Security News

For facility operators, this includes elevators, HVAC systems, PLC controls, valves, pumps, and a whole slew of systems that we don't think of as 'connected. Regarding attacks on operational technology systems, "You've lost access to your security feeds. Now, if it's a standard premium commercial building, you may say, 'okay, I need to fix that right away'. But what if it was a hospital? What if it was a data center? What are the implications, and is this an inconvenience or does it put lives in danger?".

Microsoft's Patch Tuesday update for March 2023 is rolling out with remediations for a set of 80 security flaws, two of which have come under active exploitation in the wild. The two vulnerabilities that have come under active attack include a Microsoft Outlook privilege escalation flaw and a Windows SmartScreen security feature bypass.

Software vendor SAP has released security updates for 19 vulnerabilities, five rated as critical, meaning that administrators should apply them as soon as possible to mitigate the associated risks. The flaws fixed this month impact many products, but the critical severity bugs affect SAP Business Objects Business Intelligence Platform and SAP NetWeaver.

UK Prime Minister Rishi Sunak on Monday announced the National Protective Security Agency as part of a refresh of the government's security strategy known as the "Integrated Review". The refresh included the replacement of the UK's Conflict, Stability and Security Fund with an Integrated Security Fund that's funded to the tune of £1 billion to "Deliver on the core objectives of the Integrated Review at home and around the world, including in economic and cyber security, counter terrorism and human rights."

We're now making cloud security automation easier for you by releasing CIS hardening components in EC2 Image Builder on Amazon Web Services. Our CIS hardening components help give you more options for building a golden image, especially when you need to automate your image creation process.

Offensive Security has released ?Kali Linux 2023.1, the first version of 2023 and the project's 10th anniversary, with a new distro called 'Kali Purple,' aimed at Blue and Purple teamers for defensive security. Kali Linux is a distribution designed for ethical hackers to perform penetration testing, security audits, and cybersecurity research against networks.

More than a dozen security flaws have been disclosed in E11, a smart intercom product made by Chinese company Akuvox. "The vulnerabilities could allow attackers to execute code remotely in order to activate and control the device's camera and microphone, steal video and images, or gain a network foothold," Claroty security researcher Vera Mens said in a technical write-up.

Microsoft will introduce improved protection against phishing attacks pushing malware via malicious Microsoft OneNote files.To thwart phishing attacks using malicious Microsoft OneNote attachments, you can set up secure mail gateways or mail servers to automatically block OneNote documents with.

A suspected North Korean hacking group is targeting security researchers and media organizations in the U.S. and Europe with fake job offers that lead to the deployment of three new, custom malware families. Mandiant says the particular group has previously targeted tech firms, media groups, and entities in the defense industry.

Over 60% of organizations have been operating in a cloud environment for three or more years, but technical complexities and maintaining comprehensive security still hamper their cloud migration efforts, according to the 2023 State of Cloud-Native Security Report. In the report, the ideal cloud security solution is scalable and able to handle immediate security needs and additional use cases as the company expands cloud applications and uses.