Security News > 2022 > July

The wired and wireless local area network forms the backbone of IT. It enables next-generation applications and can boost user productivity. The LAN not only greatly impacts user experience, but is also the beginning or end of many security events.

Over three-quarters of employees want the option to work from home at least part-time. The ability to support a remote work program can help an organization retain employees and is a crucial component of a business continuity plan.

The rapid growth of personal and Internet-of-Things devices connecting to enterprise networks has increased the need to have fine-grained control over what is allowed into the network and with what permissions. Network access control solutions can ensure only devices that should attach to the network do, and can restrict what they have access to.

A new version of the Amadey Bot malware is distributed through the SmokeLoader malware, using software cracks and keygen sites as lures. Amadey Bot is a malware strain discovered four years ago, capable of performing system reconnaissance, stealing information, and loading additional payloads.

The operators of the QBot malware have been using the Windows Calculator to side-load the malicious payload on infected computers. Security researcher ProxyLife recently discovered that Qakbot, has been abusing the the Windows 7 Calculator app for DLL side-loading attacks since at least July 11.

Microsoft has reminded customers once again that Windows Server, version 20H2, will be reaching its End of Service in less than a month, on August 9. "On August 9, 2022, all editions of Windows Server, version 20H2 will reach end of servicing. The upcoming August 2022 security update, to be released on August 9, 2022, will be the last update available for this version," Microsoft said in a Windows message center update this week.

SECURE Magazine issue 72 released: Free download(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Removing the blind spots that allow lateral movementThere are critical blind spots in most security solutions today that make it nearly impossible to detect and prevent lateral movement attacks.

The phrase Office macros is a harmless-sounding, low-tech name that refers, in real life, to program code you can squirrel away inside Office files so that the code travels along with the text of a document, or the formulas of a spreadsheet, or the slides in a presentation. Even though the code is hidden from sight in the file, it can nevertheless sneakily spring into life as soon as you use the file in any way.

Threat analysts have uncovered a new campaign attributed to APT37, a North Korean group of hackers, targeting high-value organizations in the Czech Republic, Poland, and other European countries. In this campaign, the hackers use malware known as Konni, a remote access trojan capable of establishing persistence and performing privilege escalation on the host.

The Dutch Ministry of Education has decided to partially suspend the use of Chrome OS and Chrome web browser until August 2023 over concerns about data privacy. Since the national watchdog doesn't know where students' personal data is stored and processed, there are concerns about the violation of the European Union's GDPR. The Minister of Education and the Minister of Primary and Secondary Education have co-signed a letter to the Dutch parliament where they describe a range of cybersecurity and data protection matters.