Microsoft adds more security chiefs following recent cyberattacks

Microsoft adds more security chiefs following recent cyberattacks

Microsoft has just unveiled the next step in its major cybersecurity overhaul, and that is to hire security executives for different product groups. Following a string of major cyberattacks, and the subsequent US government “call to arms” of sorts, Microsoft decided to completely revamp its cybersecurity practices, and “put security above all else”, as CEO … Read more

Major industries reported two critical security incidents every day in 2023

Major industries reported two critical security incidents every day in 2023

Major industries, including finance, IT, industrial and government sectors, report over two critical security incidents with direct human involvement per day, new research from Kaspersky shows. The Managed Detection and Response Analyst Report for 2023 details that more than one in five (22.9%) of high-severity incidents in 2023 were reported by the government sector, closely … Read more

Security and interoperability on the cards for US government use of Zoom, Slack and Teams

Security and interoperability on the cards for US government use of Zoom, Slack and Teams

Popular collaboration tools such as Microsoft Teams, Zoom, Slack and Google may be required to implement end-to-end encryption and interoperability if used by US federal agencies. Legislation put forward by US Senator Ron Wyden, titled as the Secure and Interoperable Government Collaboration Technology Act is looking to boost security for such tools following a number … Read more

CISOs are nervous Gen AI use could lead to more security breaches

CISOs are nervous Gen AI use could lead to more security breaches

Chief Information Security Officers (CISO) are becomingly ever more concerned the increasing use of Generative AI tools could lead to more cybersecurity incidents. A new pape by security experts Metomic surveying more than 400 CISOs in the UK and the US found security breaches linked to generative AI worry almost three-quarters (72%) of the respondents. … Read more

Over a billion users could be at risk from keyboard logging app security flaw

Over a billion users could be at risk from keyboard logging app security flaw

Almost a billion mobile users, holding various devices, could have had their communications revealed to malicious third parties, a report from cybersecurity researchers Citizen Lab claims. It says different device manufacturers have used different keyboard apps which were relaying unencrypted communications, transmitting keystrokes via plaintext, and similar. Tencent QQ Pinyin, Baidu IME, iFlytek IME, Samsung … Read more

Microsoft says Russian hackers are exploiting an ancient printer security flaw

Microsoft says Russian hackers are exploiting an ancient printer security flaw

Russian state-sponsored threat actors were observed abusing an old printer vulnerability to drop custom malware on target endpoints. The malware helped them exfiltrate sensitive data and login credentials. This is according to a new report from Microsoft Threat Intelligence, published earlier this week. As per the report, since mid-2019, a group known as Fancy Bear … Read more

A critical security flaw could affect thousands of WordPress sites

A critical security flaw could affect thousands of WordPress sites

Hundreds of thousands of WordPress websites are vulnerable to a critical severity flaw which allows threat actors to upload malware to the site through a bug in a plugin.  As reported by BleepingComputer, Japan’s CERT recently found a critical severity flaw (9.8) in the Forminator plugin, built by WPMU DEV. The flaw, now tracked as … Read more

How to activate iPhone security feature

How to activate iPhone security feature

iPhone Stolen Device Protection offers increased safety for your accounts and financial information if someone steals your handset and its passcode. Here’s how to activate the security feature that debuted in iOS 17.3, and — more importantly — why you should do it now. Stolen Device Protection: How to activate You don’t have to take … Read more

Major Palo Alto security flaw is being exploited via Python zero-day backdoor

Major Palo Alto security flaw is being exploited via Python zero-day backdoor

For weeks now, unidentified threat actors have been leveraging a critical zero-day vulnerability in Palo Alto Networks’ PAN-OS software, running arbitrary code on vulnerable firewalls, with root privilege.  Multiple security researchers have flagged the campaign, including Palo Alto Networks’ own Unit 42, noting a single threat actor group has been abusing a vulnerability called command … Read more