Security News > 2023 > November

Israeli higher education and tech sectors have been targeted as part of a series of destructive cyber attacks that commenced in January 2023 with an aim to deploy previously undocumented wiper malware. "The attacks are characterized by attempts to steal sensitive data, such as personally identifiable information and intellectual property," Palo Alto Networks Unit 42 said in a new report shared with The Hacker News.

Threat actors are trying to exploit CVE-2023-22518, a critical Atlassian Confluence flaw that allows unauthenticated attackers to reset vulnerable instances' database, Greynoise is observing. "Instances accessible to the public internet, including those with user authentication, should be restricted from external network access until you can patch," Atlassian advised.

Google is warning of multiple threat actors sharing a public proof-of-concept (PoC) exploit that leverages its Calendar service to host command-and-control (C2) infrastructure. The tool, called...

Password reuse remains prevalent leaving user accounts particularly vulnerable to password-spraying attacks if they're not protected by strong multi-factor authentication. Recent password-spraying style attacks that leverage compromised credentials, such as those against 23andMe accounts, illustrate the increased risk and greater exposure that comes from password reuse.

In this Help Net Security interview, Sarah Pearce, Partner at Hunton Andrews Kurth, offers insights into the evolving landscape of AI legislation and its global impact. We're observing a global shift towards AI-specific legislation.

Two groups in particular play a key and critical role in ensuring data governance and security: the CISO and the CDO. CISOs are responsible for identifying and managing risks associated with data security, while CDOs are responsible for ensuring data accuracy, quality, and consistency. Together, they can establish a framework for managing data risks and provide a clear understanding of data ownership and accountability - but they must be speaking the same language.

The U.S. Department of the Treasury imposed sanctions against a Russian woman for taking part in the laundering of virtual currency for the country's elites and cybercriminal crews, including the...

Managing preventive cybersecurity tools requires a skilled workforce. 75% view cloud infrastructure as their organization's greatest exposure risk source.

The risk associated with dependence on a particular cloud provider for multiple business capabilities is in the top five emerging risks for organizations for the second consecutive quarter, according to a survey by Gartner. In September 2023, Gartner surveyed 294 risk executives about their views on emerging risk or over-the-horizon risks.

Kubernetes, often abbreviated as K8s, is an open-source container orchestration platform that has redefined the way modern applications are developed, deployed, and managed. Born out of Google's internal container orchestration system, Kubernetes has become the de facto standard for containerized application management, offering a powerful and flexible platform for automating containerized applications' deployment, scaling, and management.