Security News

Overall, the findings showed that most executives are using their personal devices for work, creating a "Backdoor" for cybercriminals to access large enterprise organizations. 97% of respondents access work accounts on their personal devices and 95% use personal devices for work-related multifactor authentication, creating unexpected risks as their personal devices are now being used as a work device by their employer for second-factor authentication in order to access sensitive company data.

Enterprises are turning to private networks to enhance security and resiliency, according to Spirent. "But the disaggregated private networking ecosystem, wide range of domains, technologies and diversity of user cases result in much greater complexity than the traditional wide area networks enterprises have previously relied on."

Google has changed the Google Chrome security updates schedule from bi-weekly to weekly to address the growing patch gap problem that allows threat actors extra time to exploit published n-day and...

The benefits of continuous validation combined with penetration testing can be a force multiplier for audit-readiness, incident preparedness, and fortified defenses. As security leaders seek new solutions to improve security outcomes and prevent breaches, they are looking at the testing aspect to improve compliance while validating security.

Google has revealed new cellular security mitigations that will be available for users and enterprises on its soon-to-be-released Android 14, and announced a new release schedule for Chrome Stable channel updates. Even though 2G service has been shut down by most major network carriers, many devices are still able to connect to dwindling 2G cellular networks.

Google has introduced a new security feature in Android 14 that allows IT administrators to disable support for 2G cellular networks in their managed device fleet. "The Android Security Model assumes that all networks are hostile to keep users safe from network packet injection, tampering, or eavesdropping on user traffic," Roger Piqueras Jover, Yomna Nasser, and Sudhi Herle said.

The advisory for that flaw, ADV230003, is related to last month's CVE-2023-36884 in Microsoft Office, and as the IT giant notes, it's a "Defense in depth update." Installing the update "Stops the attack chain leading to the Windows Search security feature bypass vulnerability," we're told. Finally the XMP-Toolkit-SDK update plugs an important security hole that could lead to application denial of service.

Audio recordings are dangerously easy to make these days, whether by accident or by design. Compared to video recordings, which are worrying enough given how easily they can be captured covertly, audio recordings are much easier to acquire surreptitiously, given that sound "Goes round corners" while light, generally speaking, doesn't.

In 2022, our in-house research found that 73% of the top attack techniques used in the compromising of critical assets involved mismanaged or stolen credentials - and more than half of the attacks in organizations include some element of Active Directory compromise. So now let's take a look into the anatomy of 3 actual Active Directory attack paths and see how attackers made their way through this environment.

Late last month, the Transportation Security Administration renewed and updated its security directive aimed at enhancing the cybersecurity of oil and natural gas pipelines. The reissued guidance, known as Security Directive Pipeline-2021-02D Pipeline Cybersecurity Mitigation, Actions, Contingency Planning, and Testing, applies to owners and operators of critical pipeline companies and follows initial directives announced by the agency in July 2021 and July 2022 following the highly publicized and disruptive ransomware attack on Colonial Pipeline.