Social Engineering

Researchers warn that the UEFI firmware in many motherboards made by PC hardware manufacturer Gigabyte injects executable code inside the Windows kernel in an unsafe way that can be abused by attackers to compromise systems. Sophisticated APT groups are abusing similar implementations in the wild. “While our ongoing investigation has not confirmed exploitation by a specific threat actor, an active widespread backdoor that is difficult to remove poses a supply chain risk for organizations with…

Read More

Improperly deactivated and unmaintained Salesforce sites are vulnerable to threat actors who can gain access to sensitive business data and personally identifiable information (PII) by simply changing the host header. That’s according to new research from Varonis Threat Labs, which explores the threats posed by Salesforce “ghost sites” that are no longer needed, set aside, but not deactivated. These sites are typically not maintained or tested against vulnerabilities, while admins fail to update security measures…

Read More

Cybersecurity vendors Trellix and Netskope have announced new support for Amazon Security Lake from AWS, which became generally available on May 30. Trellix customers can now integrate their security data lake into the Trellix XDR security operations platform to enhance detection and response capabilities for their AWS environments. Meanwhile, Netskope customers can export logs from the Netskope Intelligent Security Service Edge (SSE) platform to Amazon Security Lake to improve visibility and threat remediation. AWS launched…

Read More

Barracuda has patched a zero-day vulnerability that had been exploited since October to backdoor customers’ Email Security Gateway (ESG) appliances with custom malware and steal data, the company said on Tuesday.  “On May 19, 2023, Barracuda Networks identified a remote command injection vulnerability (CVE-2023-2868) present in the Barracuda Email Security Gateway (appliance form factor only) versions 5.1.3.001-9.2.0.006,” the company said, adding that the vulnerability stemmed from incomplete input validation of user-supplied .tar files as it…

Read More

At the very heart of enterprise security is the tension between convenience and safety. The business longs for the ease of users, in competition with the demands of security. Authentication is a main theater for this tension, directly impacting the onboarding and login experience. Federated identity is at the forefront in addressing this tension, affording a good user experience without sacrificing security. Federated identity management (FIM) makes it possible to share a single digital identity…

Read More

Phishing was the most common type of identity-related incident in 2022, according to a study by Identity Defined Security Alliance (IDSA), a nonprofit identity and security intelligence firm. The study, commissioned through Dimensional Research, also revealed that the top phishes among the incidents included email phishing, spear phishing, and vishing/smishing incidents. “With a spike in digital identities comes an increase in cyberattacks targeting them. By far the most significant reason behind this was employees unknowingly…

Read More

Cybersecurity pioneer Mikko Hyppönen began his cybersecurity career 32 years ago at Finnish cybersecurity company F-Secure, two years before Tim Berners-Lee released the world’s first web browser. Since then, he has defused global viruses, searched for the first virus authors in a Pakistani conflict zone, and traveled the globe advising law enforcement and governments on cybercrime. He has also recently published a book, If It’s Smart, It’s Vulnerable, where he explains how the growth of…

Read More

SaaS-based customer identity and access management (CIAM) provider Frontegg has launched entitlements engine, an authorization management capability aimed at helping app developers and revenue teams streamline access authorization. The new engine will be powered by context-aware logic controls (CALC) technology to effect context-based, fine-grained authorization controls, Frontegg said. “The old way of building SaaS apps required the use of many different solutions to solve in-app entitlements — role-based access control (RBAC), attribute-based access control (ABAC), feature flag…

Read More

A screen recorder app with over 50,000 downloads on Google Play Store was found to be discreetly recording audio using the device’s microphone and stealing files, suggesting it might be part of an espionage campaign, according to researchers at ESET. iRecorder was a legitimate app made available in September 2021 and a remote access trojan (RAT) AhRat was most likely added to it in 2022. The app is currently unavailable on the app store. AhRat: the…

Read More

Finding qualified staff to replace vacancies or build out an expanding team can be a nightmare for already overburdened CISOs, especially given there’s a pernicious and ongoing shortage of skilled cybersecurity workers in the job market. One creative alternative to frustratedly trolling job-search sites is to look inward, rather than outward — to find capable, smart people already working at a company in other areas and train them to fill roles on the cyber team.…

Read More