Security News > 2021 > November

SailPoint survey finds that younger workers also are more likely to use company email addresses for online shopping and subscriptions. This SailPoint survey asked 500 U.S. workers about how they use email and deal with phishing attacks.

Rootkits are expensive and complex to build but worth the investment for cybercriminals looking to harvest data, according to a new report. Positive Technologies studied rootkits used by hacker groups over the last 10 years.

BlackMatter, which operates as a ransomware as a service operation, will still allow its infrastructure to issue mail to companies for further communication as well as permit its affiliates to get a decryptor for its ransomware, according to the message. VX-Underground told BleepingComputer that the message was sent to the organization directly from BlackMatter, according to a published report.

CISA has issued this year's first binding operational directive ordering federal civilian agencies to mitigate security vulnerabilities exploited in the wild within an aggressive timeline. "BIG step forward today in protecting Federal Civilian Networks-Binding Operational Directive 22-01 establishes timeframes for mitigation of known exploited vulnerabilities and requires improvements in vulnerability management programs," said CISA Director Jen Easterly.

Microsoft says Windows 11 users might experience issues opening or using some built-in apps and features due to an expired digital certificate. "Starting on November 1, 2021, some users might be unable to open or use certain built-in Windows apps or parts of some built-in apps that have not installed KB5006746, released October 21, 2021," Microsoft explained on the Windows health dashboard.

It turns out that it's surprisingly easy to create a fake Harvard student and get a harvard. Basically, it appears that anyone with $300 to spare can ­- or could, depending on whether Harvard successfully shuts down the practice - advertise nearly anything they wanted on Harvard.

Campaigners want a new code of practice alongside a proposed public interest defence for the Computer Misuse Act 1990, in the hope it will protect infosec pros from false threats of prosecution. In a published paper, CyberUp said it wants judges "To 'have regard to' Home Office or Department for Digital, Culture, Media and Sport guidance on applying a statutory defence that would, ideally, be based on the framework we propose."

SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Table of contents How to develop a skilled cybersecurity team.

Tenable has released Nessus 10 and extended supported platforms to include Raspberry Pi, allowing penetration testers, consultants, security teams and students to deploy the power of Nessus anywhere. With Nessus v10.0 now available on Raspberry Pi, consultants can easily ship disposable scanners to clients for remote-friendly assessments.

While cyber insurance is an effective risk transference mechanism, don't confuse it with having a plan. Boards and C-suites understand and commonly factor in a variety of business risks, including market risk, supply chain risk, and liquidity risk, yet many don't understand industrial cyber risk.