Cyber Security Today, Feb. 24, 2023 – Holes in open source software, ransomware gang tries to evade cyber insurers and more

Share post:

Holes in open source software, ransomware gang tries to evade cyber insurers and more

Welcome to Cyber Security Today. It’s Friday, February 24th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for and in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Creators of open-source projects still aren’t doing enough to ensure their code is squeaky clean. Researchers at Synopsys released their annual Open Source Security and Risk Analysis report this week, which looked at 1,700 audits of commercial and proprietary software. And the results weren’t pretty. Eighty-four per cent of the codebases examined had at least one known open source vulnerability. That’s up four per cent from last year. Here’s something else: Of the 1,480 audited codebases that included risk assessments by corporate owners of the software, 91 per cent contained outdated versions of open-source components. Developers of applications and IT departments that buy them need to have complete visibility of their software, says Synopsys. It helps for developers to create and buyers to demand a software bill of goods, the company adds.

Hackers have created a new class of bugs that get around the security protection of iPhones,iPads and Macs. Researchers at Trellix found the malware could evade protections preventing unapproved software running on the macOS and iOS operating systems. Normally this would be a significant breach of the Apple security model. However, the vulnerabilities were addressed with the recent releases of macOS 13.2 and iOS 16.3. Which is why you should have installed them by now.

The HardBit ransomware gang has a new tactic for dealing with corporate victims: Rather than haggling over payment to get access to encrypted data back, organizations are asked to go behind the backs of their insurers and divulge details of their cyber insurance policies (if they have one). Then the payment demanded will just be the maximum under the coverage. It’s pitched as a deal: If the gang knows you are insured only for, say $10 million, it promises not to demand more than $10 million.

A Russian citizen has been extradited to the U.S. from the republic of Georgia to face computer fraud and other charges. The man was arrested last October. It is alleged he created a program able to decrypt scrambled login credentials, a program he sold to other crooks. He also sold the cracked passwords.

Finally, if you use the Google Chrome browser make sure it’s running the latest version. This week it began rolling out a Windows version that starts with 110 and ends with .117 that fixes 10 security flaws, one of which is critical

That’s it for now. But later today the Week in Review will be available. Guest commentator Terry Cutler and I will look at employees falling for SMS text scams, information security leaders leaving their jobs and more.

Links to details about podcast stories are in the text version at That’s where you’ll also find other stories of mine.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon

The post Cyber Security Today, Feb. 24, 2023 – Holes in open source software, ransomware gang tries to evade cyber insurers and more first appeared on IT World Canada.

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs



Related articles

Kaspersky uncovers malware targeting iPhones running iOS 15.7 and below

Kaspersky has uncovered a sophisticated malware campaign specifically designed to infect iPhones running up to iOS 15.7 through...

WordPress fixes critical Jetpack plugin vulnerability

WordPress has addressed a critical flaw discovered in the Jetpack plugin, which had the potential to enable authors...

Akamai discovers Dark Frost botnet exploiting gaming platforms

Akamai's security intelligence response team recently has alerted the general public of Dark Frost, a botnet that has...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways