Data Breaches

Iron Tiger, an advanced persistent threat (APT) group, has updated their SysUpdate malware to include new features and add malware infection support for the Linux platform, according to a report by Trend Micro. The earliest sample of this version was observed in July 2022 and after finding multiple similar payloads in late October 2022, Trend Micro researchers started looking into it and found similarities with the SysUpdate malware family. Iron Tiger is a group of China-based…

Read More

IBM and data security and backup provider Cohesity have formed a new partnership, calling for Cohesity’s data protection functionality to be incorporated into an upcoming IBM storage product suite, dubbed Storage Defender, for better protection of end-user organizations’ critical information. The capabilities of Cohesity’s DataProtect backup and recovery product will be one of four main feature sets in the Storage Defender program, according to an announcement from IBM Thursday. The Storage Defender suite is designed…

Read More

The White House released its long-anticipated National Cybersecurity Strategy, a comprehensive document that offers fundamental changes in how the US allocates “roles, responsibilities, and resources in cyberspace.” The strategy involved months of discussions among more than 20 government agencies and countless consultations with private sector organizations. It encompasses virtually all the weaknesses and challenges inherent in cybersecurity, from software vulnerabilities to internet infrastructure vulnerabilities to workforce shortages. Chief among the changes proposed in the strategy…

Read More

Researchers from cloud security firm Snyk recently discovered a vulnerability that would have allowed attackers to perform full account takeover and remote code execution (RCE) in Gitpod, a popular cloud development environment (CDE). Cloud-based development environments are popular because they’re easier to deploy and maintain than local ones and promise better security. However, organizations should properly assess security risks CDEs can introduce and are unique to their architectures, especially since they haven’t received much scrutiny from…

Read More

Like “SBOMs will solve everything,” there is a regular cry to reform software liability, specifically in the case of products with insecurities and vulnerabilities. US Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly’s comments this week brought the topic back into focus, but it’s still a thorny issue. (There’s a reason certain things are called “wicked problems.”) The proposed remedy, taking up a full page of the Biden Administration’s National Cybersecurity Strategy, will cause…

Read More

Booking.com, one of the world’s largest online travel agencies, recently patched a vulnerability in its implementation of the OAuth protocol that could have allowed attackers to gain access to customer accounts by simply tricking them into clicking a link. The attack combined three separate issues that on their own could be categorized as low risk and could be introduced by many developers into their implementations. “For the OAuth issues we found, had a bad actor…

Read More

Microsoft has launched the general availability of Microsoft Intune Suite, a consolidation of its endpoint management and security solutions to streamline protection for cloud-connected and on-premises endpoints.  The consolidation is aimed to serve as a single vendor for all endpoint security needs for the customers to have single analytics, rather than multiple disparate datasets, with a consistent visibility to potential vulnerabilities and anomalies, according to a company blog post. “Microsoft Intune is an industry-leading, unified…

Read More

Known vulnerabilities as old as 2017 are still being successfully exploited in wide-ranging attacks as organizations fail to patch or remediate them successfully, according to a new report by Tenable.  The report is based on Tenable Research team’s analysis of cybersecurity events, vulnerabilities and trends throughout 2022, including an analysis of 1,335 data breach incidents publicly disclosed between November 2021 and October 2022. Of the events analyzed, more than 2.29 billion records were exposed, which accounted…

Read More