Security News > 2022 > July

This article will explain why users should block macros in Internet downloads and how you can block them in Microsoft Office. To prevent this distribution method, Microsoft announced in February that Microsoft Office would automatically block VBA macros in documents downloaded from the Internet starting in June.

US security technology provider L3Harris has courted controversial Israeli spyware firm NSO with an aim to buy it, according to reports. The New York Times claims L3Harris in recent months sent a team to Israel to try to smooth passage of the deal, which was made challenging by US president Joe Biden's decision to blacklist NSO following the use of its Pegasus software to crack phones of politicians and campaigners.

Armed with bombs, Rocket Propelled Grenade and General Purpose Machine Guns, the attackers, who arrived at about 10:05 p.m. local time, gained access through the back of the prison, using dynamites to destroy the heavily fortified facility, freeing 600 out of the prison's 994 inmates, according to the country's defense minister, Bashir Magashi. What's interesting to me is how the defenders got the threat model wrong.

Kali Linux, the popular open source Linux distribution specialized for penetration testing, ethical hacking and security auditing, can now be used by Linode customers. A bare-install verson in the form of an official Kali distribution that can be deployed on any Linode compute instance and used via a command line interface.

Resecurity, a Los Angeles-based cybersecurity company protecting Fortune 500 companies, has detected a significant increase in the value of ransom demand requests by the notorious Blackcat ransomware gang. Blackcat ransomware is one of the fastest-growing Ransomware-as-a-Service underground groups practicing so called "Quadruple extortion" by pressing victims to pay - leveraging encryption, data theft, denial of service and harassment.

There are three main challenges that have arisen stemming from this evolution: While SaaS apps include a host of native security settings, they need to be hardened by the security team of the organization. Employees are granting 3rd party app access to core SaaS apps that pose potential threats to the company.

The UK's response to China's well-publicized efforts to use technology standards to shape the world in its image has been "Incoherent and muted" according to report by the House of Commons Foreign Affairs Committee. Published last week, the report, titled "Encoding values: Putting tech at the heart of UK foreign policy", follows up on previous policy work that recommended the UK ensure that its foreign policy recognize the value and importance of shaping technology industries and standards.

Some data discovery solutions give you only metadata, which is a good place to start, but comprehensive data classification based on sensitive content provides the additional context so you can focus on protecting what is important first. Volume: Data volumes in cloud environments are on the increase and hence the solution you pick needs to be able to handle large volumes of data and can scale itself up or down as needed to do both discovery and classification of the data.

Often we see stories about cyber attacks that breached an organisations' security parameters, and advice on how we can protect against future threats. What is often missed, is just how these threat actors managed to breach a system, and as such, the fact that the Domain Name System probably played a very large role in the attacker's entry point.

In recent years, zero trust security has gained incredible attention from the government, cybersecurity leaders and regulators. Many organisations are still fuzzy on what zero trust means, and how to move forward on adopting the framework.