Security News > 2023 > October

Encrypted messaging app Signal has pushed back against "viral reports" of an alleged zero-day flaw in its software, stating it found no evidence to support the claim. "After responsible...

Modern-day attack surface management can be an intimidating task for most organizations, with assets constantly changing due to new deployments, assets being decommissioned, and ongoing migrations to cloud providers. For these reasons, attack surface management tooling must be extremely scalable and fast, balancing acceptable levels of accuracy loss to lower the overall time to find assets and detect ephemeral risks.

Signal messenger has investigated rumors spreading online over the weekend of a zero-day security vulnerability related to the 'Generate Link Previews' feature, stating that there is no evidence this vulnerability is real. After contacting Signal about the zero-day last night, they released a statement on Twitter stating that they have investigated the rumors and have found no evidence that this flaw is real.

Threat actors have been observed serving malicious code by utilizing Binance's Smart Chain (BSC) contracts in what has been described as the "next level of bulletproof hosting." The campaign,...

86% of CISOs believe generative AI will alleviate skills gaps and talent shortages on the security team, filling labor-intensive and time-consuming security functions and freeing up security professionals to be more strategic, according to Splunk. "The C-Suite and board of directors are increasingly relying on CISOs for guidance across a sophisticated threat landscape and changing market conditions," said Jason Lee, CISO, Splunk.

When it comes to the cloud, many organizations prioritize speed over spend. Spending on public cloud services is forecasted to grow 21.7% to a total of $597.3 billion in 2023, according to Gartner.

"Organizations worldwide are under mounting pressure to ensure their IoT and connected devices are protected while navigating an increasingly complex digital landscape that requires complete trust," said Ellen Boehm, SVP, IoT Strategies and Operations at Keyfactor. "The results of this survey demonstrate the importance of identity-first security for those who manufacture IoT devices and those who deploy and operate them in their environment to establish digital trust at scale. Most organizations implement PKI solutions in their IoT security strategy, which is a huge step in the right direction. However, it's clear that with 97% of organizations facing IoT security challenges, security teams are struggling to leverage their tools efficiently. Ensuring that IoT device security is managed throughout its lifecycle will go a long way in both eliminating costly certificate outages and enhancing the long-term viability of IoT within the enterprise," added Boehm.

Modern compliance programs represent a strategic shift in how companies approach regulatory and ethical obligations. They are designed to not only mitigate risks and avoid legal repercussions but also to enhance an organization's reputation, foster a culture of integrity, and ultimately drive sustainable success.

Infosec in brief The fallout from the exploitation of bugs in Progress Software's MOVEit file transfer software continues, with the US Securities and Exchange Commission now investigating the matter, and lots of affected parties seeking compensation. Per the disclosure, it received a subpoena from the SEC on October 2, in which the Commission asked for "Various documents and information relating to the MOVEit Vulnerability."

The EU General Data Protection Regulation is a comprehensive set of rules designed to keep the personal data of all EU citizens collected by any organization, enterprise or business safe from unauthorized access or use. Failure to do so, would be a costly oversight on their part, as the penalties associated with the GDPR are severe and are applied across international borders at the discretion of the EU data protection authorities.