Network Security

Issued by: Dark Reading

Cybersecurity vendor CrowdStrike introduced new extended detection and response (XDR) capabilities within its Falcon platform to secure “extended” internet of things (XIoT). CrowdStrike Falcon Insight for IoT delivers tailored threat prevention, rapid patch management, and interoperability across XIoT assets. XIoT is a broader category of assets and encompasses the Internet of Things, Industrial IoT, Operations…

Cloud Security

Issued by: CSO Online

Recent destructive attacks against organizations that masquerade as a ransomware operation called DarkBit are likely performed by an advanced persistent threat (APT) group that’s affiliated with the Iranian government. During some of these operations the attackers didn’t limit themselves to on-premises systems but jumped into victims’ Azure AD environments where they deleted assets including entire…

Cloud Security

Issued by: CSO Online

Managing identities and their access permissions is becoming more complicated. Digital sprawl has led to an explosion in permissions across multicloud environments, and consistent oversight is lacking. As many as 99% of cloud permissions are going unused, and this represents a significant risk for enterprise businesses. As more organizations transition to Zero Trust security models,…

Vulnerabilities

Issued by: SecurityWeek

The newest iOS 16.4.1 and iPadOS 16.4.1 updates cover code execution software flaws in IOSurfaceAccelerator and WebKit, suggesting a complex exploit chain was detected in the wild hitting the latest iPhone devices. “Apple is aware of a report that this issue may have been actively exploited,” Cupertino says in a barebones advisory that credits Google…

Network Security

Issued by: CSO Online

Developers of ThingsBoard, an open-source platform for managing IoT devices that’s used in various industry sectors, have fixed a vulnerability that could allow attackers to escalate their privileges on a server and send requests with administrative privileges. The vulnerability, tracked as CVE-2023-26462, was discovered and privately reported by researchers from IBM Security X-Force. It stems…

Network Security

Issued by: The Hacker News

Every year hundreds of millions of malware attacks occur worldwide, and every year businesses deal with the impact of viruses, worms, keyloggers, and ransomware. Malware is a pernicious threat and the biggest driver for businesses to look for cybersecurity solutions. Naturally, businesses want to find products that will stop malware in its tracks, and so…

Mobile Security

Issued by: SecurityWeek

Google’s Android security bulletin for April 2023 describes 26 vulnerabilities resolved in the Framework and System components as part of the 2023-04-01 security patch level. Most of these are high-severity flaws leading to elevation of privilege (EoP) or information disclosure. Two of the 16 issues addressed in System, however, are critical-severity RCE bugs, tracked as…

Network Security

Issued by: Dark Reading

Mimecast, an advanced email and collaboration security company, today announced the publication of its annual “The State of Email Security 2023” (SOES) report. The global survey is based on responses from 1,700 IT and security decision-makers, providing readers with key takeaways on the current threat landscape and offering recommendations to help organizations improve their cybersecurity…

Network Security

Issued by: Security Affairs

WordPress security firm PatchStack warns of a high-severity vulnerability in the Elementor Pro WordPress plugin that is currently being exploited by threat actors in the wild. Elementor Pro is a paid plugin that is currently installed on over 11 million websites, it allows users to easily create WordPress websites. This vulnerability was reported on March…