Security News > 2022 > May

An increase in employee training and improved general awareness of cybersecurity has forced cybercriminals to change their tactics and take a more personal approach, known as spear phishing. To stay in front of new phishing attack techniques, it's also essential that employees are equipped with all the knowledge they need to spot a potential phishing attack that goes undetected, including how attack content differs from legitimate emails.

F5 Networks and Cisco this week issued warnings about serious, and in some cases critical, security vulnerabilities in their products. "This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services," as F5 put it in its advisory.

Cyber-scams cost victims around the globe at least $6.9 billion last year, according to the FBI's latest Internet Crime Report. A subset of this category, business email compromise, is proving very lucrative and and cost victims almost $2.4 billion from 19,954 victims, according to the feds.

"This will simplify sign-ins across devices, websites, and applications no matter the platform - without the need for a single password," Google said.The new Fast IDentity Online sign-in system does away with passwords entirely in favor of displaying a prompt asking a user to unlock the phone when signing into a website or an application.

Red Canary intelligence analysts have discovered a new Windows malware with worm capabilities that spreads using external USB drives. This malware is linked to a cluster of malicious activity dubbed Raspberry Robin and was first observed in September 2021.

President Joe Biden signed a national security memorandum on Thursday asking government agencies to implement measures that would mitigate risks posed by quantum computers to US national cyber security. The multi-year effort to migrate all vulnerable cryptographic systems to quantum-resistant cryptography will span over 50 government departments and agencies that use National Security Systems.

How to manage your Alexa voice recordings and privacy. Perhaps you'd like to review those conversations to find mistakes that Alexa has made, rate the accuracy of Alexa's responses or remove any recordings that may be sensitive.

Microsoft, Apple and Google - all longtime proponents of doing away with passwords for authentication purposes - are throwing their support behind standards developed by the FIDO Alliance and the World Wide Web Consortium that could eliminate the passphrases completely. Microsoft said there are 579 password attacks every second, or about 18 billion a year, and many of them are successful, mainly because people have a tendency to pick poor passwords or reuse them across multiple accounts.

Hacktivists operating on the side of Ukraine have focused their DDoS attacks on a portal that is considered crucial for the distribution of alcoholic beverages in Russia. DDoS attacks are collective efforts to overwhelm servers with large volumes of garbage traffic and bogus requests, rendering them unable to serve legitimate visitors.

To help you pick one of the best endpoint detection and response tools, we compare two popular EDR software solutions: CrowdStrike and FireEye. CrowdStrike vs FireEye: Feature Comparison FeatureCrowdStrikeFireEye Automated detectionYesYes ContainmentYesYes Terminate malicious activityYesNo Cloud compatibilityYesYes Behavioral analyticsYesNo Alert management workflowNoYes MDR availabilityYesNo Head-to-head comparison: CrowdStrike vs. FireEye Range of function.