Security News > 2023 > September

If you got snubbed by the object of your affections on dating app Coffee Meets Bagel in late August, don't feel bad, the company says its systems were down due to cyber baddies. Access to the service was finally restored on September 3 after the "Team spent days working around the clock to rebuild our system from online backups so that daters could securely get back online."

This vendor comparison guide from TechRepublic Premium provides advice you can follow as you make decisions regarding how you will deploy a home security system. The accompanying comparison tool will document your research and provide an organized way to make the best decisions for your home.

This article examines how small and medium-sized enterprises can use Wazuh to improve their cybersecurity. As an open source security platform, Wazuh allows SMEs to take advantage of its large and active community.

Google has rolled out monthly security patches for Android to address a number of flaws, including a zero-day bug that it said may have been exploited in the wild. Tracked as CVE-2023-35674, the high-severity vulnerability is described as a case of privilege escalation impacting the Android Framework.

A recently flagged phishing campaign aimed at delivering the Agent Tesla RAT to unsuspecting users takes advantage of old vulnerabilities in Microsoft Office that allow remote code execution. "Despite fixes for CVE-2017-11882/CVE-2018-0802 being released by Microsoft in November, 2017 and January, 2018, this vulnerability remains popular amongst threat actors, suggesting there are still unpatched devices in the wild, even after over five years," says Fortinet researcher Xiaopeng Zhang.

The Iranian threat actor tracked as APT34 has been linked to a new phishing attack that leads to the deployment of a variant of a backdoor called SideTwist. "APT34 has a high level of attack technology, can design different intrusion methods for different types of targets, and has supply chain attack capability," NSFOCUS Security Labs said in a report published last week.

Toyota says a recent disruption of operations in Japan-based production plants was caused by its database servers running out of storage space. On August 29th, it was reported that Toyota had to halt operations on 12 of its 14 Japan-based car assembly plants due to an undefined system malfunction.

Meatbag errors are keeping CISOs awake at night, according to Proofpoint's "Cybersecurity: The 2023 Board Perspective" report, with 78 percent tapping it as the most significant risk. Global board members remained jittery - researchers found 73 percent felt at risk of cyber-attack.

A cyberattack campaign is targeting exposed Microsoft SQL databases, aiming to deliver ransomware and Cobalt Strike payloads. The attackers target exposed MS SQL servers by brute-forcing access credentials.

The role of the CISO keeps taking center stage as a business enabler: CISOs need to navigate the complex landscape of digital threats while fostering innovation and ensuring business continuity. Three CISOs; Troy Wilkinson, CISO at IPG; Rob Geurtsen, former Deputy CISO at Nike; and Tammy Moskites, Founder of CyAlliance and former CISO at companies like Warner Brothers and Home Depot - shared their perspectives on how to run an effective SOC in 2023.