Security News > 2022 > February

Do you actually know how your carefully constructed systems look to a potential intruder? Bypassing complex defenses is what these people do, all day, every day, which means they can likely see paths through your defenses that you may never have conceived of. That's why the secret to preventing attacks these days is to think like an attacker and consider how they'd move into and through your organization.

The U.S. Cybersecurity and Infrastructure Security Agency has warned of active exploitation of two security flaws impacting Zabbix open-source enterprise monitoring platform, adding them to its Known Exploited Vulnerabilities Catalog. On top of that, CISA is also recommending that Federal Civilian Executive Branch agencies patch all systems against the vulnerabilities by March 8, 2022 to reduce their exposure to potential cyberattacks.

Cybersecurity professionals from around the globe shared their experiences and opinions, revealing the severity and long-term consequences of the Log4j attack for both security teams and the organizations they protect. Log4j vulnerability: The human impact Industry professionals across the globe responded swiftly following the December 2021 disclosure of Log4j; 48% of cybersecurity teams gave up holiday time and weekends to assist with remediation.

"Data volumes and platform diversity will continue to rise, and the cyber-threat landscape will expand. So, CXOs must invest in a strategy that plugs the gaps they already have and keeps pace with rising data protection demands." Respondents stated that their data protection capabilities cannot keep pace with the demands of the business, with 89% reporting a gap between how much data they can afford to lose after an outage versus how frequently data is backed up.

Sophos uncovered the similarities while investigating two incidents where attackers used Dridex to deliver Entropy ransomware. These attacks targeted a media company and a regional government agency, using specially crafted, customised versions of the Entropy ransomware dynamic link library with the target's name embedded in the ransomware code.

We examine the implications for data center workloads, and for the people that run them - who have now lost their pet systems. The 1990's data center was very much composed of pet systems.

The United States' National Security Division will wind up its "China Initiative" - an effort to combat what then-attorney general Jeff Sessions described in 2018 as "Systematic and calculated threats" posed by Beijing-backed economic espionage. "We have heard concerns from the civil rights community that the 'China Initiative' fueled a narrative of intolerance and bias," Olsen stated in a speech delivered at the National Security Institute and George Mason University.

IBM Security released its annual X-Force Threat Intelligence Index unveiling how ransomware and vulnerability exploitations together were able to "Imprison" businesses in 2021 further burdening global supply chains, with manufacturing emerging as the most targeted industry. While phishing was the most common cause of cyberattacks in general in the past year, there was a 33% increase in attacks caused by vulnerability exploitation of unpatched software, a point of entry that ransomware actors relied on more than any other to carry out their attacks in 2021, representing the cause of 44% of ransomware attacks.

They fed 4,680 days of app usage data into statistical models. Each of these days was paired with one of the 780 users, such that the models learnt people's daily app use patterns.

The global automotive cybersecurity industry was pegged at $7.23 billion in 2020, and is expected to reach $32.41 billion by 2030, growing at a CAGR of 16.6% from 2021 to 2030, according to Allied Market Research. Rise in need for automotive cybersecurity, mandatory cybersecurity standards, and government initiatives for implementing connected car technology have boosted the growth of the global automotive cybersecurity market.