Security News > 2022 > January

The video surveillance systems market is expected to grow at a CAGR of 10.06% over the forecast period 2021 to 2026, according to ResearchAndMarkets. Commercial segment is to dominate the video surveillance systems market.

Microsoft on Monday disclosed details of a recently patched security vulnerability in Apple's macOS operating system that could be weaponized by a threat actor to expose users' personal information. Tracked as CVE-2021-30970, the flaw concerns a logic issue in the Transparency, Consent and Control security framework, which enables users to configure the privacy settings of their apps and provide access to protected files and app data.

Moxie Marlinspike, the creator of the Signal secure messaging app, on Monday announced his resignation as CEO of the company. Marlinspike said he had always intended to grow Signal to the point that it could go on without his direct involvement but that wasn't possible as recently as four years ago when he was writing most of the code, managing employees, and personally handling support.

Lookout, an endpoint-to-cloud cyber security company, have put together their cyber security predictions for 2022. To operationalize threat hunting in 2022, Lookout expects organizations will look into integrated endpoint-to-cloud security solutions that are cloud-delivered.

FinalSite announced today the findings of a six-day investigation into last week's ransomware attack, stating it found no evidence schools' data accessed or stolen by hackers. After a six-day investigation, FinalSite states that they have determined what ransomware gang performed the attack and how they gained access to their network but would not be disclosing their names due to ongoing investigations.

The CISO role has taken on greater prominence at a time when cyberattacks have become relentless and increasingly sophisticated, and millions of people continue to work from home. "As cybercrime continues to increase and companies face monetary losses or damages, the role of the CISO and security overall or critical to business success."

Extortion or ransom DDoS attacks started to become a new threat in August 2020 and grew bigger and more complex since then. One of the largest DDoS attacks that Cloudflare mitigated lasted for 60 seconds and came from a botnet with 15,000 systems that hurled close to 2Tbps of junk packets at a customer.

The European Union's data protection watchdog on Monday ordered Europol to delete a vast trove of personal data it obtained pertaining to individuals with no proven links to criminal activity. "Datasets older than six months that have not undergone this Data Subject Categorisation must be erased," the European Data Protection Supervisor said in a press statement.

AvosLocker is the latest ransomware gang that has added support for encrypting Linux systems to its recent malware variants, specifically targeting VMware ESXi virtual machines. While we couldn't find what targets were targeted using this AvosLocker ransomware Linux variant, BleepingComputer knows of at least one victim that got hit with a $1 million ransom demand.

"The confusion in URL parsing can cause unexpected behavior in the software, and could be exploited by threat actors to cause denial-of-service conditions, information leaks, or possibly conduct remote code execution attacks," the researchers said in a report shared with The Hacker News. With URLs being a fundamental mechanism by which resources - located either locally or on the web - can be requested and retrieved, differences in how the parsing libraries interpret a URL request could pose significant risk for users.