Security News > 2022 > May

A researcher at Cisco's Talos threat intelligence team found eight vulnerabilities in the Open Automation Software platform that, if exploited, could enable a bad actor to access a device and run code on a targeted system. The OAS platform is widely used by a range of industrial enterprises, essentially facilitating the transfer of data within an IT environment between hardware and software and playing a central role in organizations' industrial Internet of Things efforts.

Microsoft security researchers have found high severity vulnerabilities in a framework used by Android apps from multiple large international mobile service providers. "The apps were embedded in the devices' system image, suggesting that they were default applications installed by phone providers," according to security researchers Jonathan Bar Or, Sang Shin Jung, Michael Peck, Joe Mansour, and Apurva Kumar of the Microsoft 365 Defender Research Team.

Microsoft has announced that it will automatically enable stricter secure default settings known as 'security defaults' on all existing Azure Active Directory tenants in late June 2022.First introduced in October 2019 only for new tenants, security defaults are a set of basic security mechanisms designed to introduce good identity security hygiene with a minimum of effort, even for organizations that don't have an IT team.

This is the most effective Apple mobile device management service We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships. More than 4 million people in the U.S. are working remotely, leading many companies to look for mobile device management solutions.

While cybersecurity roles such as penetration testers, security analysts and incident responders have gained a lot of mentions lately, new positions are quickly emerging on the scene. A cybersecurity architect is responsible for designing, developing and implementing an organization's security infrastructure.

Critical Microsoft vulnerabilities decreased 47% in 2021.Overall vulnerabilities across all Microsoft products decreased five percent in 2021, according to the annual BeyondTrust Microsoft Vulnerabilities 2022 report.

Austrian federal state Carinthia has been hit by the BlackCat ransomware gang, also known as ALPHV, who demanded a $5 million to unlock the encrypted computer systems. A spokesperson of the state, Gerd Kurath, told Euractiv that the attacker's demands will not be met, though.

GitHub has revealed it stored a "Number of plaintext user credentials for the npm registry" in internal logs following the integration of the JavaScript package registry into GitHub's logging systems. The code shack went on to assure users that the relevant log files had not been leaked in any data breach; that it had improved the log cleanup; and that it removed the logs in question "Prior to the attack on npm."

A strain of Windows uses PowerShell to add a malicious extension to a victim's Chrome browser for nefarious purposes. The makers of the ChromeLoader software nasty ensure their malware is persistent once on a system and is difficult to find and remove, according to threat hunters at cybersecurity shop Red Canary, who have been tracking the strain since early February and have seen a flurry of recent activity.

Critical flaws in a popular platform used by industrial control systems that allow for unauthorized device access, remote code execution or denial of service could threaten the security of critical infrastructure. The OAS Platform is widely used in systems in which a range of disparate devices and software need to communicate, which is why it's often found in ICS to connect industrial and IoT devices, SCADA systems, network points, and custom apps and APIs, among other software and hardware.