Security News > 2022 > January

Millions of home broadband Wi-Fi routers in the UK could be at risk because many internet users do not take basic security precautions that could protect them from online threats, a research from Broadband Genie has found. In a survey of 1,320 broadband users, it was discovered that 88% have never updated their router firmware and 84% have never changed their router admin password.

The global mobile device management market size to grow from $5.5 billion in 2021 to $20.4 billion by 2026, at a Compound Annual Growth Rate of 29.8% during the forecast period, according to MarketsandMarkets. Mobile device management solutions allow IT teams and admins to control and distribute security policies to mobile devices accessing sensitive corporate data in their organizations, ensuring the corporate network is secure.

A comprehensive third-party security program can align your vendor's security with your internal security controls and risk appetite. The right third-party security management platform can be a smart way to get your program off the ground or automate the one you already have in place.

The government of Ukraine on Sunday formally accused Russia of masterminding the attacks that targeted websites of public institutions and government agencies this past week. "All the evidence points to the fact that Russia is behind the cyber attack," the Ministry of Digital Transformation said in a statement.

A data center migration from eNom web hosting provider caused unexpected domain resolution problems that are expected to last for a few hours. The company said that it received reports of domains using eNom nameservers that were failing to resolve and acknowledged the problem.

A software bug introduced in Apple Safari 15's implementation of the IndexedDB API could be abused by a malicious website to track users' online activity in the web browser and worse, even reveal their identity. That's not the case with how Safari handles the IndexedDB API in Safari across iOS, iPadOS, and macOS. "In Safari 15 on macOS, and in all browsers on iOS and iPadOS 15, the IndexedDB API is violating the same-origin policy," Martin Bajanik said in a write-up.

Microsoft is warning of destructive data-wiping malware disguised as ransomware being used in attacks against multiple organizations in Ukraine. Starting January 13th, Microsoft detected the new attacks that combined a destructive MBRLocker with a data-corrupting malware used to destroy the victim's data intentionally.

Thieves operating for the North Korean government made off with almost $400m in digicash last year in a concerted attack to steal and launder as much currency as they could. Bitcoin used to be a top target but Ether is now the most stolen currency, say the researchers, accounting for 58 per cent of the funds filched.

Phishers are targeting Office 365 users by exploiting Adobe CloudPhishers are creating Adobe Creative Cloud accounts and using them to send phishing emails capable of thwarting traditional checks and some advanced threat protection solutions, Avanan security researcher Jeremy Fuchs warns. Microsoft fixes wormable RCE in Windows Server and WindowsThe first Patch Tuesday of 2022 is upon us, and Microsoft has delivered patches for 96 CVE-numbered vulnerabilities, including a wormable RCE flaw in Windows Server.

Microsoft on Tuesday kicked off its first set of updates for 2022 by plugging 96 security holes across its software ecosystem, while urging customers to prioritize patching for what it calls a critical "Wormable" vulnerability. The patches cover a swath of the computing giant's portfolio, including Microsoft Windows and Windows Components, Exchange Server, Microsoft Office and Office Components, SharePoint Server,.