Security News > 2022 > June

There is no question that the level of threats facing today's businesses continues to change on a daily basis. So what are the trends that CISOs need to be on the lookout for?

Microsoft Office apps - including Outlook and Teams - are vulnerable to homograph attacks based on internationalized domain names. "Users, who are trained to validate a link in an email client before they click it, will be susceptible to click on it because it has not yet been translated to a real domain name in their browser. The real domain name would only be seen after the page has started to open," Bitdefender researchers warned.

Critical flaw found inside the UNISOC smartphone chip. Check Point Research has identified what it is calling a critical security vulnerability in UNISOC's smartphone chip, which is responsible for cellular communication in 11% of the world's smartphones.

In this video for Help Net Security, Karthik Krishnan, CEO at Concentric AI, talks about how they provide agentless connectivity to a wide variety of data repositories so you can govern access to your data wherever it resides. They also integrate with popular data classification frameworks, like Microsoft Information Protection, so you can enjoy better coverage and more accurate classification results throughout your security stack.

Foxconn electronics manufacturer has confirmed that one of its Mexico-based production plants has been impacted by a ransomware attack in late May. The company did not provide any info on the group responsible for the attack but operators of the LockBit ransomware gang claimed responsibility. The attacked Foxconn factory is located in Tijuana, Mexico, and is considered a strategic facility that acts a critical supply hub for the U.S. state of California, a significant electronics consumer.

FluBot, the super-spreader Android malware that infected tens of thousands of phones globally, has been reportedly squashed by an international law enforcement operation. In May, Dutch police disrupted the mobile malware's infrastructure, disconnecting thousands of victims' devices from the FluBot network and preventing more than 6.5 million spam text messages propagating the bot from reaching potential victims, according to Finland's National Bureau of Investigation on Wednesday.

Network engineers and CIOs agree that cybersecurity issues represent the biggest risk for organizations that fail to put networks at the heart of digital transformation plans. According to a research commissioned by Opengear, 53% of network engineers and 52% of CIOs polled in the U.S., U.K., France, Germany, and Australia rank cybersecurity among the list of their biggest risks.

The cybersecurity industry is performing only marginally better than STEM, with women making up roughly 24% of cybersecurity jobs globally, according to². Reaching these higher levels of the cybersecurity industry is far from straightforward for women at present.

Virtual private network operator ExpressVPN will pull its servers from India, citing the impossibility of complying with the nation's incoming requirement to record users' identities and activities. ExpressVPN offers software that routes traffic through servers that load their operating systems entirely into RAM and therefore leave no trace of users' activities on persistent media.

Called Ransomware for IoT or R4IoT by Forescout, it's a "Novel, proof-of-concept ransomware that exploits an IoT device to gain access and move laterally in an IT network and impact the OT network." This potential pivot is based on the rapid growth in the number of IoT devices as well as the convergence of IT and OT networks in organizations.