Security News

Microsoft has fixed a known issue causing search issues for Outlook users after installing Windows 10 security updates released since November 2021. While a fix for the Outlook search issue is already rolling out to all impacted Windows 10 devices, Microsoft says it's still "Working on a resolution and will provide an update in an upcoming release" for affected Windows 11 systems.

Crypto.com has confirmed that a multi-million dollar cyber attack led to the compromise of around 400 of its customer accounts. Crypto.com CEO: 400 customer accounts hit.

Humanitarian organization the International Red Cross disclosed this week that it has fallen foul of a cyberattack that saw the data of over 515,000 "Highly vulnerable people" exposed to an unknown entity. The target of the attack was the organisation's Restoring Family Links operation, which strives to find missing persons and reunite those separated from their families due to armed conflict, migration, disaster, detention and other catastrophic events.

Another CISO walks into a board meeting and muddles through stats showing their compliance status. In the classic risk management equation of Risk = Threat x Vulnerability, I have no control over the threat actor's motivation, skill, or resources.

Newly combined security outfits McAfee and FireEye have revealed a new name: "Trellix". Readers may find the name familiar, as another tech company used the same name in the 1990s and early 2000s when it offered intranet and web published tools such as Trellix Web.

As networks continue to evolve and security threats get more complex, security analytics plays an increasingly critical role in securing the enterprise. By combining software, algorithms and analytic processes, security analytics helps IT and security teams proactively detect threats before they result in data loss or other harmful outcomes.

The proven approach in the market today is with digital certificates, which leverage PKI. In fact, some of the best authentication mechanisms leverage digital certificates at their core. In this case, when leveraging digital certificates as a baseline for human and machine identities, digital certificates must be provisioned to users and devices, and ultimately, orchestrated and automated.

A widespread phishing operation targeting Southeast Asia's second-largest bank - Oversea-Chinese Banking Corporation - has prompted the Monetary Authority of Singapore to introduce regulations for internet banking that include use of an SMS Sender ID registry. Singapore banks have two weeks to remove clickable links in text messages or e-mails sent to retail customers.

"While the total volume of network attacks shrank slightly, malware per device was up for the first time since the pandemic began," said Corey Nachreiner, CSO at WatchGuard. Attackers disproportionately targeted the Americas - The overwhelming majority of network attacks targeted the Americas in Q3 compared to Europe and APAC. Overall network attack detections resumed a more normal trajectory but still pose significant risks - After consecutive quarters of more than 20% growth, roughly 4.1 million unique network exploits were detected in Q3. The drop of 21% brought volumes down to Q1 levels, which were still high compared to the previous year.

Cyber perils are the biggest concern for companies globally in 2022, according to the Allianz Risk Barometer. Cyber incidents tops the Allianz Risk Barometer for only the second time in the survey's history, Business interruption drops to a close second and Natural catastrophes ranks third, up from sixth in 2021.