Security News > 2022 > May

Wormable malware dubbed Raspberry Robin has been active since last September and is wriggling its way through USB drives onto Windows machines to use Microsoft Standard Installer and other legitimate processes to install malicious files, researchers have found. Eventually the worm installs malicious dynamic link library files found on the infected USB. While researchers first noticed Raspberry Robin as early as September 2021, most of the activity observed by Red Canary occurred during January of this year, researchers said.

It's an attempt by the world's governments to come together and create a set of international norms and standards for a reliable, trustworthy, safe, and secure Internet. As part of the Call, the French company Cigref and the Russian company Kaspersky chaired a working group on cybersecurity processes, along with French research center GEODE. Another working group on international norms was chaired by US company Microsoft and Finnish company F-Secure, along with a University of Florence research center.

The National Institute of Standards and Technology has updated its guidance document for helping organizations identify, assess and respond to cybersecurity risks throughout the supply chain. "The guidance helps organizations build cybersecurity supply chain risk considerations and requirements into their acquisition processes and highlights the importance of monitoring for risks. Because cybersecurity risks can arise at any point in the life cycle or any link in the supply chain, the guidance now considers potential vulnerabilities such as the sources of code within a product, for example, or retailers that carry it," NIST notes.

In a surprising move, the popular open source project, SheetJS aka "Xlsx," has dropped support for the npm registry. The project's maintainer suggests that the decision to pull out of the npm registry is based on the newly introduced two-factor requirements for top projects, GitHub's abrupt decision-making, and ongoing 'legal matters' between SheetJS and npm.

In a surprising move, the popular open source project, SheetJS aka "Xlsx," has dropped support for the npm registry. The project's maintainer suggests that the decision to pull out of the npm registry is based on the newly introduced two-factor requirements for top projects, GitHub's abrupt decision-making, and ongoing 'legal matters' between SheetJS and npm.

It's a prerequisite for ensuring your organisation can thrive in an increasingly challenging global and business environment. That's because data is your most valuable asset and having it choked off thanks to a ransomware attack won't just disrupt your business operationally.

The Bank for International Settlements - a meta bank for the world's central banks and facilitator of cross-border payments - has advocated new governance systems that promote owner control of data and transparency over its use. Consent is often given once, despite use of data changing over time without re-confirming consent.

A bug in Google Docs is causing it to crash when a series of words are typed into a document opened with the online word processor. A Google Docs user, Pat Needham brought up the issue on Google Docs Editors Help forum.

April Patch Tuesday provided an extensive set of operating system and application updates after a few quiet months. The IE 11 desktop application will continue to get security updates in Windows 8.1, Windows 7, and Windows Server LTSC until they reach their respective EOL dates.

In recent years, there had been more cyberattacks, ransomware events, and an ongoing discovery of potential vulnerabilities within an IT infrastructure. The workforce needed to adapt to working from remote locations, hence why we need to shift to a multicloud solution to have flexibility, agility, and effectiveness to meet mission and business outcomes.