Security News > 2023 > September

Identity services provider Okta on Friday warned of social engineering attacks orchestrated by threat actors to obtain elevated administrator permissions. "In recent weeks, multiple US-based Okta customers have reported a consistent pattern of social engineering attacks against IT service desk personnel, in which the caller's strategy was to convince service desk personnel to reset all multi-factor authentication factors enrolled by highly privileged users," the company said.

Microsoft announced today that it will deprecate WordPad with a future Windows update as it's no longer under active development, though the company did not specify the precise timing of this change. "We recommend Microsoft Word for rich text documents like.doc and.rtf and Windows Notepad for plain text documents like.txt."

The transparent squid is a genetically altered version of the hummingbird bobtail squid, a species usually found in the tropical waters from Indonesia to China and Japan. Like other cephalopods, it has a relatively large and sophisticated brain.

Proof-of-concept exploit code has been released for a critical SSH authentication bypass vulnerability in VMware's Aria Operations for Networks analysis tool.Today, VMware confirmed that CVE-2023-34039 exploit code has been published online, two days after disclosing the critical security bug.

Customers of cloudy identification vendor Okta are reporting social engineering attacks targeting their IT service desks in attempts to compromise user accounts with administrator permissions. "We don't have visibility into which customers were targeted, but we know that four customers were affected within the three-week period since we've begun tracking these activities," he told The Register.

Microsoft has reminded customers that systems running Windows 11 21H2 will be force-updated before the end of servicing next month. Since Windows 11 21H2 devices will no longer receive security updates starting October 10, 2023, they will be updated to Windows 11 22H2 to continue receiving the latest updates, security updates, and improvements.

The National Cyber Security Centre provides details on prompt injection and data poisoning attacks so organizations using machine-learning models can mitigate the risks. Large language models used in artificial intelligence, such as ChatGPT or Google Bard, are prone to different cybersecurity attacks, in particular prompt injection and data poisoning.

Microsoft has announced it is retiring Visual Studio for Mac and that support for the latest version, 17.6, will continue for another year, until August 31, 2024. NET Core, and the support for Android and iOS app writing through Xamarin made Visual Studio for Mac a versatile choice for developers.

Enterprise accounting software is designed for large companies and businesses. Here are the top eight enterprise accounting software suites.

Threat actors are exploiting poorly secured Microsoft SQL servers to deliver Cobalt Strike and a ransomware strain called FreeWorld. "The ransomware payload of choice appears to be a newer variant of Mimic ransomware called FreeWorld."