CyberSecurity Updates

21 Jun

Baffle launches new user interface to simplify application data security

Data Breaches, Malware, Social Engineering

Data security software provider Baffle has released Baffle Manager 2.0, an interface upgrade to automate enterprise-level data protection for applications, analytics, and AI. The user interface upgrade is aimed at simplifying application-level encryptions, which were difficult and time-consuming with legacy systems, the company said in a press statement. “Baffle Manager 2.0 is a single platform where users can create and manage their data protection policies across the cloud, legacy, and third-party applications and stay on…

Read More
21 Jun

PwC and EY impacted by MOVEit cyber attack

Attacks, Data Breaches

Multinational accounting firms PricewaterhouseCoopers (PwC) and Ernst & Young (EY) are among the seemingly ever-growing list of victims linked to a cyber security incident that originated with data transfer service, MOVEit.  A supply chain cyber attack launched at MOVEit by ransomware gang Clop has resulted in a series of data breaches for a large number of high-profile brands including Health Service Ireland (HSE) and payroll services provider Zellis. The breach of Zellis has also led to…

Read More
21 Jun

Why CISOs should be concerned about space-based attacks

Data Breaches, Malware, Social Engineering

Russia didn’t just attack Ukraine on the ground when it invaded that country on February 24, 2022, it also raided Ukraine’s data connections in space. On that date, “a multifaceted and deliberate cyber-attack against Viasat’s KA-SAT network resulted in a partial interruption of KA-SAT’s consumer-oriented satellite broadband service,” Viasat reported on March 30, 2022. According to the satellite services provider, “the cyber-attack did impact several thousand customers located in Ukraine and tens of thousands of…

Read More
20 Jun

Passwords out, passkeys in: are you ready to make the switch?

Information

With passkeys poised for prime time, passwords seem passé. What are the main benefits of ditching one in favor of the other? Chances are good that many of us have had enough of passwords. In a world where we have to manage access for scores of online accounts, passwords no longer seem fit for purpose. Many of us reuse the same, easy-to-remember login credentials across these apps and websites and commit other password-related mistakes, which…

Read More
20 Jun

ASUS warns router customers: Patch now, or block all inbound requests

Information

by Paul Ducklin ASUS is a well-known maker of popular electronics products, ranging from laptops and phones to home routers and graphics cards. This week, the company published firmware updates for a wide range of its home routers, along with a strong warning that if you aren’t willing or able to update your firmware right now, then you need to: [Disable] services accessible from the WAN side to avoid potential unwanted intrusions. These services include…

Read More
20 Jun

VMware Confirms Live Exploits Hitting Just-Patched Security Flaw

Information, News

Less than two weeks after shipping urgent patches to cover security defects in its Aria Operations for Networks product, VMware says hackers have started launching exploits in the wild. The virtualization technology giant on Tuesday updated a critical-level bulletin with a blunt warning to businesses running the network monitoring software: “VMware has confirmed that exploitation of CVE-2023-20887 has occurred in the wild.” The live exploits, first flagged by GreyNoise, target the CVE-2023-20887 command injection vulnerability…

Read More
20 Jun

Western Digital blocks unpatched My Cloud devices

Data Breaches, Malware, Social Engineering

Western Digital has blocked devices running vulnerable firmware versions from accessing its cloud services, the company said in an advisory. The move comes about a month after the company released firmware updates for its My Cloud product line to address a critical path traversal bug that leads to remote code execution (RCE). “Devices running unpatched firmware versions will not be able to connect to Western Digital cloud services starting June 15, 2023, and users will…

Read More
20 Jun

Security budget hikes are missing the mark, CISOs say

Data Breaches, Malware, Social Engineering

Misguided expectations on security spend are causing problems for CISOs despite notable budget increases. That’s according to new research from risk and cybersecurity solutions provider BSS, which surveyed 150 security leaders. It found that while most CISOs are experiencing noteworthy increases in security funding, impractical expectations of budget holders are leading to significant amounts being spent on what’s hitting the headlines instead of strategic, business-centric investment in security defenses. This lack of understanding shows that…

Read More
20 Jun

Why assessing third parties for security risk is still an unsolved problem

Data Breaches, Malware, Social Engineering

A Forbes article is making the rounds right now about America’s most cyber-secure companies, and I can already see the cybersecurity outrage machine up in arms. Full confession: I haven’t yet read the article, but I’m about to. I’m writing this in two parts: before I read the article, and after I read the article. Part I: What are the most cyber-secure companies? If you ask me to list the most cyber-secure companies (what does…

Read More
19 Jun

Megaupload duo will go to prison at last, but Kim Dotcom fights on…

Information

by Paul Ducklin For the third time in about a week, cybersecurity law-and-order news includes a criminal case that’s been brewing for more than a decade. This time, the news is prison sentences for two of the main four original defendants in the infamous Megaupload saga. If you weren’t following cybersecurity a decade ago, we’ll recap directly from the article we published at the time of the site’s takedown by the FBI in early 2012:…

Read More