a Fortinet firewall.