Security News > 2022 > February

Ransomware remains the number one threat for most organisations. This report comprehensively examines the adversary's ongoing innovation and evolution of tried-and-true TTPs like ransomware, business email compromise, zero-day threats, espionage, and more.

The Secureworks Counter Threat Unit™ research team analyses security threats and helps organizations protect their systems. During September and October 2021, CTU researchers observed notable developments in threat behaviours, the global threat landscape, and security trends, and identified lessons to consider.

The XDR market is confusing, as is often the case with new security technologies Don't wait to be proactive about your organisation's security needs. The objective of this XDR Buyer's Guide is to help you identify the capabilities that will prove most valuable in securing your organisation.

Hackers have exploited a vulnerability in the Wormhole cross-chain crypto platform to steal $326 million in cryptocurrency. Wormhole is a platform that allows users to transfer cryptocurrency across different blockchains.

Hackers have exploited a vulnerability in the Wormhole cross-chain crypto platform to steal $320 million in cryptocurrency. Wormhole is a platform that allows users to transfer cryptocurrency across different blockchains.

KP Snacks, maker of the high-end Tyrrell's and Popchips potato-chip brands, has suffered a ransomware attack that it said could impact deliveries to supermarkets through the end of March - at the earliest. Conti, a sophisticated Russian-speaking cybercrime group, is known for its advanced tactics, and Palo Alto Networks has called it "One of the most ruthless" of dozens of ransomware groups currently operating.

Image: ESET. Slovak internet security firm ESET released security fixes to address a high severity local privilege escalation vulnerability affecting multiple products on systems running Windows 10 and later or Windows Server 2016 and above. ZDI's advisory says attackers are only required to "Obtain the ability to execute low-privileged code on the target system," which matches ESET's CVSS severity rating also showing that the bug can be exploited by threat actors with low privileges.

GitHub was down today, affected by a worldwide outage preventing access to the website, issuing commits, cloning projects, or performing pull requests. The outage started at approximately 2:15 PM EST, with the website responding with HTTP 500 error codes, as shown below.

Microsoft has added SMTP MTA Strict Transport Security support to Exchange Online to ensure Office 365 customers' email communication integrity and security. This new standard strengthens Exchange Online email security and solves several SMTP security problems, including expired TLS certificates, the lack of support for secure protocols, and certificates not issued by trusted third parties or matching server domain names.

Despite what security vendors might say, there is no way to comprehensively solve our supply-chain security challenges, posits JupiterOne CISO Sounil Yu. We can only manage them. In the late 19th century, many large cities faced an unpleasant predicament due to too much horse manure piling up in the streets.