Security News
Managing compliance doesn't have to be draining, time-consuming, or overly complicated. In this Help Net Security video, Wesley Van Zyl, Senior Manager, Compliance Success at Scytale, discusses how keeping track of all your security controls can be challenging, particularly when new cybersecurity threats emerge unexpectedly.
The level of concern is high for attacks evading security controls by leveraging siloed communication and collaboration tools outside of email. "This raises the question of whether expanding collaboration tools simply increases the potential attack surface for bad actors. As organizations continue to adopt new technologies, they must remain vigilant in their efforts to protect against these threats and ensure the security of their communication channels," concluded Gruber.
The U.S. Cybersecurity and Infrastructure Security Agency warned of active exploitation of a medium-severity flaw affecting Samsung devices. The issue, tracked as CVE-2023-21492, impacts select Samsung devices running Android versions 11, 12, and 13.
ASUS has apologized to its customers for a server-side security maintenance error that has caused a wide range of impacted router models to lose network connectivity. The problem has been extensively reported on social media and discussion platforms since May 16, 2023, with people appearing puzzled by the simultaneous connectivity issues on multiple ASUS routers and others complaining about the lack of communication from the vendor's side.
Researchers are worried about Google’s .zip and .mov domains, because they are confusing. Mistaking a URL for a filename could be a security vulnerability.
AppSec teams are stuck in a catch-up cycle, unable to keep up with the increasingly rapid, agile dev pace, and playing security defense via an endless and unproductive vulnerability chase, according to Backslash Security. Far and wide, enterprises are victims of this costly 'defensive tax:' the cost of employing AppSec engineers who chase vulnerabilities rather than drive a comprehensive cloud-native AppSec program is estimated to be upwards of $1.2 million annually.
The 14-year-old company and single sign-on market share leader announced this month that it is adding a key element of visibility, the Security Center, to its Auth0-powered Okta Customer Identity Cloud. The Security Center dashboard is designed to give near real-time asset visibility to teams focused on customer identity, user experience and security.
Brian Behlendorf, CTO at the Open Source Security Foundation, shares insights on the influence of his experiences with the White House CTO office, World Economic Forum, and Linux Foundation on leading the OpenSSF and addressing open-source security challenges. Like all software projects, open source software projects are never over-staffed; they are volunteers struggling not just to write the functionality they need but also to fix the bugs they and others find, paying down technical debt and implementing better security practices and tools often fall way behind in priority compared to new feature work and bug-fixing.
Capita is facing criticism about its security hygiene on a new front after an Amazon bucket containing benefits data on residents in a south east England city council was left exposed to the public web. Colchester City Council said on Monday it had launched a probe following the discovery of the open bucket, and was working with Capita to fully understand the "Extent of the data spill and take all necessary steps to minimize any impact on residents."
In 2021, the Biden Administration published the Executive Order on Improving the Nation's Cybersecurity, setting off an agency-wide security initiative with the ultimate objective of standardizing security requirements across the Department of Defense and the Federal Civilian Executive Branch supply chain. These revisions point to a wider adoption of the NIST SP 800-171 and 800-53 controls, meaning that organizations contracting across the FCEB supply chain should start reviewing their current security posture in preparation.