Security News > 2022 > August

The Association of German Chambers of Industry and Commerce was forced to shut down all of its IT systems and switch off digital services, telephones, and email servers, in response to a cyberattack. DIHK is a coalition of 79 chambers representing companies within the German state, with over three million members comprising businesses ranging from small shops to large enterprises in the country.

That's because changing the passwords has to be done manually and individually, plus you have to find a way to keep everyone up to date on the unique latest strong password for each server without saving those passwords somewhere an attacker can also find them, like a PASSWORDS.XLS spreadsheet. The Local Administrator Password Solution is a tool Microsoft has offered since 2015 that deals with exactly that problem.

In this video for Help Net Security, Nick Ascoli, VP of Threat Research, PIXM, discusses a multilayered phishing campaign targeting cryptocurrency exchange Coinbase. Attackers are sending out spoofed Coinbase emails to harvest personal credentials and use them to log into users' legitimate accounts in real-time.

Taiwan's Ministry of National Defense confirmed it was hit by a DDoS attack on Wednesday in what has been an eventful week for the island nation, US-Sino relations, and semiconductors. The DDoS attack on the Ministry of Defense followed a separate one on Taiwan's presidential website on Tuesday.

SIKE is one of the new algorithms that NIST recently added to the post-quantum cryptography competition. It was just broken, really badly. We present an efficient key recovery attack on the...

This is where security awareness training comes into play. Security awareness training gives companies the confidence that their employees will execute the right response when they discover a phishing message in their inbox.

A new report from Osterman Research codifies the increasing dependence of businesses upon their mobile apps, and reveals a jarring disconnect between the strategic importance of apps versus the level of focus and resources applied to protect organizational apps against runtime threats. This Help Net Security video reveals how run-time security threats against mobile apps and APIs continue to inflict damage on organizations.

The government of India has scrapped the Personal Data Protection Bill it's worked on for three years, and announced it will - eventually - unveil a superior bill. The bill, proposed in 2019, would have enabled the government to gather user data from companies while regulating cross-border data flows.

A Danish ethical hacker was able to work his way uninvited into a closed Cloudflare beta and found a vulnerability that could have been exploited by a cybercriminal to hijack and steal someone else's email. Student Albert Pedersen reported the critical vulnerability to Cloudflare via the company's bug bounty program, and was awarded $3,000.

The UK's Parliament has ended its presence on TikTok after MPs pointed out the made-in-China social media service probably sends data about its users back to Beijing. The existence of the account saw half a dozen MPs write to the presiding officers of the Houses of Lords and Commons - Lord McFall of Alcluith and Sir Lindsay Hoyle, respectively - to ask for the account to be discontinued.