Security News > 2022 > July

Palo Alto Networks' annual Unit 42 incident response report is out, warning of an ever-decreasing gap between vulnerability disclosures and an increase in cybercrime. "The 2022 Attack Surface Management Threat Report found that attackers typically start scanning for vulnerabilities within 15 minutes of a CVE being announced," the vendor says.

GitHub has announced the general availability of three significant improvements to npm, aiming to make using the software more secure and manageable. In summary, the new features include a more streamlined login and publishing experience, the ability to link Twitter and GitHub accounts to npm, and a new package signature verification system.

Ransom DDoS attacks are carried out for extortion - the attackers promise to cease their attack upon receiving the ransom. According to Gcore, the number of such complex multivector attacks tripled in 2022 compared to the previous year.

Infostealer malware targets Facebook business accounts to capture sensitive data. A new attack analyzed by cybersecurity provider WithSecure Intelligence targets Facebook business users with the intent of stealing their sensitive data and taking over their accounts.

As many as 30 malicious Android apps with cumulative downloads of nearly 10 million have been found on the Google Play Store distributing adware. While masquerading as innocuous apps, their primary goal is to request permissions to show windows over other apps and run in the background in order to serve intrusive ads.

The key takeaway is that digital growth in the financial industry is not stopping; therefore, cybersecurity teams will need ways to gain accurate, real-time visibility into their attack surface. Breach and attack simulation, or BAS, helps identify vulnerabilities by simulating the potential attack paths that a malicious actor might use.

Open source is at least as important to the economy, public services, and national security as proprietary code, but it lacks the same standards and safeguards. Given open source's value as a public asset, an institutional structure must be built that sustains and secures it.

The Fedora Project has announced that it will no longer permit Creative Commons 'No Rights Reserved' aka CC0-licensed code in its Linux distro or the Fedora Registry. The Fedora Project will no longer allow CC0-licensed software aka code with 'No Rights Reserved' to be distributed on the Fedora Registry, or as part of the Fedora Linux distribution.

The Fedora Project will no longer allow CC0-licensed software aka code with 'No Rights Reserved' to be distributed on the Fedora Registry, or as part of the Fedora Linux distribution. The reason for the policy change is simply this-while Creative Commons' CC0 license allows content creators including software developers to waive copyright to their work, it has no bearing on the patent or trademark rights that the creators continue to retain.

Vulnerability management and patching can easily get out of hand when the number of vulnerabilities in your organization is in the hundreds of thousands of vulnerabilities and tracked in inefficient ways, such as using Excel spreadsheets or multiple reports, especially when many teams are involved in the organization. While it is well known that vulnerability patching is extremely important, it is also challenging to patch vulnerabilities effectively.