Security News > 2022 > February

The increased use of multi-factor authentication has pushed developers of phishing kits to come up with ways to bypass that added account protection measure. Proofpoint researchers have flagged three such phishing kits: Modlishka, Muraena/Necrobrowser, and Evilginx2.

Cryptocurrency platform Wormhole has recovered upwards of $326 million stolen in this week's crypto hack, thanks to a major bailout. Being a cross-chain crypto platform, Wormhole allows users to transfer cryptocurrency across different blockchains, such as Ethereum, Solana, and Binance Smart Chain, among others.

January 2022 Patch Tuesday was a rough one for Microsoft - and us. In the week following Patch Tuesday, Microsoft was forced to pull and subsequently re-issue several updates for Windows Server 2012, 2019, and 2022, as well as Windows 10 and 11.

WhiteSource released a threat report based on malicious activity found in npm, the most popular JavaScript package manager used by developers worldwide. The report is based on findings from more than 1,300 malicious npm packages identified in 2021.

Constella Intelligence released a report which includes new and additional findings pertaining to exposures, breaches, and leakages within the pharma sector, specifically focusing on employees and executives from the top twenty pharma companies on the Fortune Global 500 list. This report uncovers the widespread prevalence of breaches and exposures related to the corporate credentials of employees and executives in the pharma sector, detailing the serious risks emerging from exposed sensitive data that negatively impact customers, employees, executives, brands, public health, and the healthcare system.

A research released by Computer Services suggests growing concerns among bank executives around recruiting and retaining talent as well as fighting cybercrime threats. In the survey, which collected responses from 279 executives from financial institutions across the nation, bankers ranked cybersecurity threats and recruiting/retaining employees as their top issues in 2022.

A threat actor, likely Chinese in origin, is actively attempting to exploit a zero-day vulnerability in the Zimbra open-source email platform as part of spear-phishing campaigns that commenced in December 2021. The espionage operation - codenamed "EmailThief" - was detailed by cybersecurity company Volexity in a technical report published Thursday, noting that successful exploitation of the cross-site scripting vulnerability could result in the execution of arbitrary JavaScript code in the context of the user's Zimbra session.

Code review remains the biggest influence on improving code quality with unit testing a distant second, a SmartBear survey reveals. With development teams getting larger and remaining remote, a tool-based code review process offers the best advantage, as indicated by 80% of satisfied respondents.

Akamai released a research detailing the persistence of online piracy. The evolving piracy landscape, according to the U.S. Chamber of Commerce's Global Innovation Policy Center, costs the U.S. economy alone $29.2 billion in lost revenue each year.

The database security market is expected to reach $16,273. Database security solutions incorporate advanced security products such as internet traffic monitoring with a wide range of additional features.