Security News > 2022 > February

If you use Mozilla Firefox or any Chromium-based browser, notably Google Chrome or Microsoft Edge, you'll know that the version numbers of these products are currently at 97 and 98 respectively. If you've ever looked at your browser's User-Agent string, you'll know that these version numbers are, by default, transmitted to every web page you visit, as a kind of handy hint to say, "Look who's coming to dinner."

The ransomware gang known as "Cuba" is increasingly shifting to exploiting Microsoft Exchange vulnerabilities - including ProxyShell and ProxyLogon - as initial infection vectors, researchers have found. At the time, the FBI noted that the Cuba ransomware is distributed using a first-stage implant that acts as a loader for follow-on payloads: the Hancitor malware, which has been around for at least five years.

As ecosystems get distributed, cybersecurity leadership will need to transform, Gartner says. Gartner has released a report of recommendations that are pretty big news for cybersecurity leaders: Their jobs, as they exist now, are becoming obsolete.

As the Russian invasion of Ukraine continues, the latter's government is reportedly seeking cybersecurity volunteers to help defend itself. The Russian National Coordination Center for Computer Incidents has issued an advisory warning of "The threat of an increase in the intensity of computer attacks on Russian information resources."

What sort of attacks should U.S. businesses expect? Kanry said we don't need to look back very far to see an example of the potential havoc state-sponsored cyberattacks can inflict: The Colonial Pipeline attack.

The UK's NHS Digital agency is warning organizations to apply new security updates for a remote code execution vulnerability in the Windows client for the Okta Advanced Server Access authentication management platform. "NHS Digital is the national digital, data and technology delivery partner for the NHS and social care system," explains the website for NHS Digital.

Ransomware is getting worse, but Daniel Spicer, chief security officer at Ivanti, offers a checklist for choosing defense solutions to meet the challenge. Invest in an automated platform that enhances visibility into all connected devices and software and provides context into how those assets are being used, so your IT and security teams can make better decisions.

Remember when phishing was a funny new term for tricking people into giving up information? Now there are so many variants, spear phishing, clone phishing, and even whaling! Here are five things to know about Consent Phishing.

A security analyst has devised a way to capture Visual Voice Mail credentials on Android devices and then remotely listen to voicemail messages without the victim's knowledge. Visual Voice Mail is a voicemail system used by numerous mobile carriers that allow customers to view, listen to, and manage voicemails in any order.

An infostealing piece of malware called Jester Stealer has been gaining popularity in the underground cybercrime community for its functionality and affordable prices. According to an analysis from Cyble Research, Jester Stealer is an emerging threat that first appeared on cybercrime forums in July 2021.