Security News > 2022 > June

An advanced persistent threat group dubbed ToddyCat has been targeting Microsoft Exchange servers throughout Asia and Europe for more than a year, since at least December 2020. At the time, the hacking group exploited the ProxyLogon Exchange flaws that allowed them to gain remote code execution on vulnerable servers to deploy China Chopper web shells.

Apple has introduced a game-changer into its upcoming iOS 16 for those who hate CAPTCHAs, in the form of a feature called Automatic Verification. The feature does exactly what its name alludes to: automatically verifies devices and Apple ID accounts without any action from the user.

Infosecurity Europe 2022 opened its doors today at the ExCeL in London. Here’s a look at the event, the featured vendors are: Arctic Wolf Networks, Bridewell, Checkmarx, Cisco, CrowdStrike,...

Both bills have provisions that could be used to break end-to-end encryption. 3(c)(7)(A)(iii) would allow a company to deny access to apps installed by users, where those app makers "Have been identified as national security, intelligence, or law enforcement risks." That language is far too broad. It would allow Apple to deny access to an encryption service provider that provides encrypted cloud backups to the cloud.

Attackers are using an oft-used and still effective lure to steal credentials to key Microsoft apps by sending emails notifying potential victims that they have a voicemail message, researchers have found. One aspect of the campaign that does set it apart from other similarly themed attacks is that it involves "More research and effort as the attacks are customized for each target," he said.

A security report has been published on a set of 56 vulnerabilities that are collectively called Icefall and affect operational technology equipment used in various critical infrastructure environments. The Icefall collection has been discovered by security researchers at Forescout's Vedere Labs and it impacts devices from ten vendors.

A security flaw in Apple's Safari web browser that was patched nine years ago was exploited in the wild again some months ago - a perfect example of a "Zombie" vulnerability. That's a bug that's been patched, but for whatever reason can be abused all over again on up-to-date systems and devices - or a bug closely related to a patched one.

A phishing campaign using fake voicemail notifications has been and is still targeting various US-based organizations, in an attempt to grab employees' Office365 and Outlook login credentials, Zscaler warns. The campaing seems to be a repeat of a previous, similar one, and targets security solution providers, software security developers, supply-chain organizations in manufacturing and shipping, healthcare and pharmaceutical firms, and the US military.

Over the last two years, supply chain challenges have rocked both enterprises and consumers alike, making it harder to access certain goods and maintain business continuity. Security threats have only heightened these concerns, and an ISACA survey report illuminates IT professionals' key concerns around supply chain security challenges and how their organizations are responding to them.

A 36-year-old former Amazon employee was convicted of wire fraud and computer intrusions in the U.S. for her role in the theft of personal data of no fewer than 100 million people in the 2019 Capital One breach. Paige Thompson, who operated under the online alias "Erratic" and worked for the tech giant till 2016, was found guilty of wire fraud, five counts of unauthorized access to a protected computer and damaging a protected computer.