Security News > 2022 > January

Ransomware attacks used to be limited to a single attack / single extortion attempt, where hackers would demand payment in exchange for decrypting the target organization's files they've encrypted. In addition to ransomware, supply chain attacks have been very effective lately and are also on the rise, with the current trend seeing most of them targeting software companies, with high profile examples including attacks against SolarWinds and Codecov.

EO 14028 instructs agencies to adopt a zero-trust model including comprehensive identity management, continuous authorization, least privilege, separation of duties, network segmentation, and privilege access management controls. Let's be specific: if agencies have an effective unified endpoint management solution, including mobile device management, that provides asset discovery and inventory management, and it already feeds an IT service management platform and configuration management database, then a large part of what EDR provides is already in place and working.

Netskope released a research highlighting the continued growth of malware and other malicious payloads delivered by cloud applications. The year-over-year analysis identifies the top trends in cloud attacker activities and cloud data risks from 2021 as compared to 2020, and examines changes in the malware landscape throughout 2021, highlighting that attackers are achieving more success delivering malware payloads to their victims and offering advice for improving security posture in 2022.

Cybercrime continues to be a major concern, with 51% of SMEs experiencing a cybersecurity breach, a Markel Direct survey reveals. In this survey that polled 1000 respondents, Markel Direct explored the issue of cybercrime and its impact on the self-employed and SMEs.

Technology-related employment and hiring opportunities continue to expand, according to an analysis by CompTIA. December's technology employment gains bucked the generally underwhelming national employment trend. Technology industry companies added 11,000 workers in December, data from "Employment Situation" report from the U.S. Bureau of Labor Statistics reveals.

The global digital asset management market is expected to grow at a compound annual growth rate of 18.36% over the forecast period to reach a market size of $10.018 billion in 2026, from $3.078 billion in 2019, according to ResearchAndMarkets. The growing era of digital content across all industries from healthcare and finance to publishing and education is contributing to the growth of the digital asset management market.

Specops Password Auditor is a read-only tool that scans your Active Directory and identifies password-related vulnerabilities. The collected information generates multiple interactive reports containing user and password policy information.

Amid renewed tensions between the U.S. and Russia over Ukraine and Kazakhstan, American cybersecurity and intelligence agencies on Tuesday released a joint advisory on how to detect, respond to, and mitigate cyberattacks orchestrated by Russian state-sponsored actors. To that end, the Cybersecurity and Infrastructure Security Agency, Federal Bureau of Investigation, and National Security Agency have laid bare the tactics, techniques, and procedures adopted by the adversaries, including spear-phishing, brute-force, and exploiting known vulnerabilities to gain initial access to target networks.

Most of us have heard the three primary approaches mentioned - Native XDR, Open XDR and Hybrid XDR - but still don't understand the key benefits and drawbacks of each. Native XDR. A single vendor that offers all components of an XDR solution is considered Native XDR. This means that the buyer will not need to purchase and integrate additional technology solutions into the Native XDR platform to enjoy the benefits.

For its first Patch Tuesday of 2022, Redmond has bestowed 96 new CVEs affecting its Windows products. If you include 24 Chromium CVEs published earlier this month and now addressed in Microsoft's Edge browser, in addition to two CVEs in open source projects, you get 122 fixes that need to be applied.