With under a week of April remaining, we take a look back at this month’s top security updates. Cyber security news Apr 2023 features a second zero-day cyber-attack against Google Chrome. We then turn to the NCSC for a piece on a new cyber security guide setting out best practices for creating connected places. Finally, we view enhanced measures designed to better protect the UK government.
Urgent patch update released for Google Chrome
Earlier this month, Google’s Threat Analysis Group (TAG) discovered and reported a new, actively exploited zero-day flaw in its Chrome web browser. Last Tuesday (April 18th), a patch update was released as users are recommended to upgrade to the following versions:
- Windows: 112.0.5615.137/138
- macOS: 112.0.5615.137
- Linux: 112.0.5615.165 for Linux
Users of Microsoft Edge, Brave, Opera and Vivaldi are advised to apply fixes as soon as they become available. For more information on the second Chrome zero-day vulnerability to be exploited, we’d recommend this article from The Hacker News.
Joint guidance to help communities create secure smart cities published
The new guide has been issued by the NCSC and agencies from the US, Australia, Canada and New Zealand. ‘Cybersecurity Best Practices for Smart Cities’ highlights that smart cities / connected places can offer communities cost savings and quality-of-living improvements. It does however note that potential risks do exist and must be carefully considered by communities adopting the technology. This NCSC article on the guidance for smart cities lists some of the risks:
- A larger, interconnected attack surface is created
- There are additional risks to the supply chain
- Automating infrastructure operations leads to new vulnerabilities
Do you live in a smart city? Are you concerned about the risks associated with such ‘connected places’? You can read the joint guidance on the official CISA website.
New cyber security measures launched by the UK Government
Last week, the Cabinet Office announced new measures to better protect the UK government’s IT systems. The measures are more stringent and will include security reviews for all government departments plus certain ‘arm’s length’ bodies. ‘GovAssure’ is set to be run by the Government Security Group, and will seek to improve cyber resilience against “growing hostile cyber threats.” What does the introduction of these new measures tell us then? For one thing, it is yet another demonstration of the growing importance of being cyber aware. Having a robust cyber security strategy in place is now essential for many bodies and organisations. Cyber-criminals are thriving in our technologically advanced world. Potential victims are everywhere, no matter the relative size or importance. Even individuals can be targeted these days – do you have any measures in place to protect your own IT systems and data?
Cyber security news Apr 2023 offers but a small snapshot of the security landscape at this moment in time. We have listed 3 stories here but could have just as easily listed 30, or even 300. With this much news coverage, does it not make sense then to revisit your own security efforts?