Security News

Apple has joined the rapidly growing chorus of tech organizations calling on British lawmakers to revise the nation's Online Safety Bill - which for now is in the hands of the House of Lords - so that it safeguards strong end-to-end encryption. "It also helps everyday citizens defend themselves from surveillance, identity theft, fraud, and data breaches. The Online Safety Bill poses a serious threat to this protection, and could put UK citizens at greater risk."

CISA issued this year's first binding operational directive ordering federal civilian agencies to secure misconfigured or Internet-exposed networking equipment within 14 days of discovery."The Directive requires federal civilian executive branch agencies to take steps to reduce their attack surface created by insecure or misconfigured management interfaces across certain classes of devices," CISA said.

According to Imperva, bad bot traffic grew to 30.2%, a 2.5% increase over 2021. In this Help Net Security video, Lynn Marks, Senior Product Manager at Imperva, discusses malicious bot activity.

Microsoft has decided to allow customers to choose when the last bits of Internet Explorer 11 will be removed from their devices. "Over the coming months a small subset of exceptional scenarios where IE11 is still accessible will be redirected to Edge, ensuring users access a supported and more secure Microsoft browser," the company added.

SquareX is the first in building solutions keeping consumer security and productivity at the centre of all its core features for consumers to be fearless online! What is SquareX's vision for the future of internet security, and how does the company plan to achieve it?

For its recent research focusing on web entities, Censys leveraged its internet-wide scan data to understand better the applications and services that have become core to our existence, evaluating the state of security on the modern internet. In this Help Net Security video, Himaja Motheram, Security Researcher at Censys, offers insight into the assets and weaknesses across organizations' internet infrastructure.

Cybersecurity researchers have uncovered weaknesses in a software implementation of the Border Gateway Protocol that could be weaponized to achieve a denial-of-service condition on vulnerable BGP peers. The three vulnerabilities reside in version 8.4 of FRRouting, a popular open source internet routing protocol suite for Linux and Unix platforms.

For a new report about insecure IoT devices, BitSight discovered that one in 12 organizations with internet-facing webcams or similar devices failed to properly secure them, leaving them vulnerable to video or audio compromise. Out of these, the education area was at the greatest risk, with one in four using internet-facing webcams and similar devices susceptible to video or audio compromise.

"In 2022, investment scam losses were the most scheme reported to the Internet Crime Complaint Center," the FBI shared in its 2022 Internet Crime Report. 2022 Internet Crime Report: Additional findings The number of complaints received by the IC3 is a bit smaller than the year before, but the overall recorded losses are highest than ever When it comes to BEC scams, the IC3 saw a slight increase of targeting victims' investment accounts instead of the traditional banking accounts, and an increase of BEC bad actors spoofing legitimate business phone numbers to confirm fraudulent banking details with victims.

The RIG Exploit Kit is undergoing its most successful period, attempting roughly 2,000 intrusions daily and succeeding in about 30% of cases, the highest ratio in the service's long operational history. The RIG exploit kit is a set of malicious JavaScript scripts embedded in compromised or malicious websites by the threat actors, which are then promoted through malvertising.