March 28, 2023Ravi LakshmanaMobile security On Monday, Apple released fixes for a security flaw that was actively exploited for older iPhone and iPad models. Issue tracked as: CVE-2023-23529refers to a type confusion bug in the WebKit browser engine that could lead to arbitrary code execution. It was initially patched by the tech giant with improved … Read more
Purchasing databases from data brokers can pose a challenge for enterprise security managers. While there are tools for scanning files for malware, there is no automated way to ensure that the data contained in the database is accurate and, more importantly, obtained with the appropriate consent. Without that assurance, those files can pose a threat … Read more
The Untitled Goose Tool is the latest tool from the United States Cybersecurity and Infrastructure Security Agency to help enterprise security teams respond to attacks. Co-developed with Sandia National Labs, the Untitled Goose Tool “offers new authentication and data collection methods for network defenders to use as they interrogate and analyze their Microsoft cloud services,” … Read more
In a significant signal to spyware vendors, the Biden administration issued an executive order (EO) that prohibits federal government agencies from using commercial spyware “that poses significant counterintelligence or security risks to the United States government.” The spyware covered by EO is basically malware designed to track and collect data from cell phones that can … Read more
A vulnerability in the commonly used GoAnywhere file transfer service allowed the Clop ransomware group to compromise around 130 organizations. Weeks later, details are still emerging about the large-scale attack. Until now, those details weren’t available from GoAnywhere’s parent company, Fortra. It was the victim organization that made headlines with revelations of public data breaches. … Read more
Security researchers have seen attack campaigns using two new variants of IcedID, a banking Trojan that has been used to deliver ransomware in recent years. The two new versions, one of which appears to be related to the Emotet botnet, are lighter compared to the standard one, as some functionality has been removed. “It is … Read more
Some of Twitter’s own source code was publicly available on Github for about three months, according to information extracted from a DMCA Takedown request filed on March 24. GitHub is the world’s largest code hosting platform. Owned by Microsoft, it serves more than 100 million developers and contains about 400 repositories in total. On March … Read more
From rising stars to veterans leading research teams, check out our profiles of women making a big impact in cyber defense as the threat landscape expands. Source by [author_name]
As cloud infrastructure and compliance regulations become more complex, companies are looking to simplify data security by adopting more pervasive encryption of sensitive data and consolidating key management into a single repository or service. On March 22, email and file security company Virtru became the latest data protection firm to offer customers a unified key … Read more
There’s bad news if you’re someone who wants to launch a distributed denial-of-service (DDoS) attack to take a website off the Internet, but doesn’t have the know-how to do it yourself. Instead of hiring the help of cybercriminals to bombard a website with unwanted traffic or knock competitors out of a video game, you can … Read more