From csoonline.com
It’s no secret that cybersecurity jobs are burning people out. It’s a high-pressure environment that ever seems to be ratcheting up the daily demand on security professionals. There are many reasons for this, but underlying them all is the way we think about security. By consciously recognizing these mindsets we can change them and better position everyone for success.
From bleepingcomputer.com
Google has released an emergency Chrome security update to address the first zero-day vulnerability exploited in attacks since the start of the year.
“Google is aware that an exploit for CVE-2023-2033 exists in the wild,” the search giant said in a security advisory published on Friday.
The new version is rolling out to users in the Stable Desktop channel, and it will reach the entire user base over the coming days or weeks.
Chrome users should upgrade to version 112.0.5615.121 as soon as possible, as it addresses the CVE-2023-2033 vulnerability on Windows, Mac, and Linux systems.
This update was immediately available when BleepingComputer checked for new updates from the Chrome menu > Help > About Google Chrome.
From thehackernews.com
Google on Thursday outlined a set of initiatives aimed at improving the vulnerability management ecosystem and establishing greater transparency measures around exploitation.
“While the notoriety of zero-day vulnerabilities typically makes headlines, risks remain even after they’re known and fixed, which is the real story,” the company said in an announcement. “Those risks span everything from lag time in OEM adoption, patch testing pain points, end user update issues and more.”
Security threats also stem from incomplete patches applied by vendors, with a chunk of the zero-days exploited in the wild turning out to be variants of previously patched vulnerabilities.
From gbhackers.com
Hyundai reported a data breach that impacted car owners in Italy and France and people who booked their test drives. The company has warned that hackers accessed customers’ data.
Hyundai owns roughly 3% of the market shares in Italy and France, selling nearly half a million vehicles a year in Europe.
From theregister.com
The Spectre vulnerability that has haunted hardware and software makers since 2018 continues to defy efforts to bury it.
On Thursday, Eduardo (sirdarckcat) Vela Nava, from Google’s product security response team, disclosed a Spectre-related flaw in version 6.2 of the Linux kernel.
The bug, designated medium severity, was initially reported to cloud service providers – those most likely to be affected – on December 31, 2022, and was patched in Linux on February 27, 2023.
“The kernel failed to protect applications that attempted to protect against Spectre v2, leaving them open to attack from other processes running on the same physical core in another hyperthread,” the vulnerability disclosure explains. The consequence of that attack is potential information exposure (e.g., leaked private keys) through this pernicous problem.
From silicon.co.uk
Gartner has identified the top cybersecurity trends for 2023, and has advised organisations to pivot to a human-centric focus so as to establish an effective cybersecurity programme.
This is the central thrust of Gartner’s “Top Trends in Cybersecurity 2023” report (account needed), in which it said security and risk management (SRM) leaders must rethink their balance of investments across technology and human-centric elements when creating and implementing cybersecurity programmes in line with nine top industry trends.
It comes as organisations continue to struggle to fullfill much needed cybersecurity skills, against a constantly wave of threats and risks.
From thehackernews.com
Open source media player software provider Kodi has confirmed a data breach after threat actors stole the company’s MyBB forum database containing user data and private messages.
What’s more, the unknown threat actors attempted to sell the data dump comprising 400,635 Kodi users on the now-defunct BreachForums cybercrime marketplace.
“MyBB admin logs show the account of a trusted but currently inactive member of the forum admin team was used to access the web-based MyBB admin console twice: on 16 February and again on 21 February,” Kodi said in an advisory.