Security News > 2022 > June

Microsoft has announced today the general availability of Microsoft Defender for Individuals, the company's new security solution for personal phones and computers. Defender for Individuals also provides safety alerts and recommendations, including real-time warnings about device security changes and suggestions on keeping data and devices secure.

MetaMask and Phantom are warning of a new 'Demonic' vulnerability that could expose a crypto wallet's secret recovery phrase, allowing attackers to steal NFTs and cryptocurrency stored within it. Anyone who gains access to a wallet's recovery phrase can import the wallet onto their own devices, allowing them to steal all the cryptocurrency and NFTS stored within it.

While strong passwords have always been required by the PCI standard, the password requirements are more stringent than before. A recent study found that 56% of breached passwords were deemed compliant with PCI requirements it's good to have a backup method of password protection in place.

With an acute cybersecurity skills gap that stands at 2.7 million globally and a U.S. gap of more than 400,000, hiring managers are looking to entry- and junior-level candidates to fill vacancies, according to a new report by global cybersecurity professional organization². "One of the biggest challenges"lies with hiring managers relying on unrealistic job descriptions and hiring practices - placing far too much emphasis on experience alone, even for entry-level roles where prior experience is impossible to obtain,'' Wisniewski said.

An advanced persistent threat group, with ties to Iran, is believed behind a phishing campaign targeting high-profile government and military Israeli personnel, according to a report by Check Point Software. Targets of the campaign included a senior leadership in the Israeli defense industry, the former U.S. Ambassador to Israel and the former Deputy Prime Minister of Israel.

In the last two years, COVID-19 has occupied healthcare providers' minds - rightfully so, considering the pandemic's tremendous toll on patients. Healthcare leaders, physicians, and other care providers need to look at cybersecurity risks through a new lens - patient health and safety.

While such devices enable us to train large-scale neural networks in datacenters and deploy them on edge devices, their designers' focus so far is on average-case performance. We show how adversaries can exploit carefully-crafted sponge examples, which are inputs designed to maximise energy consumption and latency, to drive machine learning systems towards their worst-case performance.

For months now, millions of Facebook users have been duped by the same phishing scam that cons users into handing over their account credentials. According to a report outlining the phishing campaign, the scam is still active and continues to push victims to a fake Facebook login page where victims are enticed to submit their Facebook credentials.

Security researchers are warning that threat actors could hijack Office 365 accounts to encrypt for a ransom the files stored in SharePoint and OneDrive services that companies use for cloud-based collaboration, document management and storage. A ransomware attack targeting files on these services could have severe consequences if backups aren't available, rendering important data inaccessible to owners and working groups.

Researchers at security product recommendation service Safety Detectives claim they've found almost a million customer records wide open on an Elasticsearch server run by Malaysian point-of-sale software vendor StoreHub. Safety Detectives' report states it found a StoreHub sever that stored unencrypted data and was not password protected.