CyberSecure Specialist

15 Feb

Descope launches authentication and user management SaaS

Data Breaches, Malware, Social Engineering

Descope has launched its first product, a platform designed to help developers add authentication and user management capabilities to their business-to-consumer and business-to-business applications. The software as a service is available now. Developers can access the product free of charge for up to 7,500 monthly active uses for B2C applications and up to 50 tenants for B2B apps. Beyond these there is a US$0.10 per user and US$20 per tenant. The Descope platform aims to…

Read More
15 Feb

Defending against attacks on Azure AD: Goodbye firewall, hello identity protection

Data Breaches, Malware, Social Engineering

Not too long ago, guarding access to the network was the focal point of defense for security teams. Powerful firewalls ensured that attackers were blocked on the outside while on the inside things might get “squishy,” allowing users fairly free rein within. Those firewalls were the ultimate defense—no one undesirable got access. Until they did. With the advent of cloud computing, the edge of a network is no longer protected by a firewall. In fact,…

Read More
14 Feb

Confident cybersecurity means fewer headaches for SMBs

Information

Small and medium-sized businesses have good reason to be concerned about the loss of data and financial impacts While tech advancements have enabled small and medium businesses (SMBs) to grow their business and allowed them to evolve their operational models, cybersecurity risks and threats can cancel any progress that has been made so far. Underlying these is another serious obstacle: SMBs lacking confidence in managing cybersecurity. The lack of confidence manifests as a strong belief…

Read More
14 Feb

Apple fixes zero-day spyware implant bug – patch now!

Information

by Paul Ducklin Apple has just released updates for all supported Macs, and for any mobile devices running the very latest versions of their respective operating systems. In version number terms: iPhones and iPads on version 16 go to iOS 16.3.1 and iPadOS 16.3.1 respectively (see HT213635). Apple Watches on version 9 go to watchOS 9.3.1 (no bulletin). Macs running Ventura (version 13) go to macOS 13.2.1 (see HT213633). Macs running Big Sur (version 11)…

Read More
14 Feb

Microsoft Patch Tuesday: 36 RCE bugs, 3 zero-days, 75 CVEs

Information

by Paul Ducklin Deciphering Microsoft’s official Update Guide web pages is not for the faint-hearted. Most of the information you need, if not everything you’d really like to know, is there, but there’s such a dizzing number of ways to view it, and so many generated-on-the-fly pages are needed to display it, that it can be tricky to find out what’s truly new, and what’s truly important. Should you search by the operating system platforms…

Read More
14 Feb

Attacks on industrial infrastructure on the rise, defenses struggle to keep up

Data Breaches, Malware, Social Engineering

The last year saw a rise in the sophistication and number of attacks targeting industrial infrastructure, including the discovery of a modular malware toolkit that’s capable of targeting tens of thousands of industrial control systems (ICS) across different industry verticals. At the same time, incident response engagements by industrial cybersecurity firm Dragos showed that 80% of impacted environments lacked visibility into ICS traffic and half had network segmentation issues and uncontrolled external connections into their…

Read More
14 Feb

Zscaler to Acquire Israeli Startup Canonic Security

Information, News

Cloud security vendor Zscaler on Tuesday announced plans to acquire Israeli early-stage startup Canonic Security to expand its services into the red-hot software supply chain security business. Financial terms of the transaction were not disclosed. Canonic Security, based in Tel Aviv, Israel, emerged from stealth exactly a year ago with $6 million in seed-stage venture capital funding for technology in the third-party app governance space. The publicly traded Zscaler, based in San Jose, CalifCanonic’s platform…

Read More
14 Feb

Microsoft Patch Tuesday, February 2023 Edition

Information, Insights

Microsoft is sending the world a whole bunch of love today, in the form of patches to plug dozens of security holes in its Windows operating systems and other software. This year’s special Valentine’s Day Patch Tuesday includes fixes for a whopping three different “zero-day” vulnerabilities that are already being used in active attacks. Microsoft’s security advisories are somewhat sparse with details about the zero-day bugs. Redmond flags CVE-2023-23376 as an “Important” elevation of privilege…

Read More
14 Feb

Mozilla Releases Security Updates for Firefox 110 and Firefox ESR

Attacks, Insights, Malware

Original release date: February 14, 2023 Mozilla has released security updates to address vulnerabilities in Firefox 110 and Firefox ESR. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Mozilla’s security advisories for Firefox 110 and Firefox ESR 102.8 for more information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Read More
14 Feb

Citrix Releases Security Updates for Workspace Apps, Virtual Apps and Desktops

Attacks, Insights, Malware

Original release date: February 14, 2023 Citrix has released security updates to address high-severity vulnerabilities (CVE-2023-24486, CVE-2023-24484, CVE-2023-24485, and CVE-2023-24483) in Citrix Workspace Apps, Virtual Apps and Desktops. A local user could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Citrix security bulletins CTX477618, CTX477617, and CTX477616 for more information and to apply the necessary updates. This product is provided subject to this Notification and this…

Read More