SecurityWeek

Noteworthy stories that might have slipped under the radar: cybersecurity funding increases, new laws, and government’s illegal use of smartphone location data.

CISA and the NSA are urging network defenders and software developers to address the top ten cybersecurity misconfigurations.

The fundraising software company Blackbaud has agreed to pay $49.5 million to settle claims brought by the attorneys general of 49 states and Washington, D.C., related to a 2020 data breach.

CISA has removed from its KEV catalog five Owl Labs video conferencing flaws that require the attacker to be in Bluetooth range.

Cisco warns that unauthenticated, remote attackers can log into devices using root account, which has default, static credentials that cannot be changed or deleted.

GitHub beefs up its secret scanning feature, now allowing users to check the validity of exposed credentials for major cloud services.

BlackBerry plans to split its cybersecurity and IOT (Internet of Things) businesses and pursue an IPO for the IOT unit early next year.

ICRC is telling hacktivists involved in conflict during war to avoid targeting civilian objectives and hospitals, or making threats of violence.

New US government guidance details the challenges that application developers and vendors face in identity and access management (IAM).

The Linux Foundation has announced OpenPubkey, an open source cryptographic protocol that should help boost supply chain security. 

Addressing the people problem with effective approaches and tools for users and security practitioners will enable us to work smarter, and force attackers into a position where they must work harder.

Qakbot cybercriminals continue to push malware, which shows they are still operational after the recent takedown attempt.

Threat actor uses typosquatting to trick hundreds of users into downloading a malicious NPM package that delivers the r77 rootkit.

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups. 

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Atlassian confirms that “a handful of customers” were hit by exploits targeting a remotely exploitable flaw in its Confluence Data Center and Server products.

Supermicro has released BMC IPMI firmware updates to address multiple vulnerabilities impacting select motherboard models.

International mobile network operator Lyca Mobile says a cyberattack has significantly disrupted its services in many countries.

A local privilege escalation vulnerability (CVE-2023-4911) in the GNU C Library (glibc) can be exploited to gain full root privileges.

Google and Yahoo are introducing new requirements for bulk senders, to improve phishing and spam protections.