Security News > 2022 > April

Kovrr and SANS Institute released their joint survey that reveals enterprise motivation and impact of cyber risk quantification in the modern cybersecurity landscape. Primary CRQ use cases include cyber budget allocation, board reporting and governance, cyber insurance and risk transfer options, M&A cyber due diligence and for capital reserve and management strategy.

The European Union Agency for Cybersecurity introduces a framework to perform cybersecurity market analyses and dives into the market of the Internet of Things distribution grids for validation. To improve market penetration, value for money, quality and acceptance of products, processes and services, performing cybersecurity market analysis has become an important tool for a variety of stakeholders.

Join security leaders from the University of Denver and EBSCO to learn how Open XDR's intelligent correlation eliminates alert fatigue and identifies and protects against attacks in real time. Register for Open XDR: Balancing risk and cybersecurity costs through a unified platform approach.

The maintainers of the NGINX web server project have issued mitigations to address security weaknesses in its Lightweight Directory Access Protocol Reference Implementation."NGINX Open Source and NGINX Plus are not themselves affected, and no corrective action is necessary if you do not use the reference implementation," Liam Crilly and Timo Stark of F5 Networks said in an advisory published Monday.

Google on Monday disclosed that it's taking legal action against a nefarious actor who has been spotted operating fraudulent websites to defraud unsuspecting people into buying non-existent puppies. "The actor used a network of fraudulent websites that claimed to sell basset hound puppies - with alluring photos and fake customer testimonials - in order to take advantage of people during the pandemic," Google's CyberCrime Investigation Group manager Albert Shin and senior counsel Mike Trinh said.

The Cybersecurity and Infrastructure Security Agency has ordered federal civilian agencies and urged all US organizations on Monday to patch an actively exploited bug impacting WatchGuard Firebox and XTM firewall appliances. Sandworm, a Russian-sponsored hacking group, believed to be part of the GRU Russian military intelligence agency, also exploited this high severity privilege escalation flaw to build a new botnet dubbed Cyclops Blink out of compromised WatchGuard Small Office/Home Office network devices.

Someone at least tried to use NSO Group's surveillance software to spy on European Commission officials last year, according to a Reuters report. European Justice Commissioner Didier Reynders and at least four commission staffers were targeted, according to the news outlet, citing two EU officials and documentation.

While for the longest time open source software has been reliable, community-fuelled, and efficient in that it takes out the need to reinvent the wheel, the recurring cases of voluntary self-sabotage by maintainers have cast doubts on the overall reliability of the ecosystem. This marks the third major protest of 2022 by an open source developer leveraging his vastly used software to express opinions on a matter of public interest.

Developers are increasingly voicing their opinions through their open source projects in active use by thousands of software applications and organizations. While for the longest time open source software has been reliable, community-fuelled, and efficient in that it takes out the need to reinvent the wheel, the recurring cases of voluntary self-sabotage by maintainers have cast doubts on the overall reliability of the ecosystem.

The Qbot botnet is now pushing malware payloads via phishing emails with password-protected ZIP archive attachments containing malicious MSI Windows Installer packages. This is the first time the Qbot operators are using this tactic, switching from their standard way of delivering the malware via phishing emails dropping Microsoft Office documents with malicious macros on targets' devices.