Security News > 2023

As often occurs, we are at a security limbo - on the one hand, as LastPass has noted, users who followed LastPass best practices would be exposed to practically zero to extremely low risk. To assist them throughout this challenging time, Browser Security solution LayerX has launched a free offering of its platform, enabling security teams to gain visibility into all browsers on which the LastPass extension is installed and mitigate the potential impacts of the LastPass breach on their environments by informing vulnerable users and require them to implement MFA on their accounts and if required, roll out a dedicated Master Password reset procedure to eliminate adversaries' abilities to leverage a compromised Master Password for malicious access.

DevOps platform CircleCI on Wednesday urged its customers to rotate all their secrets following an unspecified security incident. "Immediately rotate any and all secrets stored in CircleCI," CircleCI's chief technology officer, Rob Zuber, said in a terse advisory.

Slack suffered a security incident over the holidays affecting some of its private GitHub code repositories. BleepingComputer has come across a security incident notice issued by Slack on December 31st, 2022.

The notorious information-stealer known as Vidar is continuing to leverage popular social media services such as TikTok, Telegram, Steam, and Mastodon as an intermediate command-and-control server. What's new in the latest version of the malware is that the gathered data is encoded prior to exfiltration, a change from the previous variants that have been known to send the compressed file data in plaintext format.

Fortinet has warned of a high-severity flaw affecting multiple versions of FortiADC application delivery controller that could lead to the execution of arbitrary code. The vulnerability, tracked as CVE-2022-39947 and internally discovered by its product security team, impacts the following versions -.

CircleCI states it is currently investigating a security incident, according to email notifications being received by CircleCI users. Breach follows CircleCI's 'reliability' update.

The reality of VPN vs. ZTNA. For a while now, VPN has been the proven, go-to solution when thinking about the best way to provide secure connectivity and ensure safety of data in transit. According to a recent poll, 81% of respondents currently utilize VPN to support remote work and 87% of the respondents who still use VPN say they have implemented at least one other solution to close the gaps.

The Irish Data Protection Commission has fined Meta Platforms €390 million over its handling of user data for serving personalized ads in what could be a major blow to its ad-fueled business model. To that end, the privacy regulator has ordered Meta Ireland to pay two fines - a €210 million fine over violations of the E.U. General Data Protection Regulation related to Facebook, and a €180 million for similar violations in Instagram.

Every SOC on the planet is grappling with the challenges of integrating detection techniques and response processes for public cloud computing. This presentation by Rich Mogull, SVP Cloud Security at FireMon, delves into the details with a framework for modernizing response operations, combined with technical details and examples.

Data backup has traditionally been in the operational domain of IT, while security teams have been responsible for threats to data from attacks. With many backup and recovery companies now referring to themselves as data protection platforms and with a list of new terminology and features representing a new paradigm in the backup world, staying on top of the new terms and features is complex.