Security News > 2022 > February

As the most common cloud operating system, Linux is a core part of digital infrastructure and is quickly becoming an attacker's ticket into a multi-cloud environment. Current malware countermeasures are mostly focused on addressing Windows-based threats, leaving many public and private cloud deployments vulnerable to attacks that target Linux-based workloads, VMware reveals.

The February edition of Google's monthly Android security update tackles, among other vulnerabilities, an eyebrow-raising critical flaw in Android 12. This February security patch batch marks the final official update for Google's Pixel 3 smartphones, which launched in October 2018, which is like a century ago for the internet goliath.

The Palestinian-aligned APT group tracked as TA402 was spotted using a new implant named 'NimbleMamba' in a cyber-espionage campaign that leverages geofencing and URL redirects to legitimate websites. If the target's IP address matches the defined targeted region, a copy of NimbleMamba is dropped on their system inside a RAR file.

Sri Lanka has decided to adopt a national digital identity framework based on biometric data and will ask India if it can implement that nation's Aadhaar scheme. The island nation had previous indicated it would work with the Modular Open Source Identity Platform, an organisation based in India that offers tools governments can use to create and manage digital identities.

Confronted with a complex and confusing threat landscape and an equally multi-faceted security vendor landscape, many are uncertain what their security strategy should look like. Rarely are employees given the full weight they deserve in security discussions: the pivotal role around which all other aspects need to revolve.

Oxeye provides a cloud-native application security testing solution that is designed to overcome the challenges imposed by the complex nature of modern architectures. Oxeye disrupts traditional application security testing, approaches by offering a contextual, effortless, and comprehensive solution to ensure no vulnerable code ever reaches production.

Spirion released a guide which provides a detailed look at sensitive data breaches in 2021 derived from analysis conducted against the Identity Theft Resource Center database of publicly reported data breaches in the United States. 2021 was the most prolific year on record for data breaches, surpassing 2017's all-time high.

As many as 70% of teams report feeling emotionally overwhelmed by security alerts. Cynet aims to correct that in this guide, starting by shining a light on the cause of the problem and the full extent of its consequences and then offering a few ways lean security teams can pull their analysts out of the ocean of false positives and get them back to shore.

"SBOMs are no longer optional. Our Linux Foundation Research team revealed 78% of organizations expect to produce or consume SBOMs in 2022," said Jim Zemlin, executive director at the Linux Foundation. SBOMs are designed to be shared across organizations and are particularly helpful at providing transparency of components delivered by participants in a software supply chain.

APIs continue to grow in importance not only with software developers but also with the leading enterprise organizations they support, as companies increasingly rely on APIs to accelerate their digital transformation efforts. To shed light on the trends that businesses encounter as they rely more heavily on APIs, RapidAPI released a report conducted by Vanson Bourne, which surveyed 300 global IT leaders and examined the current API landscape, highlighting adoption and usage trends, as well as the challenges most organizations encounter as they struggle to manage the APIs that are driving innovation and collaboration throughout the organization.