Security News > 2022 > May

Getting logging and monitoring right is so important that it is listed among the Center for Internet Security's critical security controls. Failing to activate logging creates security blind spots in your network that will only become apparent after the fact.

Fortinet released a report which reveals that the cybersecurity skills shortage continues to have multiple challenges and repercussions for organizations, including the occurrence of security breaches and subsequently loss of money. Most notably, 8 in 10 organizations surveyed have suffered at least one breach they could attribute to a lack of cybersecurity skills or awareness.

85% of Americans reuse passwords across multiple sites, a number comparable to the rest of the globe. 49% of U.S. respondents rely on their memory - a notoriously fickle tool - to manage passwords.

Orca Security adds attack path analysis capability to improve the effectiveness of security teams. Keysight Technologies released CyPerf 2.0, a new subscription-based software solution that enables network equipment manufacturers to validate the performance and security of their offerings when deployed in complex distributed cloud environments utilizing zero trust security policies.

Be a Certified CompTIA Professional w/ 15 Expert-Led Prep Courses on CompTIA-Focused Topics The post Complete 2022 CompTIA Certification Course appeared first on TechRepublic.

Google has officially released the first developer preview for the Privacy Sandbox on Android 13, offering an "Early look" at the SDK Runtime and Topics API to boost users' privacy online. "The Privacy Sandbox on Android Developer Preview program will run over the course of 2022, with a beta release planned by the end of the year," the search giant said in an overview.

At least six different Russia-aligned actors launched no less than 237 cyberattacks against Ukraine from February 23 to April 8, including 38 discrete destructive attacks that irrevocably destroyed files in hundreds of systems across dozens of organizations in the country. DesertBlade, also a data wiper, is said to have been launched against an unnamed broadcasting company in Ukraine on March 1.

These new sites contained a mix of new victims and data stolen during previous REvil attacks. The only way to know for sure whether REvil was back was to find a sample of the ransomware encryptor and analyze it to determine if it was patched or compiled from source code.

The Open Source Security Foundation, a Linux Foundation-backed initiative has released its first prototype version of the 'Package Analysis' tool that aims to catch and counter malicious attacks on open source registries. In a pilot run that lasted less than a month, the open source project released on GitHub, was able to identify over 200 malicious npm and PyPI packages.

Security analysts have uncovered a recent phishing campaign from Russian hackers known as APT29 targeting diplomats and government entities. In a new campaign spotted by threat analysts at Mandiant, APT29 is targeting diplomats and various government agencies through multiple phishing campaigns.