Security News > 2022 > July

Regardless of how you've come to realize that good business password management is essential, you've probably then found yourself faced with another problem: How do you pick the right password management software for your particular business? Many people even choose to forego a password manager in favor of Android and iOS' built-in password keychains, but that's not an option in professional situations where password security is paramount.

Complaints over Microsoft's latest patch Tuesday have intensified after some Windows 11 users found their systems worse for wear following installation. The July 12 patch, KB5015814, was a relatively straightforward one that dealt with a number of what Microsoft delicately termed "Security issues" in its summary.

Google has removed eight apps from its Google Play store that were propagating a new variant of the Joker spyware, but not before they already had garnered more than 3 million downloads. The trojan would hide in the advertisement frameworks utilized by the malicious apps propagating it; these frameworks aggregate and serve in-app ads.

A Windows 11 vulnerability, part of Microsoft's Patch Tuesday roundup of fixes, is being exploited in the wild, prompting the U.S. Cybersecurity and Infrastructure Security Agency to advise patching of the elevation of privileges flaw by August 2. The recommendation is directed at federal agencies and concerns CVE-2022-22047, a vulnerability that carries a CVSS score of high and exposes Windows Client Server Runtime Subsystem used in Windows 11 and also Windows Server 2022 to attack.

Makes compromised hosts part of a peer-to-peer botnet that engages in password cracking and cryptocurrency mining. Thus, industrial engineers who can't access PLC programming software or an HMI because they don't know the right password occasionally turn to the internet to find a tool to help them crack it.

SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. It's a free download, no registration required.

With an unprecedented number of employees now working in hybrid or fully remote environments, compounded by an increase in cyber threats and a more overwhelmed, COVID-19 information fatigued workforce, there has never been a more critical time to effectively create and maintain a cyber-secure workforce and an engaged security culture. This Help Net Security video highlights how organizations manage their human risk.

The US Federal Communications Commission notified Congress on Friday that the cost to rip and replace equipment kit from Huawei and ZTE installed at US telcos is more than $3 billion higher than funding allocated for the program. FCC chair Jessica Rosenworcel wrote to explain the situation, which arose from the USA's desire to remove Chinese comms kit at local carriers in the name of national security.

Whether it's Slack or Office 365, communication and workflow apps are an essential tool for organizations to collaborate efficiently regardless of geography. Using any of these as a primary communication channel, replacing email and knowledge management repositories, makes it a new target to exploit that contains sensitive information.

The paper, presented at the 16th USENIX Symposium on Operating Systems Design and Implementation, demonstrates the first formal verification of a prototype of Arm CCA firmware. Arm CCA relies on firmware to manage the hardware to enforce its security guarantees, so it is essential that the firmware is correct and secure.