Security News > 2022 > June

Netacea released its report into how businesses are dealing with bot attacks. It reveals one key area where businesses are failing to tackle bot attacks - bots are going undiscovered for an average of 16 weeks, up two weeks from last year's findings.

It was first the pandemic that changed the usual state of work - before, it was commuting, working in the office & coming home for most corporate employees. When we had to adapt to the self-isolation rules, the work moved to home offices, which completely changed the workflow for many businesses.

Timeline May 31: Volexity found zero-day vulnerability in Atlassian Confluence. AI Spera used Criminal IP to determine the number of Atlassian Confluence servers connected to the Internet.

Interestingly, the expectations for a friction-free journey have made financial institutions rethink the false dichotomy between maintaining stringent security and a positive customer experience. Savvy financial institutions are realizing that they don't need to choose between customer experience and fraud loss; rather, they need to identify and implement more efficient and effective tools when it comes to verifying with whom they are conducting business.

Proofpoint unveiled its annual Human Factor report, which provides a comprehensive examination of the three main facets of user risk - vulnerability, attacks, and privilege - and how threat actors continue their ceaseless creativity as they exploit the many opportunities presented by people. "One constant that remains as organizations approach a sense of normalcy after a disruptive year is that cyber criminals continue to target and exploit people," said Ryan Kalember, EVP of cybersecurity strategy, Proofpoint.

Seventy-four percent of consumers say they have received a scam text so far this year, while as many as 83% have received a scam phone call, according to Allstate Identity Protection's first quarter Identity Fraud in Focus report. Although even successful scams sometimes fail to escalate to instances of full-blown identity theft - and therefore are not counted toward Allstate Identity Protection case counts - they are nonetheless burdensome and costly to victims.

Law enforcement agencies around the world have arrested about 2,000 people and seized $50 million in a sweeping operation crackdown of social engineering and other scam operations around the globe. In the latest action in the ongoing "First Light", an operation Interpol has coordinated annually since 2014, law enforcement officials from 76 countries raided 1,770 call centers suspected of running fraudulent operations such as telephone and romance scams, email deception scams, and financial crimes.

WordPress websites using a widely used plugin named Ninja Forms have been updated automatically to remediate a critical security vulnerability that's suspected of having been actively exploited in the wild. Ninja Forms is a customizable contact form builder that has over 1 million installations.

Chinese hackers used a zero-day exploit for a critical-severity vulnerability in Sophos Firewall to compromise a company and breach cloud-hosted web servers operated by the victim.On March 25, Sophos published a security advisory about CVE-2022-1040, an authentication bypass vulnerability that affects the User Portal and Webadmin of Sophos Firewall and could be exploited to execute arbitrary code remotely.

The current web hosting model usually depends on one pathway for data and energy to flow. Multi-data center clustering ensures high availability to websites and applications by hosting your data at two or more separate physical locations.