Security News > 2022 > July

With those major updates now in place, could we see a summertime lull in the July 2022 Patch Tuesday updates? We saw a rare SQL server update last Patch Tuesday and I don't anticipate another this month.

If developers don't adopt the new language version, they're excluded from the new feature set. That's the conundrum: to adopt the new, more advanced version of a language developers need to refactor, and along the way they'll spend a huge amount of effort - and break all sorts of unexpected things, introducing new bugs into an application that was running just fine.

As companies' valuations tumble, so is their wrangling of the cloud. Even the experts are having a tough time with it - so much so that an overwhelming majority of companies - 80% to be exact, are looking to switch their managed service provider - be that a top MSP or managed services offered by the big cloud providers.

As the world's legal entities rush to digitize their processes and transactions, confidence in digital authenticity is in short supply. Thankfully, a single, open and universal protocol that will enable legal entities everywhere to verify the authenticity of digital information and its sources is now emerging.

Microsoft appears set to roll back its decision to adopt a default stance of preventing macros sourced from the internet from running in Office unless given explicit permission. Things got worse over the years, so in 2016 Microsoft upped the ante with a tool that allowed admins to define when and where macros were allowed to run.

MFA has been in use for decades and is widely recommended by cybersecurity experts, yet 55% of SMBs surveyed are not "Very aware" of MFA and its security benefits, and 54% do not use it for their business. Of the businesses that have not implemented MFA, 47% noted they either didn't understand MFA or didn't see its value.

Enterprises often forget that SLAs with cloud providers cover access to the service, but not necessarily protection for the data. The platform includes DataProtect - a backup as a service offering that delivers enterprise grade security protection for data stored both on-prem and in the cloud, including in-flight and at rest encryption, immutability and built-in machine learning to improve efficiency and bolster ransomware protection.

While Microsoft announced earlier this year that it would block VBA macros on downloaded documents by default, Redmond said on Thursday that it will roll back this change based on "Feedback" until further notice. On systems where VBA macros aut0blocking is enabled, customers see a "SECURITY RISK: Microsoft has blocked macros from running because the source of this file is untrusted" security alert.

In what's being described as an "Unprecedented" twist, the operators of the TrickBot malware have resorted to systematically targeting Ukraine since the onset of the war in late February 2022. "ITG23's campaigns against Ukraine are notable due to the extent to which this activity differs from historical precedent and the fact that these campaigns appeared specifically aimed at Ukraine with some payloads that suggest a higher degree of target selection," IBM Security X-Force analyst Ole Villadsen said in a technical report.

Researchers have disclosed a new large-scale cryptocurrency mining campaign targeting the NPM JavaScript package repository. The malicious activity, attributed to a software supply chain threat actor dubbed CuteBoi, involves an array of 1,283 rogue modules that were published in an automated fashion from over 1,000 different user accounts.