Security - POKIKA

Apple is releasing an urgent security update for older iOS and iPadOS models

March 28, 2023Ravi LakshmanaMobile security On Monday, Apple released fixes for a security flaw that was actively exploited for older iPhone and iPad models. Issue tracked as: CVE-2023-23529refers to a type confusion bug in the WebKit browser engine that could lead to arbitrary code execution. It was initially patched by the tech giant with improved … Read more

How CISOs can reduce the risk of using data brokers

Purchasing databases from data brokers can pose a challenge for enterprise security managers. While there are tools for scanning files for malware, there is no automated way to ensure that the data contained in the database is accurate and, more importantly, obtained with the appropriate consent. Without that assurance, those files can pose a threat … Read more

CISA releases Hunt Tool for Microsoft cloud services

The Untitled Goose Tool is the latest tool from the United States Cybersecurity and Infrastructure Security Agency to help enterprise security teams respond to attacks. Co-developed with Sandia National Labs, the Untitled Goose Tool “offers new authentication and data collection methods for network defenders to use as they interrogate and analyze their Microsoft cloud services,” … Read more

The Biden administration is trying to crack down on the spyware market with a new ban

In a significant signal to spyware vendors, the Biden administration issued an executive order (EO) that prohibits federal government agencies from using commercial spyware “that poses significant counterintelligence or security risks to the United States government.” The spyware covered by EO is basically malware designed to track and collect data from cell phones that can … Read more

Clop continues to collect victims of ransomware with the GoAnywhere flaw

A vulnerability in the commonly used GoAnywhere file transfer service allowed the Clop ransomware group to compromise around 130 organizations. Weeks later, details are still emerging about the large-scale attack. Until now, those details weren’t available from GoAnywhere’s parent company, Fortra. It was the victim organization that made headlines with revelations of public data breaches. … Read more

Leaking Twitter source code on GitHub is a potential cyber nightmare

Some of Twitter’s own source code was publicly available on Github for about three months, according to information extracted from a DMCA Takedown request filed on March 24. GitHub is the world’s largest code hosting platform. Owned by Microsoft, it serves more than 100 million developers and contains about 400 repositories in total. On March … Read more

The journey to ubiquitous encryption drives key management

As cloud infrastructure and compliance regulations become more complex, companies are looking to simplify data security by adopting more pervasive encryption of sensitive data and consolidating key management into a single repository or service. On March 22, email and file security company Virtru became the latest data protection firm to offer customers a unified key … Read more