Security News > 2023

According to the security policies, established in the organization, only 100 users had legitimate access rights to the file. Only a specialized advanced DCAP system is capable of revealing that a document with confidential content is kept in publicly available storage and that users inside corporate perimeter, who don't have legitimate access rights to the file, access or process it.

Attackers are weaponizing an old Microsoft Office vulnerability as part of phishing campaigns to distribute a strain of malware called Agent Tesla. The infection chains leverage decoy Excel...

Some of the essential questions security teams ought to be asking themselves include: How do we manage and safeguard aspects like confidentiality, integrity, and availability of data? What strategies can we employ to protect our data against cyber threats and misuse? How do we address the security challenges that emerge with expanding data repositories? How do we differentiate between valuable data and redundant information? Security teams may need to engage in discussions with business units to clarify issues such as how we are applying our data.

The manufacturing industry is embracing digital transformation to fuel efficiency and productivity. This evolution is accompanied by profound and growing cybersecurity challenges.

In this Help Net Security video, Rowland Corr, VP & Head of Government Relations at Enea, discusses the implications of burner phones and the crisis of confidence in network operators as they...

In an audit [PDF] published Tuesday, the OIG found NASA has a "Comprehensive privacy program that includes processes for determining whether information systems collect, store, and transmit PII; publishing System of Records Notices; and providing general privacy training to its workforce." That's a welcome assessment, given NASA employs around 16,000 people and - as with all government agencies - collects PII about them and the contractors, partners, and members of the public it engages.

Passwordless authentication emerges as a calculated response, eliminating the inherent weaknesses of conventional passwords. The average user has an overwhelming 227 accounts that require a password, making it unrealistic to expect anyone not using a password manager to be able to adequately secure and manage their digital lives.

Malware, which includes malicious web content and malware payloads, continued to dominate over other types of encrypted attacks, with ad spyware sites and cross-site scripting accounting for 78% of all blocked attacks. In total, 86% of all cyber threats, including malware, ransomware, and phishing attacks, are delivered over encrypted channels.

Google has rolled out security updates for the Chrome web browser to address a high-severity zero-day flaw that it said has been exploited in the wild. The vulnerability, assigned the CVE...

IBM Security has dissected some JavaScript code that was injected into people's online banking pages to steal their login credentials, saying 50,000 user sessions with more than 40 banks worldwide were compromised by the malicious software in 2023. This injected code executes on the page in the browser, and intercepts the victim's credentials as they are entered, which can be passed to fraudsters to exploit to drain accounts.