Security News > 2022 > August

65.1% of respondents said they currently have data resident in the public cloud. With public cloud adoption having a compound annual growth rate of nearly 26%, it's surprising that respondents haven't yet hardened data security for these assets.

Barracuda released its fourth-annual threat research report which looks at ransomware attack patterns that occurred between August 2021 and July 2022. The number of ransomware attacks increased year-over-year across each of these five industry verticals, and attacks against other industries more than doubled compared to last year's report.

A months-long cyber espionage campaign undertaken by a Chinese nation-state group targeted several entities with reconnaissance malware so as to glean information about its victims and meet its strategic goals. "The targets of this recent campaign spanned Australia, Malaysia, and Europe, as well as entities that operate in the South China Sea," enterprise security firm Proofpoint said in a published in partnership with PwC. Targets encompass local and federal Australian Governmental agencies, Australian news media companies, and global heavy industry manufacturers which conduct maintenance of fleets of wind turbines in the South China Sea.

Threats are multiplying in number and morphing in complexity faster than most organizations can adapt. Managed detection and response as a third-party managed service is an approach that allows organizations to keep pace.

Google has created a bug bounty program that will reward those who find and report vulnerabilities in its open-source projects, thereby hopefully strengthening software supply-chain security. The Open Source Software Vulnerability Rewards Program will pay bug hunters between $100 and $31,337, with the highest payments going to "Unusual or particularly interesting vulnerabilities," according to Googlers Francis Perron, open source security technical program manager, and infosec engineer Krzysztof Kotowicz.

The National Police of Ukraine took down a network of call centers used by a cybercrime group focused on financial scams and targeting victims of cryptocurrency scams under the guise of helping them recover their stolen funds. The fraudsters behind these illegal call centers were also allegedly involved in scamming citizens of Ukraine and European Union countries interested in cryptocurrency, securities, gold, and oil investments.

Threat analysts have spotted a new malware campaign dubbed 'GO#WEBBFUSCATOR' that relies on phishing emails, malicious documents, and space images from the James Webb telescope to spread malware. The malware is written in Golang, a programming language that is gaining popularity among cybercriminals because it is cross-platform and offers increased resistance to reverse engineering and analysis.

Russian media streaming platform 'START' has confirmed rumors of a data breach impacting millions of users. Even though a global reset isn't enforced by START, it is recommended that all users change their passwords.

That's where you aim to review source code for likely coding blunders and security holes without actually running it at all. If someone has copied-and-pasted that buggy code into other software components in your company repository, you might be able to find them with a text search, assuming that the overall structure of the code was retained, and that comments and variable names weren't changed too much.

China-based threat actors have been targeting Australian government agencies and wind turbine fleets in the South China Sea by directing select individuals to a fake impersonating an Australian news media outlet. Victims landed on the fraudulent site after receiving phishing emails with enticing lures and received a malicious JavaScript payload from the ScanBox reconnaissance framework.