Security News

Popular social news aggregation platform Reddit has disclosed that it was the victim of a security incident that enabled unidentified threat actors to gain unauthorized access to internal documents, code, and some unspecified business systems. The company blamed it on a "Sophisticated and highly-targeted phishing attack" that took place on February 5, 2023, targeting its employees.

IT and security teams are consolidating management and security functions to help better deliver new applications to end users, improve regulatory compliance, and reduce cyberattacks resulting from poor coordination between endpoint security and management teams, according to Syxsense. A key report finding indicates that unmanaged device usage continues to increase, with most organizations having endpoint security blind spots - only 43% of respondents claim to be actively monitoring 75% or more of endpoints.

Colourful web forum Reddit has revealed it has suffered a security breach. Here's what we know Reddit's founding engineer and CTO "KeyserSosa" - aka Christopher Slowe - explained that late on February 5th "We became aware of a sophisticated phishing campaign that targeted Reddit employees."

The Hacker News is thrilled to announce the launch of our new educational webinar series, in collaboration with the leading cybersecurity companies in the industry! Get ready to dive into the world of enterprise-level security with expert guests who will share their vast knowledge and provide you with valuable insights and information on various security topics. Skyrocketing claims in 2020 sent shockwaves through the insurance industry, forcing insurance providers to reinvent the criteria for acquiring or renewing cyber insurance.

The OpenSSL Project has released fixes to address several security flaws, including a high-severity bug in the open source encryption toolkit that could potentially expose users to malicious attacks. The vulnerability is rooted in the way the popular cryptographic library handles X.509 certificates, and is likely to impact only those applications that have a custom implementation for retrieving a certificate revocation list over a network.

TikTok and Lensa AI have sparked worldwide conversations on the future of social media and consumer data privacy. In this Help Net Security video, Rick McElroy, Principal Security Strategist at VMware, offers a perspective on these trends, including tips on how consumers and organizations can bolster their security practices to keep up with evolving technologies.

Multiple unpatched security flaws have been disclosed in open source and freemium Document Management System offerings from four vendors LogicalDOC, Mayan, ONLYOFFICE, and OpenKM. Cybersecurity firm Rapid7 said the eight vulnerabilities offer a mechanism through which "An attacker can convince a human operator to save a malicious document on the platform and, once the document is indexed and triggered by the user, giving the attacker multiple paths to control the organization." The list of eight cross-site scripting flaws, discovered by Rapid7 researcher Matthew Kienow, is as follows -.

Pharmaceutical distributor AmerisourceBergen confirmed that hackers compromised the IT system of one of its subsidiaries after threat actors began leaking allegedly stolen data. AmerisourceBergen is a pharmaceutical product distributor, medical business consultant, and patient services provider.

As 2023 goals become solidified, companies need to decide how they are prioritizing cybersecurity. It's time to focus on what organizations can prioritize.

As biometric face verification gains traction and becomes more widely adopted, threat actors are targeting all systems with sophisticated online attacks. To achieve both user friendliness and security, organizations need to evaluate their biometric solutions for resilience in the face of these complex attacks.