Google this week announced that new warnings added in the Google Workspace Alert Center will keep administrators notified of critical and sensitive configuration changes.

Previously known as G Suite, Google Workspace provides secure collaboration and productivity tools for enterprises of all sizes. Accessible from anywhere in Google Workspace, the Alert Center delivers real-time security alerts and insights, to help admins mitigate threats such as phishing and malware.

With the new alerts in place, admins will also receive notifications whenever select changes are made to their Google Workspace configurations.

The infamous North Korean Lazarus hacking group is the prime suspect in the $100 million hack of Harmony’s Horizon Bridge, according to new data and research from blockchain analytics firm Elliptic.

The multi-million compromise, confirmed by Harmony earlier this month, led to the theft of ETH, BNB, USDT, USDC and Dai from the Horizon cross-chain bridge and now there’s evidence linking the heist to Lazarus, a hacking outfit linked to the North Korean government.

Elliptic, a London-based blockchain analysis firm, says the hackers have started moving funds through Tornado Cash, a mixer typically used to hide cryptocurrency transaction trails.

“The Horizon Bridge hacker has so far sent 41% of the $100 million in stolen crypto assets into the Tornado Cash mixer,” Elliptic said on Friday. “[We used our] Tornado demixing capability to trace all of the stolen funds through Tornado and onwards to other wallets,” the company added.

Broadcom revealed recently that some of the software provided by its storage networking subsidiary Brocade is affected by several vulnerabilities, and it seems possible that the flaws could impact the products of several major companies.

According to Broadcom, the Brocade SANnav storage area network (SAN) management application is affected by nine vulnerabilities. Patches have been made available for these security holes.

Six of them impact third-party components such as OpenSSL, Oracle Java and NGINX, and they have been rated “medium severity” or “low severity”. Exploitation of these flaws can allow an attacker — in many cases unauthenticated attacker — to manipulate data, decrypt data, and cause a denial of service (DoS) condition.

The remaining three vulnerabilities are specific to Brocade SANnav and they have been assigned a “high” severity and risk impact rating. They can allow an attacker to obtain switch and server passwords from log files, and intercept potentially sensitive information due to static key ciphers.

The security bugs (CVE-2022-28167, CVE-2022-28168 and CVE-2022-28166) were discovered internally and there is no evidence of exploitation in the wild.

However, the storage solutions of several companies that work with Brocade could be affected by these vulnerabilities.

In an advisory published this week, HPE informed customers that its B-Series SANnav Management Portal is affected by the flaws and advised them to install the latest updates.

HPESBST04329 rev.1 – HPE B-Series SANnav Management Portal, Multiple Vulnerabilities
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04329en_us