Security News

An average enterprise storage and backup device has 14 vulnerabilities, three of which are high or critical risk that could present a significant compromise if exploited, according to Continuity. The findings underscore a significant gap in the state of enterprise storage and backup security, and shows how much it lags behind the security of other layers of IT. With the growing sophistication of data-centric attacks, the high volumes of data at risk and tightened regulations, enterprise storage and backup security clearly require urgent attention.

The U.S. Cybersecurity and Infrastructure Security Agency has released eight Industrial Control Systems advisories on Tuesday, warning of critical flaws affecting equipment from Delta Electronics and Rockwell Automation. "Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to obtain access to files and credentials, escalate privileges, and remotely execute arbitrary code," CISA said.

"Is cybersecurity recession-proof?" That's the question on the minds of many security professionals and executives as a possible economic downturn of indeterminate length and severity looms and many organizations are tightening their belts. If economic uncertainty persists, expect organizations to mitigate risk and manage costs by consolidating their security services, solutions, and providers.

Given how many organizations now use two or more public clouds - 87 percent of respondents in Flexera's 2023 State of the Cloud report said they have a multicloud strategy - it was important that Microsoft also look outward when talking about security baselines, according to Jim Cheng, senior software engineer at Microsoft. "Today we see that our customers often have to aggregate and reconcile their security management across multiple cloud platforms to meet security and compliance requirements," Cheng wrote in October 2022, when MCSB v1 entered public preview.

Why? Bad actors know that SMEs typically have a smaller security budget, less infosec manpower, and possibly weak or missing security controls to protect their data and infrastructure. The good news is you don't have to create your security strategy from scratch.

Meta's former security policy manager, who split her time between the US and Greece, is reportedly suing the Hellenic national intelligence service for hacking her phone. "The Greek authorities and security services have at no time acquired or used the Predator surveillance software. To suggest otherwise is wrong," Giannis Oikonomou, the government spokesman, said.

The reality is that the user experience of user security is awful and not getting better. We think user experience for security should be just as important and as easy as for anything we do.

Half of U.S. businesses say that security is the most influential factor when buying software, according to Capterra's Security Features Survey. Digging further, businesses share the types of security features they consider to be "Must-haves." 76% cite data backups as a dealbreaker when choosing software.

Windows 11 users report seeing widespread Windows Security warnings that Local Security Authority Protection has been disabled even though it shows as being toggled on. While Windows users report that this issue is caused by the recently released KB5023706 Windows 11 22H2 cumulative update, this has been happening since at least January 15.

The notorious Emotet malware, in its return after a short hiatus, is now being distributed via Microsoft OneNote email attachments in an attempt to bypass macro-based security restrictions and compromise systems. A derivative of the Cridex banking worm - which was subsequently replaced by Dridex around the same time GameOver Zeus was disrupted in 2014 - Emotet has evolved into a "Monetized platform for other threat actors to run malicious campaigns on a pay-per-install model, allowing theft of sensitive data and ransom extortion."