Security News > 2022 > February

The rising adoption of multi-factor authentication for online accounts pushes phishing actors to use more sophisticated solutions to continue their malicious operations, most notably reverse-proxy tools. The increasing use of MFA has pushed phishing actors to use transparent reverse proxy solutions, and to cover this rising demand, reverse proxy phish kits are being made available.

Attackers are using an under-the-radar PowerPoint file to hide malicious executables that can rewrite Windows registry settings to take over an end user's computer, researchers have found. Ppam files to wrap ransomware, he said, citing a report on the Ppam ransomware published in October by the cybersecurity portal PCrisk.

Cisco has patched 14 vulnerabilities affecting some of its Small Business RV Series routers, the worst of which may allow attackers to achieve unauthenticated remote code execution or execute arbitrary commands on the underlying Linux operating system. "The Cisco PSIRT is aware that proof-of-concept exploit code is available for several of the vulnerabilities that are described in this advisory," the company said in the accompanying security advisory.

Around half of businesses surveyed are spending more on "Cyber attacks" than they used to, it said, while a similar number reckon their C-suites don't know what "Cyber risk management" means - possibly something about ensuring monitors are firmly bolted to desks. "Low C-suite engagement combined with increased investment suggests a tendency to 'throw money' at the problem rather than develop an understanding of the cybersecurity challenges and invest appropriately," intoned Trend Micro.

MIT Technology Review published an interview with Gil Herrera, the new head of the NSA's Research Directorate. The math department, often in conjunction with the computer science department, helps tackle one of NSA's most interesting problems: big data.

If cyber-physical security company Claroty's Global State of Industrial Cybersecurity 2021 report is any indication of the state of the war against ransomware, both IT and OT have been losing ground in their battles. According to the report, 80% of critical infrastructure organizations reported experiencing a ransomware attack in 2021.

Home2Sense Ltd, a home improvement biz, is nursing a £200,000 financial penalty from the UK's data watchdog for making well over half a million marketing calls to people that registered to opt out of such botheration. The company, based in Lampeter, Wales, was behind 675,478 nuisance calls between June 2020 and March 2021, punting insulation services to people signed up to the Telephone Preference Service.

Chaos engineering is a proactive discipline of experimentation to help navigate complexity within distributed systems in order to build confidence in the system's capability to withstand turbulent conditions in production. Instead, chaos engineering seeks to verify if the output of the system works as expected-if it does not, this new knowledge indicates some form of vulnerability is present in the system and needs to be investigated and remedied.

With the incorporation of artificial intelligence and machine learning tools into surveillance technologies, the definition of surveillance is changing to encompass tools that are more beneficial to the average person. Under this expanded definition, surveillance technology has far-ranging positive applications across business and retail sectors that will create safer and more enjoyable environments that benefit everyone - not just those behind the camera.

The study, which included 82,402 participants, tested how employees from four different organizations responded to emails that simulated one of four commonly used phishing tactics. According to Matthew Connor, F-Secure Service Delivery Manager and lead author of the report, the study's most notable finding was that people working in 'technical' roles seemed equally or even more susceptible to phishing attempts than the general population.