Security News > 2022 > June

The Cybersecurity and Infrastructure Security Agency and Coast Guard Cyber Command released a joint advisory warning the Log4Shell flaw is being abused by threat actors that are compromising public-facing VMware Horizon and Unified Access Gateway servers. The VMware Horizon is a platform used by administrators to run and deliver virtual desktops and apps in the hybrid cloud, while UAG provides secure access to the resources residing inside a network.

To get into my cloud, I need my password and 2FA. And even if I could convince the cloud provider to bypass that and let me in, the backup is secured with a password which is stored in-you guessed it-my Password Manager. To get my passwords, I need my 2FA. To get my 2FA, I need my passwords.

Over 900,000 misconfigured Kubernetes clusters were found exposed on the Internet to potentially malicious scans, some even vulnerable to data-exposing cyberattacks. Researchers at Cyble have conducted an exercise to locate exposed Kubernetes instances across the itnernet, using similar scanning tools and search queries to those employed by malicious actors.

Conti, Quantum and Mountlocker were all linked to having used the new piece of software to inject systems with ransomware. The post New Bumblebee malware loader increasingly adopted by cyber...

published findings from its 2022 Cybersecurity Hiring Managers research that shed light on best practices for recruiting, hiring and onboarding entry- and junior-level cybersecurity practitioners. "With a global cybersecurity workforce gap of 2.7 million people, organizations must be creative with their cybersecurity hiring. But that doesn't mean they have to take more hiring risks," said Clar Rosso, CEO,².

The numbers are staggering if not overwhelming, and make it abundantly clear that ransomware attacks are not a threat that any organization, however big or small and across industries, can afford to ignore. Prevention includes the implementation of best practices and measures that can stop ransomware events from happening while also positioning the organization to sustain as little as damage as possible, should an attack occur.

Sadly, granting extensive permissions to dangerous apps can have severe consequences. Never give apps all the permissions, see what permission they need to run, and grant only those.

Chinese web giant Tencent has admitted to a significant account hijack attack on its QQ.com messaging and social media platform. In a post to rival social media platform Sina Weibo - a rough analog of Twitter - Tencent apologized for the incident.

He walks you through various protocols we see in the wild, and introduces specific hacking techniques to crack Wi-Fi passwords. CyberArk researchers have already proven the ease with which attackers can access Wi-Fi networks, having recently gone on wardriving exercises in San Francisco, Dallas and Tel Aviv to uncover how many Wi-Fi networks could be could cracked using readily-available and cheap equipment.

Executive performance evaluations will be increasingly linked to ability to manage cyber risk; almost one-third of nations will regulate ransomware response within the next three years; and security platform consolidation will help organizations thrive in hostile environments, according to the top cybersecurity predictions revealed by Gartner. In the opening keynote at the Gartner Security & Risk Management Summit in Sydney, Richard Addiscott, Senior Director Analyst and Rob McMillan, Managing VP at Gartner discussed the top predictions prepared by Gartner cybersecurity experts to help security and risk management leaders be successful in the digital era.