A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. A bumper announcements of breaches this past week. The earlier one being continual woes at Twitter not helped by this announcement and inevitable fallout.

The Telecom Regulatory Authority of India (TRAI), the government’s telecom authority, would implement a caller identification system similar to other caller ID applications on the app store within the next three weeks. The new system will employ KYC verification to guarantee that callers’ identities are real and aren’t forged with synthetic identities.

The evolution of application design and cloud-native technologies means that developers can no longer rely on traditional authentication and authorization methods to be effective. While new standards for authentication already exist and are easily implemented, authorization remains a challenge, especially in a fast-paced, dynamic cloud environment. One method of solving this issue is to externalize authorization, allowing policy management to be decoupled from the application itself.

Roles make it easier to grant and revoke privileges for users of a relational database. Rather than managing privileges for each user individually, you manage privileges for each role and all changes apply to all users who are assigned that role. Organizations often create multiple roles to suit their unique needs. However, most databases come with a pre-defined role called PUBLIC. In this blog, we explain what the PUBLIC role means in Oracle and key best practices for using it.

Unconstrained delegation represents a serious cybersecurity risk. By taking steps to abuse the Active Directory delegation controls applied to user and computer objects in an AD environment, an attacker can move laterally and even gain control of the domain. This blog post explores this area of attack (unconstrained delegation) and offers security teams and administrators effective strategies for mitigating this security risk.

Every wise software developer and publishing firm knows the importance of a code signing certificate for their executables, codes, and scripts. For the uninitiated, code signing helps give your software a mark of genuine and trusted publisher for users to download and install. Moreover, it safeguards your executables with a digital signature and alerts users if they are altered or modified after signing.

Email is embedded into the everyday lives of U.S. adults. For starters, the average person receives over 100 emails a day. To sort through all of that, workers spend an average of five hours a day checking their email. With this communication tool demanding so much of our attention, it’s no wonder cybercriminals use it as a preferred method for carrying out major attacks.

Timerie Bahler is no stranger to digging deep into the data of organizations – from telecommunications to trucking and finance companies. Many different industries, with many different challenges. What they all have in common is that somewhere in the data there’s always something new to discover that has the power to enhance operations and bottom lines. And that keeps Timerie motivated, professionally, as she turns ostensibly hidden information into actionable insight.

SaaS (Software as a Service) companies cannot function without certain consumer data. For starters, you’ll need the customers’ names and email addresses for your marketing and sales operations. And as leads turn into customers, you may also need their payment details. Now, as your company collects more consumer data, it also becomes a target for data breaches. Remember the March 2022 HubSpot security incident?

CrowdStrike Services reviews a recent, extremely persistent intrusion campaign targeting telecommunications and business process outsourcing (BPO) companies and outlines how organizations can defend and secure their environments.