Security News > 2022 > May

US president Joe Biden issued two directives on Wednesday aimed at ensuring the nation - and like-minded friends - remain ahead of other countries in the field of quantum computing. The committee is an enhancement to the National Quantum Initiative Act - a 2018 law that provides $1.2 billion and a plan for advancing quantum tech.

Infosec outfit Cybereason says it's discovered a multi-year - and very successful - Chinese effort to steal intellectual property. In the attack Cybereason claims to have spotted, Winnti starts by finding what Cybereason has described as "a popular ERP solution" that had "Multiple vulnerabilities, some known and some that were unknown at the time of the exploitation."

The unsanctioned use of corporate IT systems, devices, and software - known as shadow IT - has increased significantly during the shift to remote work, and recent research found almost one in seven are concerned about information security because of employees following shadow IT practices. Shadow IT can be tough to mitigate, given the embedded culture of hybrid working in many organizations, in addition to a general lack of engagement from employees with their IT teams.

For the 2nd year, Secure Code Warrior conducted The state of developer-driven security survey, 2022 in partnership with Evans Data Corp in December 2021, surveying 1,200 developers globally to understand the skills, perceptions, and behaviors when it comes to secure coding practices, and their impact and perceived relevancy in the software development lifecycle. It turns out that there is a big discrepancy between what developers think is secure code, and what secure code actually is.

GitHub has announced that it will require two factor authentication for users who contribute code on its service. "The software supply chain starts with the developer," wrote GitHub chief security officer Mike Hanley on the company blog.

A weak password is one of the easiest way for attackers to steal valuable information about a person from their accounts, and then commit crimes with it. The stronger the password, the more protected a computer will be from attackers and malicious software.

"A total of 48,043 unique email addresses were in the collection, some of which were for the product administrators, corporate clients, and collection agents assigned to each case." The exposed instance, used as data storage for a debt collection platform called ENCollect, was detected on February 16, 2022.

In this article, I'd like to explore some of the threat detection program challenges CISOs are facing and provide some tips on how they can improve their security operations. CISOs ensure the security operations program for threat detection, investigation and response is executing at peak performance.

In this video for Help Net Security, Shani Dodge Reiner, Development Team Leader at Vicarius, explains how to identify vulnerabilities using the NMAP tool. NMAP is a very powerful and popular tool for network mapping.

US Cyber Command chief General Paul Nakasone said has revealed the agency he leads conducted nine "Hunt forward" operations last year, sending teams to different counties to help them improve their defensive security posture and hunt for cyberthreats. These missions provide "Security for our nation in cyberspace," said Nakasone, who is also director of the National Security Agency, during a Summit on Modern Conflict and Emerging Threats at Vanderbilt University.