Security News > 2022 > August

The Ukrainian cyber police has shut down a massive bot farm of 1,000,000 bots used to spread disinformation on social networks. The messages spread by the bots were in line with Russian propaganda, so the operators of the disinformation machine are believed to be members of the Russian special services.

There's a corollary with ransomware here explains David Paquette, product marketing manager at HPE-owned continuous data protection company Zerto. That's why organizations need to start thinking of ransomware in disaster recovery terms, not just simple backup and recovery terms, he argues.

One approach to writing, building and deploying secure applications is known as security by design, or SbD. Taking the cloud by storm after the publication of an Amazon White Paper in 2015, SbD is still Amazon's recommended framework today for systematically approaching security from the onset. SbD is a security assurance approach that formalizes security design, automates security controls and streamlines auditing.

To successfully run a phishing operation, cybercriminals do generally need to host phishing pages online. Phishing pages sitting on IPFS are trickier to take down, compared to usual phishing pages hosted on the clear web.

VMware and experts alike are urging users to patch multiple products affected by a critical authentication bypass vulnerability that can allow an attacker to gain administrative access to a system as well as exploit other flaws. "Given the prevalence of attacks targeting VMware vulnerabilities and a forthcoming proof-of-concept, organizations need to make patching CVE-2022-31656 a priority," Claire Tillis, senior research engineer with Tenable's Security Response Team, said in an email to Threatpost.

Because the user was only required to remember a single password, an organization could require additional password complexity, thereby improving the overall password security. While the use of SSO did indeed result in some organizations adopting stronger password policies, it also created additional security risks.

Upon initial installation, you'll find there's not much you can do with Dolibarr until you take care of setting some very basic parameters. Before we do that, you'll want to make sure you have Dolibarr up and running.

An ongoing, large-scale phishing campaign is targeting owners of business email accounts at companies in the FinTech, Lending, Insurance, Energy and Manufacturing sectors in the US, UK, New Zealand and Australia, Zscaler researchers are warning. The attackers are using a variety of tecniques and tactics to evade corporate email security solutions and a custom phishing kit that allows them to bypass multi-factor authentication protection to hijack enterprise Microsoft accounts.

The only threat more persistent to organizations than cyber criminals? The cyber security skills crisis. Survey Results: Top Threat Protection Product Pain Points Overlapping capabilities of disparate technologies: 44%. Being able to see the full picture of an attack: 42%. Deployment and maintenance of disparate technologies on one machine: 41%. Lack of forensic information: 40%. Missing reporting capabilities: 25%. Many of the issues smaller teams face with threat protection products are largely attributable to the fact that they're designed for larger organizations with bigger teams and budgets.

Seems it’s now common to sneak contraband into prisons with a drone.