Security News

CVE-2021-21974 is a vulnerability affecting OpenSLP as used in VMware ESXi. The French government's Computer Emergency Response Team CERT-FR was the first to raise an alert on ransomware exploiting this vulnerability on Feb. 3, 2023, quickly followed by French hosting provider OVH. Attackers can exploit the vulnerability remotely and unauthenticated via port 427, which is a protocol that most VMware customers do not use.

Starting in April 2023, Amazon S3 will change the default security configuration for all new S3 buckets.For new buckets created after this date, S3 Block Public Access will be enabled, and S3 access control lists will be disabled.

In this Help Net Security video, Christopher Hodson, CSO at Cyberhaven, talks about how CISOs have been investing in inflating their tech stack, but for what? No amount of acronyms will do any good if stuff is leaking from within. Classifying files and data would enable companies to understand what data is necessary and focus on protecting it.

The Info-Tech's report focuses on data that details the likely changes in processes and IT infrastructure due to hybrid work, concerns and perceptions about readiness to meet current and future legislation, and the impact of a potential recession on security budgets. According to Info-Tech's research, security leaders must build a strong cybersecurity workforce by strategically acquiring, retaining, and upskilling talent to maintain secure systems and increase confidence in the security practice.

Two new security weaknesses discovered in several electric vehicle (EV) charging systems could be exploited to remotely shut down charging stations and even expose them to data and energy theft....

"The findings indicate a sizable disconnect between market promises and team perceptions. As a result, teams lack the holistic visibility and context to zero in on adversary behaviour to identify the causes of major incidents and breaches. As a result, large-scale data breaches and multi-million-dollar remediation efforts are taking a toll on organizations' brands, customer retention, and act as a distraction to business momentum and budgets," said Steve Moore, Chief Security Strategist at Exabeam. 4% of U.S. security professionals report not using a SIEM platform, and of those respondents, 81% were confident.

Companies are challenged with more complex hybrid IT environments. They are raising budgets to fend off cyberattacks and keep up as production environments continue to diversify across various clouds, according to Veeam Software.

Microsoft this week rolled out fixes to issues caused by security updates released in December 2022 that botched how XPS documents are displayed in various versions of. Some users who installed the security updates for those developer platforms saw problems with how Windows Presentation Foundation applications rendered XPS documents.

While machine-to-machine communication and machine learning have helped industrial firms improve quality, maintenance and machine life, many are now using a complicated mix of legacy OT and connected technologies that is rife with security gaps. Their current OT security solutions often need more visibility into IoT, mobile and wireless assets.

Taiwanese company QNAP has released updates to remediate a critical security flaw affecting its network-attached storage devices that could lead to arbitrary code injection. Tracked as CVE-2022-27596, the vulnerability is rated 9.8 out of a maximum of 10 on the CVSS scoring scale.