Security News > 2022 > February

MariaDB announced key findings from its survey that shows no one's staying behind as businesses move forward with database migration to the cloud. Those surveyed included IT Heads, DBAs and software developers, all of whom had some responsibility for the selection and management of databases-and all said their business' cloud database migration was in place, in progress or planned.

Researchers at Rutgers University-New Brunswick have published "Face-Mic," the first work examining how voice command features on virtual reality headsets could lead to major privacy leakages, known as eavesdropping attacks. The research shows that hackers could use popular virtual reality headsets with built in motion sensors to record subtle, speech-associated facial dynamics to steal sensitive information communicated via voice-command, including credit card data and passwords.

The global digital payment market size is projected to grow from $89.1 billion in 2021 to $180.4 billion by 2026, at a CAGR of 15.2% during the forecast period, according to ResearchAndMarkets. Major growth factors for the market include worldwide initiatives for the promotion of digital payments, high proliferation of smartphones enabling mCommerce growth, increase in eCommerce sales, and growth in internet penetration.

Multiple security vulnerabilities have been disclosed in Canonical's Snap software packaging and deployment system, the most critical of which can be exploited to escalate privilege to gain root privileges. Snaps are self-contained application packages that are designed to work on operating systems that use the Linux kernel and can be installed using a tool called snapd.

Taiwan's Parliament, the Executive Yuan, yesterday revealed draft amendments to national security laws aimed at deterring and punishing Chinese economic espionage efforts directed at stealing tech industry secrets. Premier Su Tseng-chang said Taiwanese authorities have observed Chinese interests infiltrating local operations and "Utilizing various methods to lure high-tech talent from Taiwan and steal Taiwanese core technologies."

To build an effective ICS cybersecurity strategy, it is crucial to identify the security events that are most likely to occur. This will let you focus on implementing the appropriate measures to...

A "Potentially destructive actor" aligned with the government of Iran is actively exploiting the well-known Log4j vulnerability to infect unpatched VMware Horizon servers with ransomware. Cybersecurity firm SentinelOne dubbed the group "TunnelVision" owing to their heavy reliance on tunneling tools, with overlaps in tactics observed to that of a broader group tracked under the moniker Phosphorus as well as Charming Kitten and Nemesis Kitten.

Security researchers have created exploit code for CVE-2022-24086, the critical vulnerability affecting Adobe Commerce and Magento Open Source that Adobe that patched in an out-of-band update last Sunday. The vulnerability, which Adobe saw being "Exploited in the wild in very limited attacks," received a severity score of 9.8 out of 10 and adversaries exploiting it can achieve remote code execution on affected systems without the need to authenticate.

Don't browse on public Wi-Fi without a VPN. More than ever these days, people are working from home or on public Wi-Fi. With all that public Wi-Fi browsing, a VPN is the absolute base measure of security you should employ. These days, every company should use VPNs but it's also important for individuals to use a VPN whenever they're on public Wi-Fi. If you're in need of a high-quality VPN solution, you don't have to break the bank.

While most major cloud providers do a decent job of keeping data secure, the majority of business users take an upload-it-and-forget-it approach to their data security needs. In reality, cloud providers can only protect a business's data if the business does its part by adhering to some cloud security best practices.