Security News

Rogers customers, primarily those located in Downtown Toronto and parts of Ontario, are reporting outages this week affecting their internet service. Rogers customers took to X to voice their concerns about internet outages in their area.

The University of Michigan has isolated itself from the internet but, hey, everything's fine! The institute's president on Tuesday published a letter to the school community thanking everyone for their patience as technical staff work to restore internet access following an undisclosed security incident.

The North Korean state-backed hacker group tracked as Lazarus has been exploiting a critical vulnerability in Zoho's ManageEngine ServiceDesk to compromise an internet backbone infrastructure provider and healthcare organizations. Cisco Talos researchers observed attacks against UK internet firms in early 2023, when Lazarus leveraged an exploit for CVE-2022-47966, a pre-authentication remote code execution flaw affecting multiple Zoho ManageEngine products.

The hacking of the UK's Electoral Commission was potentially facilitated by the exploitation of a vulnerability in Microsoft Exchange, according to a security expert. Earlier this week, the election oversight body disclosed that its systems had been broken into, and the attackers had access to the servers that host the organization's email, as well as copies of the electoral registers for the entire UK. It appears the Electoral Commission was running Microsoft Exchange Server with Outlook Web App facing the internet, and was vulnerable to an exploit known as ProxyNotShell at the time that suspicious activity was first detected on the Commission's systems in October 2022.

About Bruce Schneier I am a public-interest technologist, working at the intersection of security, technology, and people. I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

Meta's WhatsApp has rolled out updates to its proxy feature, allowing more flexibility in the kind of content that can be shared in conversations. Support for proxy servers was officially launched by the messaging service earlier this January, thereby helping users circumvent government-imposed censorship and internet shutdowns and obtain indirect access to WhatsApp.

In this Help Net Security interview, Ryan Woodley, CEO of Netcraft, discusses the importance of monitoring, collecting, and analyzing internet data to gain a profound understanding of the internet. The aim is to generate a vast, rich pool of data, which is processed using advanced algorithms and data enrichment techniques.

Apple has joined the rapidly growing chorus of tech organizations calling on British lawmakers to revise the nation's Online Safety Bill - which for now is in the hands of the House of Lords - so that it safeguards strong end-to-end encryption. "It also helps everyday citizens defend themselves from surveillance, identity theft, fraud, and data breaches. The Online Safety Bill poses a serious threat to this protection, and could put UK citizens at greater risk."

CISA issued this year's first binding operational directive ordering federal civilian agencies to secure misconfigured or Internet-exposed networking equipment within 14 days of discovery."The Directive requires federal civilian executive branch agencies to take steps to reduce their attack surface created by insecure or misconfigured management interfaces across certain classes of devices," CISA said.

According to Imperva, bad bot traffic grew to 30.2%, a 2.5% increase over 2021. In this Help Net Security video, Lynn Marks, Senior Product Manager at Imperva, discusses malicious bot activity.