Security News

A vulnerability in Barracuda Networks' Email Security Gateway appliances has been exploited by attackers, the company has warned. CVE-2023-2868 is a critical remote command injection vulnerability affecting only physical Barracuda Email Security Gateway appliances, versions 5.1.3.001 - 9.2.0.006.

In response to these risks, the US government reinforced critical infrastructure security by introducing Cross-Sector Cybersecurity Performance Goals mandated by the US Cybersecurity Infrastructure & Security Agency. Recently, CISA updated the CPGs to align with NIST's standard cybersecurity framework, establishing each of the five goals as a prioritized subset of IT and OT cybersecurity practices.

Cloudflare announced on May 15, 2023 a new suite of zero-trust security tools for companies to leverage the benefits of AI technologies while mitigating risks.The Cloudflare One platform's new tools and features are Cloudflare Gateway, service tokens, Cloudflare Tunnel, Cloudflare Data Loss Prevention and Cloudflare's cloud access security broker.

GitHub has announced that its application security testing tools are now more widely available for subscribers of Microsoft's Azure DevOps Services. "GitHub Advanced Security for Azure DevOps can not only help you find secrets that have already been exposed in Azure Repos, but also help you prevent new exposures by blocking any pushes to Azure Repos that contain secrets," says Aaron Hallberg, Director of Product for Azure DevOps, Microsoft.

If you're involved in securing the applications your organization develops, there is no question that Static Application Security Testing solutions are an important part of a comprehensive application security strategy. With a plethora of players in the market, sometimes making competing claims, it's confusing to know what to look for when selecting a SAST solution.

A former IT security analyst at Oxford Biomedica has admitted, five years after the fact, to turning to the dark side - by hijacking a cyber attack against his own company in an attempt to divert any ransom payments to himself. Ashley Liles, of Letchworth Garden City, Hertfordshire, pleaded guilty at Reading Crown Court to blackmail and unauthorized access to a computer with intent to commit other offences on May 17 following an investigation by the South East Regional Organised Crime Unit.

"Based on the investigation, it was determined that information potentially accessed in the incident varied for each individual and may have included personal, medical, health insurance or financial information, and in some limited cases, Social Security numbers," according to a notice on Apria's website. The healthcare biz also provided more details about what happened in a data security breach notification letter sent to 1,869,598 people.

In the fast-evolving landscape of technology and connectivity, ensuring the security of operational technology systems has become a paramount concern for organizations worldwide. In this Help Net Security video, Daniel Bren, CEO at OTORIO, discusses a significant discrepancy between how companies perceive their OT security posture and the harsh reality they often face.

While API security remains a top cybersecurity concern this year, there is still an alarming lack of implementation for most companies, according to Traceable AI. Companies overlook API security. With insights from more than 100 cybersecurity professionals, the study showed that though 69% of organizations claim to factor APIs into their cybersecurity strategy, 40% of companies do not have dedicated professionals or teams for API security, while 23% of respondents do not know if there is dedicated API security in their organization.

US memory-maker Micron has no idea why Chinese authorities have decided its products represent a security risk, or which customers it's not allowed to sell to. Micron CFO Mark Murphy on Monday told J.P. Morgan's 51st Annual Global Technology, Media and Communications Conference that China's Cyberspace Administration, which on Sunday announced the chipmaker had failed a security review, has offered no reason for that opinion.