A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. A somewhat shocking move by Google don’t you think? However I don’t think this is shocking at all…
After 4 months of hard work we’re proud to announce the release of Teleport version 12! From expanded Windows and Kubernetes support, to a preview of a brand new feature we’re calling Device Trust, Teleport 12 is loaded with improvements and new capabilities that make it easier than ever to securely access your entire infrastructure ecosystem.
We’re proud to announce that SecurityScorecard has been named to Fast Company’s prestigious annual list of the World’s Most Innovative Companies for 2023. This list highlights companies at the forefront of their respective industries, who are rethinking business and culture, while paving the way for future innovations. We’re honored to join the ranks of other innovators, such as OpenAI, Disney, and Tiffany & Co.
Every federal administration for the past 20 years has issued a cybersecurity strategy, so in one sense the National Cybersecurity Strategy issued by the Biden administration on March 2, 2023 is not unexpected. The big difference, however, lies in the recommendations: For the first time, the government is pressing for regulatory mandates on key industry sectors that control wide swathes of critical infrastructure nationwide.
In October of 2022, a critical flaw was found in the SnakeYAML package, which allowed an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Finally, in February 2023, the SnakeYAML 2.0 release was pushed that resolves this flaw, also referred to as CVE-2022-1471. Let’s break down how this version can help you resolve this critical flaw.
Threat actors continue to exploit cloud services for cyber espionage, and a new campaign by a threat cluster named WIP26, discovered recently by researchers at Sentinel One in collaboration with QGroup, targeting telecommunication providers in the Middle East, confirms this trend.
Amazon Web Services (AWS) is the world’s largest cloud provider, with well over a million active users. The popularity of AWS makes it one of the biggest targets for cybercriminals — and one of the leading contributors to breaches is incorrectly configured Amazon S3 buckets. For example, an insecure bucket led to the unauthorized access of 23 million documents and 6.5 TB of data belonging to Pegasus Airlines.
