Security News > 2022 > June

Security threats have only heightened these concerns, and an ISACA survey report illuminates IT professionals' key concerns around supply chain security challenges and how their organizations are responding to them. The report received responses from more than 1,300 IT professionals with supply chain insight, 25 percent of whom note that their organization experienced a supply chain attack in the last 12 months.

Microsoft claims to have finally fixed the Follina zero-day flaw in Windows as part of its June Patch Tuesday batch, which included security updates to address 55 vulnerabilities. Criminals and snoops can abuse the remote code execution bug, tracked as CVE-2022-30190, by crafting a file, such as a Word document, so that when opened it calls out to the Microsoft Windows Support Diagnostic Tool, which is then exploited to run malicious code, such spyware and ransomware.

The APWG's Phishing Activity Trends Report reveals that in the first quarter of 2022 there were 1,025,968 total phishing attacks-the worst quarter for phishing observed to date. In the first quarter of 2022, OpSec Security reported that phishing attacks against the financial sector, which includes banks, remained the largest set of attacks, accounting for 23.6 percent of all phishing.

Simply put: XDR extends visibility across the environment and exposes threats that could be easily overlooked when relying on point security solutions. This new approach to cybersecurity often comes at a cost and requires resources and headcount that small security teams can't afford.

A former Maryland Cabinet-level official and a former IT executive have pleaded guilty to involvement in a bribery and extortion scheme related to technology contracts about a decade ago. According to the US Attorney's Office of the State of Maryland, Isabel FitzGerald, 52, of Annapolis, Maryland, and Kenneth Coffland, 67, of Riva, Maryland, pleaded guilty last week to charges of bribery and extortion, respectively.

Cloudflare said it this month staved off another record-breaking HTTPS-based distributed denial-of-service attack, this one significantly larger than the previous largest DDoS attack that occurred only two months ago. In April, the biz said it mitigated an HTTPS DDoS attack that reached a peak of 15.3 million requests-per-second.

Cloudflare on Tuesday disclosed that it had acted to prevent a record-setting 26 million request per second distributed denial-of-service attack last week, making it the largest HTTPS DDoS attack detected to date. The web performance and security company said the attack was directed against an unnamed customer website using its Free plan and emanated from a "Powerful" botnet of 5,067 devices, with each node generating approximately 5,200 RPS at peak.

The ALPHV ransomware gang, aka BlackCat, has brought extortion to a new level by creating a dedicated website that allows the customers and employees of their victim to check if their data was stolen in an attack. The stolen data is then used in double-extortion schemes, where the hackers demand a ransom payment to deliver a decryptor and prevent the public release of corporate data.

A new side-channel attack known as Hertzbleed allows remote attackers to steal full cryptographic keys by observing variations in CPU frequency enabled by dynamic voltage and frequency scaling. "In the worst case, these attacks can allow an attacker to extract cryptographic keys from remote servers that were previously believed to be secure. [.] Hertzbleed is a real, and practical, threat to the security of cryptographic software," the security researchers explain.

A new side-channel attack known as Hertzbleed allows remote attackers to steal full cryptographic keys by observing variations in CPU frequency enabled by dynamic voltage and frequency scaling. "In the worst case, these attacks can allow an attacker to extract cryptographic keys from remote servers that were previously believed to be secure. [.] Hertzbleed is a real, and practical, threat to the security of cryptographic software," the security researchers explain.