Security News

Barracuda Email Security Gateways bitten by data thieves
2023-05-31 18:15

A critical remote command injection vulnerability in some Barracuda Network devices that the vendor patched 11 days ago has been exploited by miscreants - for at least the past seven months. Barracuda said it discovered the bug, tracked as CVE-2023-2868, in its Email Security Gateway appliance on May 19 and pushed a patch to all of these products globally the following day.

Serious Security: That KeePass “master password crack”, and what we can learn from it
2023-05-31 17:39

Simply put, the CVE-2023-32784 vulnerability means that a KeePass master password might be recoverable from system data even after the KeyPass program has exited, because sufficient information about your password might get left behind in sytem swap or sleep files, where allocated system memory may end up saved for later. A long-term password leak in memory also means that the password could, in theory, be recovered from a memory dump of the KeyPass program, even if that dump was grabbed long after you'd typed the password in, and long after the KeePass itself had no more need to keep it around.

7 Stages of Application Testing: How to Automate for Continuous Security
2023-05-31 14:06

One common way of identifying security vulnerabilities is through penetration testing or pen testing. Once the application and all its components have been identified, it is important to configure it for testing by setting up appropriate user accounts and access control lists.

Alert: Hackers Exploit Barracuda Email Security Gateway 0-Day Flaw for 7 Months
2023-05-31 05:25

Enterprise security firm Barracuda on Tuesday disclosed that a recently patched zero-day flaw in its Email Security Gateway appliances had been abused by threat actors since October 2022 to backdoor the devices. The latest findings show that the critical vulnerability, tracked as CVE-2023-2868, has been actively exploited for at least seven months prior to its discovery.

Serious Security: Verification is vital – examining an OAUTH login bug
2023-05-30 18:59

Researchers at web coding security company SALT just published a fascinating description of how they found an authentication bug dubbed CVE-2023-28131 in a popular online app-building coding toolkit known as Expo. Expo itself adds a wrapper around the verification process, so that it handles the authentication and the validation for you, ultimately passing a magic access token for the desired website back to the app or website you're connecting from.

Hackers Win $105,000 for Reporting Critical Security Flaws in Sonos One Speakers
2023-05-30 12:29

Multiple security flaws uncovered in Sonos One wireless speakers could be potentially exploited to achieve information disclosure and remote code execution, the Zero Day Initiative said in a report published last week. The list of four flaws, which impact Sonos One Speaker 70.3-35220, is below -.

CAPTCHA-Breaking Services with Human Solvers Helping Cybercriminals Defeat Security
2023-05-30 12:16

"Because cybercriminals are keen on breaking CAPTCHAs accurately, several services that are primarily geared toward this market demand have been created," Trend Micro said in a report published last week. "These CAPTCHA-solving services don't use techniques or advanced machine learning methods; instead, they break CAPTCHAs by farming out CAPTCHA-breaking tasks to actual human solvers."

CISO-approved strategies for software supply chain security
2023-05-29 04:30

Integrating proprietary and open-source code, APIs, user interfaces, application behavior, and deployment workflows creates an intricate composition in modern applications. Any vulnerabilities within this software supply chain can jeopardize your and your customers' safety.

Top public cloud security concerns for the media and entertainment industry
2023-05-29 04:00

Survey findings highlighted that, while M&E organizations are still relatively new to cloud storage, public cloud storage use is on the rise, with 89% of respondents looking to increase or maintain their cloud services. "The media and entertainment industry is a key vertical for cloud storage services, driven by the need for accessibility to large media files among multiple organizations and geographically distributed teams," said Andrew Smith, senior manager of strategy and market intelligence at Wasabi Technologies, and a former IDC analyst.

5 Must-Know Facts about 5G Network Security and Its Cloud Benefits
2023-05-26 11:48

5G encompasses robust security features that guarantee confidentiality, integrity, and availability of network services and user data. Essential 5G security methods and technologies include encryption, privacy protection, authentication and authorization, network slicing, and network equipment security assurance.