Security News

The Anti-Theft Mode feature will make the devices invisible to Scan and Secure, the company's in-app feature that lets you know if any nearby Tiles are following you. To activate the new Anti-Theft Mode, the Tile owner will have to verify their real identity with a government-issued ID, submit a biometric scan that helps root out fake IDs, agree to let Tile share their information with law enforcement and agree to be subject to a $1 million penalty if convicted in a court of law of using Tile for criminal activity.

Fortinet has dropped fixes for 40 vulnerabilities in a variety of its products, including two critical vulnerabilities affecting its FortiNAC and FortiWeb solutions.Since cyberattackers love to exploit vulnerabilities in Fortinet enterprise solutions and a PoC exploit for CVE-2022-39952 is expected to be released soon, admins are advised to get a move on patching.

Gartner forecasts a 16.8% growth for SaaS in 2023 as companies - including SMBs - add new SaaS platforms to their IT stack. Too often we find SMBs think security is all in the hands of the SaaS provider, when in fact the SaaS customer is always responsible for their data and their users.

If an organization relies on automation and tools to highlight API security issues, it is still up to a trained developer to manage API behavior. Since there is no standard for managing APIs, organizations must rely on more than tools to solve their security challenges.

Web hosting services provider GoDaddy on Friday disclosed a multi-year security breach that enabled unknown threat actors to install malware and siphon source code related to some of its services. GoDaddy said in December 2022, it received an unspecified number of customer complaints about their websites getting sporadically redirected to malicious sites, which it later found was due to the unauthorized third party gaining access to servers hosted in its cPanel environment.

The FBI claims it has dealt with a cybersecurity "Incident" that reportedly involved computer systems being used to investigate child sexual exploitation. "The FBI is aware of the incident and is working to gain additional information," a spokesperson said in a statement to The Register.

A critical vulnerability in the ClamAV scanning library used by its Secure Endpoint, Secure Endpoint Private Cloud, and Secure Web Appliance, and. High-risk vulnerabilities affecting Email Security Appliance and Cisco Secure Email and Web Manager, proof-of-concept exploit code for which is already available.

In this role, Bhagwat will lead the evolution, growth, and expansion of the Entrust Digital Security portfolio, which includes solutions for data encryption, public and private certificate authorities, identity and access management, digital signing, and security policy management. In this insightful Help Net Security interview, Bhagwat delves into the ever-evolving landscape of digital security solutions, shedding light on the latest trends and advancements in the field.

Cyber-physical system vulnerabilities disclosed in the second half of 2022 have declined by 14% since hitting a peak during 2H 2021, while vulnerabilities found by internal research and product security teams have increased by 80% over the same time period, according to Claroty. These findings indicate that security researchers are having a positive impact on strengthening the security of the Extended Internet of Things, a vast network of cyber-physical systems across industrial, healthcare, and commercial environments, and that XIoT vendors are dedicating more resources to examining the security and safety of their products than ever before.

Google this week reversed an overhaul of one of its security-related file formats after the transition broke Android apps. In November, 2021, Google announced changes to the format of its Chrome Certificate Transparency log list file and, in August, 2022, notified developers whose apps might be affected that it would stop publishing legacy log list files on October 17, 2022.