Security News > 2022 > May

Cybersecurity researchers have disclosed an unpatched security vulnerability that could pose a serious risk to IoT products. The issue, which was originally reported in September 2021, affects the Domain Name System implementation of two popular C libraries called uClibc and uClibc-ng that are used for developing embedded Linux systems.

Cybersecurity researchers have detailed as many as five severe security flaws in the implementation of TLS protocol in several models of Aruba and Avaya network switches that could be abused to gain remote access to enterprise networks and steal valuable information. The new set of flaws, dubbed TLStorm 2.0, renders Aruba and Avaya network switches vulnerable to remote code execution vulnerabilities, enabling an adversary to commandeer the devices, move laterally across the network, and exfiltrate sensitive data.

A cyber-spy group is targeting Microsoft Exchange deployments to steal data related to mergers and acquisitions and large corporate transactions, according to Mandiant. The infosec giant's researchers have dubbed the cyber-espionage threat group UNC3524.

At its current release rate of once every four weeks, Firefox has just over 23 years to go to equal Lara's quadruple century, and almost 30 years to reach 502*. No trouble at the version number mill. Back in February 2022, a few mainstream sites didn't seem to realise that 100 was greater than 99, presumably because they were hard-coded to use only the first two characters of the version number, millennium bug style, thus turning the text 100 either into the number 10, or into the number zero.

The US Securities and Exchange Commission intends to fill an additional 20 positions in a special unit that polices cryptocurrency fraud and other cybercrimes. This brings the newly renamed Crypto Assets and Cyber Unit's total to 50 roles as the SEC hopes to crack down on miscreants trying to profit from growing interest in digital assets and marketplaces.

Researchers are using the reflection of the smartphone in the pupils of faces taken as selfies to infer information about how the phone is being used: For now, the research is focusing on six...

With the attack surface expanding and cyberthreats growing in number and complexity, many organizations are sorting through a cybersecurity space that has myriad vendors and products to choose from, according to Chad Dunn, vice president for product management for Dell's Apex as-a-service business. Zero trust - which essentially dictates that any person or device trying to access the network should not be trusted and needs to go through a strict authentication and verification process - will be foundational for companies moving forward, but it has to be more than simply buying and deploying products, Dunn told The Register in an interview here in Las Vegas at the Dell Technologies World show.

Threat analysts at the cybersecurity firm Mandiant have uncovered a new APT29 cyber attack once again aimed at diplomats and government agencies. APT29 is a cyber espionage group widely believed to be sponsored by the Russian Foreign Intelligence Service, the SVR. APT29 is also publicly referred to as Nobelium by Microsoft, Mandiant said.

World Password Day will be recognized on May 5 this year - but isn't it time to rebrand it to something more suitable for the future? We now have the technology to replace passwords with stronger, more convenient methods of authentication. Passwords are familiar to many, and it will take time for people to get used to the idea of a truly passwordless environment.

Microsoft has made a standalone version of Microsoft Defender for Business generally available, aimed at customers not keen on paying for one of its subscriptions. The product is already bundled with Microsoft 365 Business Premium but can now be picked up as a standalone product for $3 per user per month, as we reported from Ignite late last year.