Security News > 2023 > December
Austal USA, a shipbuilding company and a contractor for the U.S. Department of Defense and the Department of Homeland Security confirmed that it suffered a cyberattack and is currently investigating the impact of the incident. Earlier today, the Hunters International ransomware and data extortion group claimed to have breached Austal USA and leaked some information as proof of the intrusion.
With increasing numbers of organizations choosing to host data at their fringes, the network edge is more vulnerable than ever without the right protection. Any serious data breach at the edge has the potential to result in a heavy price for the organization affected.
TechRepublic Premium Hiring Kit: User Experience Designer While the perfect color palette or the most sublime button shading or myriad of other design features play an important role in any product's success, user interface design is not enough. Customer engagement and retention requires a strategic plan that attempts to measure, quantify and ultimately create a complete satisfying user experience on both an .... TechRepublic Premium AlmaLinux Checklist: 9 Things to Do after Installation This checklist from TechRepublic Premium consists of nine things you should do immediately after installing AlmaLinux.
TechRepublic Premium Hiring Kit: User Experience Designer While the perfect color palette or the most sublime button shading or myriad of other design features play an important role in any product's success, user interface design is not enough. Customer engagement and retention requires a strategic plan that attempts to measure, quantify and ultimately create a complete satisfying user experience on both an .... TechRepublic Premium AlmaLinux Checklist: 9 Things to Do after Installation This checklist from TechRepublic Premium consists of nine things you should do immediately after installing AlmaLinux.
Atlassian has published security advisories for four critical remote code execution vulnerabilities impacting Confluence, Jira, and Bitbucket servers, along with a companion app for macOS. All security issues addressed received a critical-severity score of at least 9.0 out of 10, based on Atlassian's internal assessment. Due to the popularity of Atlassian products and their extensive deployment in corporate environments, system administrators should prioritize applying the available updates.
Athena AI, the new generative AI layer that spans across the entire Varonis Data Security Platform, redefines how security teams protect data - from visibility to action. Athena AI is embedded within the Varonis Data Security Platform and appears in a variety of user interfaces to speed up security and compliance tasks.
Atlassian has released security updates for four critical vulnerabilities in its various offerings that could be exploited to execute arbitrary code. CVE-2022-1471 is a deserialization flaw in the SnakeYAML library for Java that can lead to remote code execution.
A security vulnerability previously added to CISA's Known Exploited Vulnerability catalog, which was recognized by CVE Numbering Authorities, and included in reputable threat reports is now being formally rejected by infosec organizations. CISA removed CVE-2022-28958 from its KEV on December 1, two days after the National Vulnerability Database revoked its "Vulnerability" status following a months-long review.
We'll focus on three topics covered: the ransomware cybercriminal ecosystem, network infrastructure attacks and commodity loader malware. More ransomware actors switched to extortion rather than encryption, while commodity loaders evolved to be stealthier and highly effective, although new major security improvements have seen the day in 2023, such as Microsoft Office disabling macros by default.
Unknown attackers have leveraged a critical vulnerability in the Adobe ColdFusion application development platform to access government servers, the Cybersecurity and Infrastructure Security Agency has shared. Adobe disclosed and fixed the flaw in mid-March 2023, and said that it was "Aware that CVE-2023-26360 has been exploited in the wild in very limited attacks".