Security News > 2023

The research found that AppSec chaos reigns, with 78% of CISOs responding that today's AppSec attack surfaces are unmanageable and 90% of responders confirmed relationships between their security and development teams need to improve. 85% of CISOs acknowledge dev teams suffer from vulnerability noise and alert fatigue, which strains the relationship between security and dev teams.

Even as organizations accelerate AI adoption, the majority don't understand the AI skills their employees possess, if any, or have an upskilling strategy to develop them, according to Pluralsight. "AI is transforming the way that business is done, but many companies are behind the curve when it comes to preparing and training their employees for AI because they don't understand the skills that are needed to deal with AI effectively," said Aaron Skonnard, CEO of Pluralsight.

49% of Americans aged 18-34 have used a sports-related password, making them the largest age group to do so, highlighting the prevalence of weak password practices, and the risks of using an easily guessed passwords. As much as people may like using sports-related passwords, those who have used a sports-related password are making some serious security mistakes along the way.

In a joint security alert issued on Thursday, seven agencies* from Australia, Canada, New Zealand, the US and the UK, warned about a criminal gang named Star Blizzard and its evolving phishing techniques. Beginning in 2022, Star Blizzard also began prodding defense-industrial targets and US Department of Energy facilities.

Russian APT28 military hackers used Microsoft Outlook zero-day exploits to target multiple European NATO member countries, including a NATO Rapid Deployable Corps. The Russian hackers are also tracked as Fighting Ursa, Fancy Bear, and Sofacy, and they've been previously linked to Russia's Main Intelligence Directorate, the country's military intelligence service.

A series of attacks against Microsoft Active Directory domains could allow miscreants to spoof DNS records, compromise Active Directory and steal all the secrets it stores, according to Akamai security researchers. While the current report doesn't provide technical details or proof-of-concept exploits, Akamai has promised, in the near future, to publish code that implements these attacks called DDSpoof - short for DHCP DNS Spoof.

Widespread Windows and Linux Vulnerabilities Could Let Attackers Sneak in Malicious Code Before Boot Lenovo, AMI and Insyde have released patches for LogoFAIL, an image library poisoning attack. Researchers at firmware supply chain security platform company Binarly discovered a set of security vulnerabilities that open almost all Windows and Linux computers up to attack.

Norton VPN’s small server network and lack of notable features make it hard to recommend over other available VPNs today. Read our full review to learn more.

In October, a threat actor attempted to sell 23andMe customer data and, after failing to do so, leaked the data for 1 million Ashkenazi Jews and 4.1 million people living in the United Kingdom. 23andMe told BleepingComputer that the data was obtained through credential stuffing attacks to breach customer accounts.

Microsoft keeps improving and adding more features to the Windows 11 Notepad application, the latest being a built-in character counter. Starting with Notepad version 11.2311.29.0, which is rolling out today to Windows Insiders in the Canary and Dev Channels, Microsoft finally gave in and added a character counter to Notepad's status bar.