Security News > 2022 > February

The act of verifying public accounts gives the general public an instant, concrete assurance that the person or company sending a message is the real deal. This promotes authenticity, fosters trust and provides an incentive for other users to go through the steps to verify their own account so they can stand out from the generic crowd.

For all the good created by the Information Age from cultural exchange to advances in medical care - this massive network of communication has offered up new possibilities for opportunists and criminals to take advantage of our users and an easy willingness to trust in technology. Build the highest assurance into everything that's connected.

What makes the SolarWinds attack so astonishing is its scale. The infected Orion software was sold to more than 33,000 customers.

Russia's invasion of Ukraine has cleared the way for a new battlefront with the West in cyberspace, with experts warning of an escalation in cyberwarfare. "We expect to see that probably beyond just Ukraine, disinformation to target Western audiences, cyberespionage against key NATO members, as Russia tries to understand the next moves when it comes to sanctions or other steps that Western governments will play," Luke McNamara, principal analyst at cybersecurity consulting firm Mandiant, told The Register.

In part one of this series, I outlined some harsh truths of cybersecurity in 2022 and the first three of the top six steps you should take to ensure resiliency against today's most pervasive threat-ransomware. With the mindset that bad actors are already in your system, resiliency and rapid recovery should become the ultimate goal.

Cisco has released software updates to address four security vulnerabilities in its software that could be weaponized by malicious actors to take control of affected systems. The most critical of the flaws is CVE-2022-20650, which relates to a command injection flaw in the NX-API feature of Cisco NX-OS Software that stems from a lack of sufficient input validation of user-supplied data.

What hyper-growth companies all have in common: They prioritize cybersecurity. Beyond Identity defines hyper-growth companies as those with a growth rate above 40% annually, and found that hyper-growth companies were more likely than standard-growth organizations to be proactive toward cybersecurity threats, as well as to more frequently discuss the importance of security.

Zenly, a social app from Snap that allows users to see the locations of friends and family on a live map, contains a pair of vulnerabilities that could endanger those being tracked. "When submitting a friend request to a user, Zenly will allow access to their phone number regardless of whether the friend request is accepted or not," explained the researchers, in a Thursday posting.

The last set of attacks involving TrickBot were registered on December 28, 2021, even as command-and-control infrastructure associated with the malware has continued to serve additional plugins and web injects to infected nodes in the botnet. Interestingly, the decrease in the volume of the campaigns has also been accompanied by the TrickBot gang working closely with the operators of Emotet, which witnessed a resurgence late last year after a 10-month-long break following law enforcement efforts to tackle the malware.

One option is to completely block all site cookies in your web browser. If your browser of choice is Firefox, you are in luck, as there is a way to make sure you block all site cookies.