Security News > 2022 > January

As per the study of Astute Analytica, the global cybersecurity market is anticipated to grow at a CAGR of 13.40% during the forecast period of 2021 to 2027. The market marked a revenue of $162.9 Bn in the year 2021 and is estimated to reach $346 Bn by the end of the year 2027, with around 2.4 times of growth over the study period.

The U.S. Treasury Department on Thursday announced sanctions against four current and former Ukrainian government officials for engaging in "Russian government-directed influence activities" in the country, including gathering sensitive information about its critical infrastructure. The agency said the four individuals were involved in different roles as part of a concerted influence campaign to destabilize the nation, while also accusing Russia's national security authority, the Federal Security Service, of recruiting Ukrainians in key positions to create instability.

In spite of customers having reported losses over the weekend, Crypto.com's Thursday statement said that the heist happened on Monday at about 12:46 a.m. UTC. That's when the exchange's risk monitoring systems picked up on unauthorized transactions coming out of 483 accounts and being approved without users' 2FA authentication. The exchange fully restored the affected accounts, revoked all 2FA tokens and added additional security hardening measures, requiring all customers to re-login and set up their 2FA token.

Microsoft released a list of twenty-five group policies that admins should not use in Windows 10 and Windows 11 as they do not provide optimal behavior or cause unexpected results. Windows Senior Program Manager Aria Carley hinted in December warned admins that admins should avoid using various group policies in Windows 10 and Windows 11.

Crypto.com on Thursday said in a roundabout way that an unidentified person stole or attempted to steal as much as $34m in cryptocurrency from customer accounts. In an update on the cyberattack reported earlier this week, the Singapore-based firm said it "Learned that a small number of users had unauthorized crypto withdrawals on their accounts."

Researchers have uncovered several spyware campaigns that target industrial enterprises, aiming to steal email account credentials and conduct financial fraud or resell them to other actors. Kaspersky calls these spyware attacks 'anomalous' because of their very short-lived nature compared to what is considered typical in the field.

Lenovo at CES announced new ThinkPads with AMD's Ryzen chips, and the laptops will ship without Pluton turned on. "Pluton will be disabled by default on 2022 Lenovo ThinkPad platforms. Specifically the Z13, Z16, T14, T16, T14s, P16s and X13 using AMD 6000-series processors. Customers will have the ability to enable Pluton themselves," a Lenovo spokesperson told The Register.

"Pluton will be disabled by default on 2022 Lenovo ThinkPad platforms. Specifically the Z13, Z16, T14, T16, T14s, P16s and X13 using AMD 6000-series processors. Customers will have the ability to enable Pluton themselves," a Lenovo spokesperson told The Register. Pluton is designed for Windows PCs, and support for Linux "Is currently an unsupported scenario," Microsoft spokesperson told The Register.

Cisco released a security update warning about a handful of vulnerabilities lurking in its networking technology, led by a critical bug in the company's StarOS debug services. Cisco pushed out a fix for its Cisco StarOS Software on Wednesday.

Threat actors have weaponized a newly discovered bug in SolarWinds Serv-U file-sharing software to launch Log4j attacks against networks' internal devices, Microsoft warned on Wednesday. SolarWinds fixed the vulnerability in Serv-U version 15.3, released on Tuesday.