Security News > 2022 > July

A new and previously undetected malware dubbed 'Lightning Framework' targets Linux systems and can be used to backdoor infected devices using SSH and deploy multiple types of rootkits. Described as a "Swiss Army Knife" in a report published today by Intezer, Lightning Framework is a modular malware that also comes with support for plugins.

Atlassian has fixed three critical vulnerabilities and is urging customers using Confluence, Bamboo, Bitbucket, Crowd, Fisheye and Crucible, Jira and Jira Service Management to update their instances as soon as possible.There is no mention of these vulnerabilities being exploited in the wild, but flaws in Atlassian Confluence are often leveraged by attackers.

End users can find more information on the next steps after macros are blocked in a downloaded Office document on the A potentially dangerous macro has been blocked support page. IT admins can find dedicated documentation on the Macros from the Internet will be blocked by default in Office page.

End users can find more information on the next steps after macros are blocked in a downloaded Office document on the A potentially dangerous macro has been blocked support page. IT admins can find dedicated documentation on the Macros from the Internet will be blocked by default in Office page.

The company's AI-powered vCISO platform automatically generates everything vCISO service providers need to provide their clients, fully customized for each and every client: risk and compliance assessments, gap analysis, tailored security policies, strategic remediation plans with prioritized tasks, tools for ongoing task management, progress tracking and customer-facing reports. Cynomi enables managed service providers and consulting firms to provide ongoing vCISO services at scale by automating much of the manual, expert and time-consuming vCISO work, empowering their existing teams.

SMB owners across the globe are still relying only on usernames and passwords to secure critical employee, customer, and partner data, according to the Global Small Business Multi-Factor Authentication Study released by the Cyber Readiness Institute. This Help Net Security video covers the highlights of these findings.

ESET researchers discovered CloudMensis, a macOS backdoor that spies on users of compromised Macs and uses public cloud storage services to communicate back and forth with its operators. Outline of how CloudMensis uses cloud storage services.

A threat actor is promoting a new version of their free-to-use 'Redeemer' ransomware builder on hacker forums, offering unskilled threat actors an easy entry to the world of encryption-backed extortion attacks. Unlike many Ransomware-as-a-Service operations, anyone can download and use the Redeemer ransomware builder to launch their own attacks.

In this Help Net Security video, Bernard Brantley, CISO at Corelight, discusses why organizations need to rethink their data strategy, challenging the assumption that they must collect everything...

Despite understanding the importance of strong passwords as a critical security best practice, for most users the ease of memorizing only a few passwords and reusing them everywhere outweighs the increased security risk. According to our 2021 global report on cybersecurity and online behaviors, slightly more than half of the over 10,000 consumers surveyed use either one single or a few passwords across their online accounts, and approximately a quarter are using one simple password for all of their online accounts.