Security News > 2022 > January

Even though Apache released the zero-day fix for CVE-2021-44228, it takes a while for companies who use this library to update, test, and release a new version. January 2022 Patch Tuesday forecast I mentioned Microsoft has been busy addressing several issues already this year, so we may see more than the 29 and 30 vulnerabilities addressed in Windows 11 and 10 respectively.

While it is common for IT departments to assess the official suppliers that a company might use for areas such as cloud services, it remains a longstanding business challenge to monitor the cybersecurity risks from suppliers across a company's whole supply chain. Cyber attacks have become so advanced that the starting point of an attack is often not the primary target, but the weakest part of the underlying supply chain.

A successful partnership can also accelerate the resolution of security issues whilst increasing network resilience, helping both network and security teams to achieve their goals. Whilst network operations prioritize producing highly available and high-performing networks, the security teams have the different task of lowering risk to the business and protecting the network.

The challenge faced by already strained IT teams is how to deliver strong certificate management across increasingly complex IT environments, at a time when workforces are massively distributed and entering the corporate network via the consumer-grade technologies in their homes. While third-party certificate authorities are a trusted option for many enterprises across the globe, many choose instead to issue them in-house, operating their own "Private CAs" to fulfill at least a portion of their PKI needs.

The global antivirus software market is expected to grow from $3.80 billion in 2020 to $3.92 billion in 2021 at a compound annual growth rate of 3.2%. The market is expected to reach $4.54 billion in 2025 at a CAGR of 3.8%, according to ResearchAndMarkets. The antivirus software market consists of sales of antivirus software by entities that are used to protect computers from viruses by scanning, detecting, and removing them.

FinalSite, a leading school website services provider, has suffered a ransomware attack disrupting access to websites for thousands of schools worldwide. FinalSite is a software as a service provider that offers website design, hosting, and content management solutions for K-12 school districts and universities.

The Commission nationale de l'informatique et des libertés, France's data protection watchdog, has slapped Facebook and Google with fines of €150 million and €60 million for violating E.U. privacy rules by failing to provide users with an easy option to reject cookie tracking technology. HTTP cookies are small pieces of data created while a user is browsing a website and placed on the user's computer or other device by the user's web browser to track online activity across the web and store information about the browsing sessions, including logins and details entered in form fields such as names and addresses.

It's a new year, and with it comes a new ransomware to keep an eye on called 'Night Sky' that targets corporate networks and steals data in double-extortion attacks. According to MalwareHunterteam, who first spotted the new ransomware, the Night Sky operation started on December 27th and has since published the data of two victims.

Accounts of more than three million users of the U.S.-based FlexBooker appointment scheduling service have been stolen in an attack before the holidays and are now being traded on hacker forums. All three breaches allegedly occurred a few days before Christmas and the intruder published the data on a hacker forum.

A previously unknown rootkit has been found setting its sights on Hewlett-Packard Enterprise's Integrated Lights-Out server management technology to carry out in-the-wild attacks that tamper with the firmware modules and completely wipe data off the infected systems. The discovery, which is the first instance of real-world malware in iLO firmware, was documented by Iranian cybersecurity firm Amnpardaz this week.