Security News > 2022 > February

Adobe rolled out emergency updates for Adobe?Commerce and?Magento Open Source to fix a critical vulnerability tracked as CVE-2022-24086 that's being exploited in the wild. Administrators of online stores running Adobe Commerce or Magento Open Source versions 2.4.3-p1/2.3.7-p2 and below are strongly advised to prioritize addressing CVE-2022-24086 and apply the update as soon as possible.

The bug hunters at Google's Project Zero team have released their latest time-to-fix data and Linux is smashing the opposition. Between 2019 and 2021 open-source developers fixed Linux issues in an average of 25 days, compared to 83 for Microsoft and Oracle pulling last place at 109 days, albeit from a very low number of cases.

The PCI Security Standards Council and the National Cybersecurity Alliance issued a joint bulletin on the increasing threat of ransomware attacks. The high-profile ransomware attacks in 2021 have been part of a larger global increase in ransomware crime.

Democratizing security means that all data and findings can and should be considered. Such an ability can elevate the paradigm of an unwieldy level of security alerts to one of far more accurate incidents.

Open banking APIs handle everything from account status to fund transfers to pin changes and account services. On top of open banking driving API utilization, APIs have become a de facto standard in modern application development, with organizations often deploying thousands of APIs for a wide variety of purposes.

Setting out how the combination of military and mobile telecom-enabled targeting capabilities can create a battlefield advantage; the paper illustrates the consistency of such a model with the concept of hybrid warfare. Since detecting this threat actor, periodic reconnaissance activities were observed in at least 7 target mobile networks around the world and given the wide geographic distribution of these targeted mobile operators, it is probable that the threat actor is active on a global scale.

Cambodia's National Internet Gateway comes online this Wednesday, exposing all traffic within the country to pervasive government surveillance. As The Register reported when the Gateway was announced in January 2021, Cambodia's regime will require all internet service providers and carriers to route their traffic through the Gateway.

"It is no longer sufficient to scan software as a pre-production step in the last phase of the software development lifecycle. Just as software is now deployed continuously, scanning using a variety of testing tools must also happen continuously as a fully integrated part of the process," said Chris Wysopal, CTO at Veracode. Continuous security testing using multiple scanning types is fast becoming the norm as organizations recognize the need to analyze the software they build across multiple dimensions.

"From the earliest days of online information to the rapid evolution of today's metaverses, the internet has come a long way. However, this latest data shows that it is more under attack than ever before," said Arkose Labs CEO Kevin Gosschalk. The latest research took a deep dive into UK business specifically to understand which sectors were the most attacked by online criminals.

Working from home has spiked since the onset of the Covid-19 pandemic in March of 2020. This effort to reduce health risks may have limited the spread of the virus, but according to an analysis by F-Secure, it may also have helped increase digital anxiety for those working remotely.