Security News > 2022 > January
Now, Hornung is CEO at Xact IT Solutions and has 15 years of security auditing and other IT services under his belt. In the pharmaceutical industry, Hornung said, there's an incentive to deal with regulations-beyond the FDA-to avoid "Dealing with the PR nightmare of a breach on their company."
A team of security researchers has discovered serious flaws in the way the modern internet parses URLs: Specifically, that there are too many URL parsers with inconsistent rules, which has created a worldwide web easily exploited by savvy attackers. We don't even need to look very hard to find an example of URL parsing being manipulated in the wild to devastating effect: The late-2021 Log4j exploit is a perfect example, the researchers said in their report.
American budget retailer Walmart was cited for 19 alleged cybersecurity breaches in China, state-sponsored media reported last week. The timing of the announcement is curious, as earlier in the week reports emerged in the Middle Kingdom that Walmart subsidiary Sam's Club was not stocking Xinjiang-produced goods.
Electromagnetic emanations can be recorded and used to detect and identify malware running on IoT devices, a group of researchers working at IRISA have proven. This novel malware detection approach also offers additional advantages: as no specific software has to be installed on the monitored device, it can hardly be detected by the malware and evaded by the malware authors.
Former foreign secretary Dominic Raab rebuked GCHQ for secretly halting internal compliance audits that ensured the spy agency was obeying the law, a government report has revealed - while just 0.06 per cent of spying requests made by Britain's public sector were refused by its supposed overseer. Explaining how GCHQ's COVID excuse "Deviated from our expectations," IPCO said: "The IPC and the Foreign Secretary made clear to GCHQ that, in future, they expect GCHQ to inform them of any changes relevant to the handling of warranted data."
The City of Austin is warning about QR codes stuck to parking meters that take people to fraudulent payment sites.
The knowledge necessary to build viruses was practically the same as that needed for antivirus software, and the conspiracy theory arose that less-than-scrupulous AV vendors were generating viruses as well to spice up the market. At the same time as AV software got worse, computers got better.
DeleteMe releases its privacy predictions for 2022, based on developments seen in 2020/2021 as well as original research conducted for its 2021 PII Marketplace Report. "A lot of things related to online privacy have changed in the last 2 years, and we see significant new developments coming in 2022 in areas like browser-tracking, digital identity, regulatory compliance, and how online PII gets exploited by both threat actors as well as industry," said Rob Shavell, CEO at DeleteMe.
Here are some resolutions to follow to ensure your organization safely navigates the new hybrid office model. CISOs must stretch communications skills and create new channels to deliver education about information security.
While some may opt for the increasingly popular cloud-as-a-service model, outsourcing their cloud access and resources to a third-party, others are looking to private on-premises cloud solutions to mobilize their teams online. While an on-premises cloud solution might seem like an appealing way to get your team online while retaining full control and maximum security, is it really the best of both worlds? We'll get into that in a moment, but first let's outline what we mean by on-premises cloud and how it differentiates from regular cloud solutions.