Security News > 2022 > February

Researchers have shared details about a now-patched, high-severity security bug in the Apache Cassandra open-source NoSQL distributed database that's easy to exploit and, if left unpatched, could enable attackers to gain remote code execution. In a Tuesday writeup, JFrog security researcher Omer Kaspi said that on the upside, the only Cassandra systems that are vulnerable to the flaw are those with a particular, non-standard and, specifically, not recommended configuration.

VMware has issued a critical security update to address issues in its ESXi, Fusion and Workstation products, including VMware Cloud Foundation versions. VMware noted that patching VMware ESXi, Fusion and Workstation is the fastest method to resolve the issues, but organizations could also remove USB controllers from their VMs as a workaround.

The infamous Emotet malware has switched tactics yet again, in an email campaign propagating through malicious Excel files, researchers have found."Emotet's new attack chain reveals multiple stages with different file types and obfuscated script before arriving at the final Emotet payload," Unit 42 researchers Saqib Khanzada, Tyler Halfpop, Micah Yates and Brad Duncan wrote.

Google's Project Zero is reporting that software vendors are patching their code faster. In 2021, vendors took an average of 52 days to fix security vulnerabilities reported from Project Zero.

A researcher has demonstrated how he was able to successfully recover text that had been redacted using the pixelation technique. Further, the researcher has released a GitHub tool that can be used by anyone to reconstruct text from obscure, pixelated images.

A researcher has demonstrated how he was able to successfully recover text that had been redacted using the pixelation technique. Further, the researcher has released a GitHub tool that can be used by anyone to reconstruct text from obscure, pixelated images.

Unknown attackers have mounted disruptive distributed denial-of-service attacks against several Ukrainian government organizations and state-owned banks on Tuesday. The DDoS attacks' impact on government sites and bank services.

The latter is owned by the employer and we adjust our expectations of privacy accordingly. These won't always prevent privacy compromise through data leakage, though - such as when we become the victim of a colleague sending an email to the wrong recipient.

An upcoming webinar by cybersecurity company Cynet sheds light on alert overload, the result of too many alerts. Then Cynet will talk about the way out - something important to almost every company suffering from alert overload. The Real Impact of Alert Overload. It's interesting that threat alerts, which are so vital to protection have also become an obstacle.

The White House has recently issued alerts noting that many manufacturers suffer from disrupted supply chains, and rebuilding supply chains is a major priority. Pausing production until the supply chain is back entirely is not an option.