Security News > 2022 > January

The European Data Protection Supervisor has ordered European Union law enforcement agency Europol to delete any data it has on individuals that's over six months old, provided there's no link to criminal activity. The investigation concluded the law enforcement agency needed to up its game when it came to data minimisation and retention and encouraged Europol to make necessary changes and then let the EDPS know of its action plan.

The Night Sky ransomware gang has started to exploit the critical CVE-2021-44228 vulnerability in the Log4j logging library, also known as Log4Shell, to gain access to VMware Horizon systems. Spotted in late December 2021 by security researcher MalwareHunterTeam, Night Sky ransomware focuses on locking enterprise networks.

Electric car chargers will have to include secure boot and automatic network disconnection if unsigned software runs on the smart devices - but only from 2023, the British government has said. New security requirements for smart chargers won't be enforced until the last day of this year, according to government papers reviewed by The Register.

Encryption plays a key part in email security, ensure you find the right fit for your enterprise. Finding ways to secure information effectively is a must. This challenge is perhaps never more...

There have been millions of downloads of outdated, vulnerable Log4j versions despite the emergence of a serious security hole in December 2021, according to figures compiled by the firm that runs Apache Maven's Central Repository. Tracked as CVE-2021-44228 aka Log4shell, the original vulnerability affected version 2.14 and earlier of the 2.x branch of the Apache logging utility.

While protecting digital resources may be easy for large companies that can afford to hire in-house cybersecurity staff and establish threat monitoring and endpoint detection infrastructure, this endeavor can often seem impossible for SMBs. All the while, the dangers for smaller businesses could not be more acute, especially since the businesses' operators and employees are often uninformed about common cybersecurity threats. Unique threats to SMBs. The scope of cybersecurity threats to small companies is no less varied than the threats large multinational corporations face, but SMBs' size and lack of infrastructure often leaves them more vulnerable to targeted hacking schemes and threats.

A grand total of 94% of organizations had an insider data breach in the past year, with 84% of the data breaches resulting from human error. Of course, not all insider threats come from actual insiders.

The COVID-19 pandemic has accelerated enterprise digital transformation by three to five years as companies build IT ecosystems to enable growth, innovation and improved customer experiences under new conditions, according to a research report published by Information Services Group. "The pandemic has forced enterprises to explore new ways to enable remote work, manage supply and demand and remain competitive," said Prashant Kelker, partner and Americas leader, ISG Digital.

Millions of home broadband Wi-Fi routers in the UK could be at risk because many internet users do not take basic security precautions that could protect them from online threats, a research from Broadband Genie has found. In a survey of 1,320 broadband users, it was discovered that 88% have never updated their router firmware and 84% have never changed their router admin password.

Cybersecurity researchers have detailed a high severity flaw in KCodes NetUSB component that's integrated into millions of end-user router devices from Netgear, TP-Link, Tenda, EDiMAX, D-Link, and Western Digital, among others. KCodes NetUSB is a Linux kernel module that enables devices on a local network to provide USB-based services over IP. Printers, external hard drives, and flash drives plugged into a Linux-based embedded system are made available via the network using the driver.