Security News > 2023 > September

Linux is a powerful and customizable operating system that has been the backbone of many businesses for decades. This policy from TechRepublic Premium provides guidelines for securing Linux on...

The attackers' goal was to hijack highly-privileged Okta Super Administrator accounts to access and abuse identity federation features that allowed impersonating users from the compromised organization. After a successful compromise of a Super Admin account, the threat actor used anonymizing proxy services, a fresh IP address, and a new device.

The risk of running obsolete code and hardware was highlighted after attackers exfiltrated data from a UK supplier of high-security fencing for military bases. The initial entry point? A Windows 7 PC. While the supplier, Wolverhampton-based Zaun, said it believed that no classified information was downloaded, reports indicated that attackers were able to obtain data that could be used to gain access to some of the UK's most sensitive military and research sites.

Microsoft has reminded users that TLS 1.0 and 1.1 will soon be disabled by default in Windows. SQL Server 2008 R2 finally dropped out of Extended Security Updates in July, although Microsoft has published instructions for adding TLS 1.2 support.

An unknown threat actor has been observed weaponizing high-severity security flaws in the MinIO high-performance object storage system to achieve unauthorized code execution on affected servers. Cybersecurity and incident response firm Security Joes said the intrusion leveraged a publicly available exploit chain to backdoor the MinIO instance.

The threat posed by DDoS attacks is very much on the rise. Some industry watchers reckon that the volume of these attacks grew by up to 300 percent in 2023, and the risk to businesses is huge.

"Based on your consent, we may collect and use your biometric information for safety, security, and identification purposes," the company said. The social media behemoth told Bloomberg, which first reported the development, that the change is limited to premium users and that a biometric matching process "Will also help X fight impersonation attempts and make the platform more secure."

Nearly four weeks after the Police Service of Northern Ireland published data on 10,000 employees in a botched response to a Freedom of Information request, another two men, aged 21 and 22, have been released on bail after being arrested under the Terrorism Act. On August 8, it mistakenly published a spreadsheet with the details of every serving Northern Ireland police officer online in response to a Freedom of Information request at the beginning of August.

Unlike General AI, Narrow AI is a specialized form of AI that is tuned for very specific tasks. In cybersecurity, Narrow AI can analyze activity data and logs, searching for anomalies or signs of an attack.

"And with businesses now leveraging the reach of social media for advertising, attackers have a new, highly-lucrative type of attack to add to their arsenal - hijacking business accounts." Cyber attacks targeting Meta Business and Facebook accounts have gained popularity over the past year, courtesy of activity clusters such as Ducktail and NodeStealer that are known to raid businesses and individuals operating on Facebook.