Security News > 2022 > May

A newly numbered Windows zero-day vulnerability is being exploited in the wild via specially crafted Office documents, security researchers are warning. Boobytrapped office files delivered via email are one of the most common tactics attackers use to compromise endpoints, and they are constantly finding new ways to hide the documents' malicious nature from existing security defenses, solutions, as well as users/targets.

Today is the second day of the fifteenth Workshop on Security and Human Behavior, hosted by Ross Anderson and Alice Hutchings at the University of Cambridge. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, Alice Hutchings, and myself.

An "Aggressive" advanced persistent threat group known as SideWinder has been linked to over 1,000 new attacks since April 2020. "Some of the main characteristics of this threat actor that make it stand out among the others, are the sheer number, high frequency and persistence of their attacks and the large collection of encrypted and obfuscated malicious components used in their operations," cybersecurity firm Kaspersky said in a report that was presented at Black Hat Asia this month.

Today's threat landscape is constantly evolving. Threat actors and tactics are becoming more determined and advanced.

It is perhaps better to consider the term zero trust architecture - a framework that requires an organization to take steps depending on the priorities of the business and their current security infrastructure. Whilst it's important for organizations to start making the move to zero trust architecture, it is not as simple as adopting a single vendor's capabilities as a comprehensive solution.

Due to SaaS, in 2021 the number of cybercriminals in one scam gang increased 10 times compared to 2020 and now reaches 100. In 2021, scams were the most common type of cybercrime.

The study - which surveyed 100 Federal and 100 private sector cybersecurity decision-makers - found that data privacy concerns and trust issues hold public-private partnerships back. The ideal ways for public and private organizations to work together to reduce cyber risk are - a government-led committee of private and public cybersecurity leaders, government-issued directives for both public and private organizations, a private organization-led committee of public and private cybersecurity leaders, and both sectors working individually, only sharing information that is believed relevant.

Network engineers and CIOs agree that cybersecurity issues represent the biggest risk for organizations that fail to put networks at the heart of digital transformation plans. According to a research commissioned by Opengear, 53% of network engineers and 52% of CIOs polled in the U.S., U.K., France, Germany, and Australia rank cybersecurity among the list of their biggest risks.

Millions of employees are now working from home or in a hybrid setting. Hackers aren't confined to office walls.

Featuring nine full-length video courses, The 2022 Complete Raspberry Pi & Arduino Developer Bundle provides a really good introduction to this world. Special Offer - For a limited time, you can get lifetime access to nine courses on Arduino and Raspberry Pi development for just $39.99.