Security News > 2022 > August

That closer look is pretty much done and dusted and the CMA has provisionally decided that the deal doesn't raise competition concerns in the UK. This is due to existing players, including the duo's main rival in the UK, McAfee, and Microsoft's bundling of its own security applications into Windows. Microsoft has adopted somewhat of a scattergun approach to cybersecurity in its flagship operating system; what is built into Windows is known as Windows Security and includes Microsoft Defender Antivirus.

An overnight attack on the Solana blockchain platform drained thousands of software wallets of cryptocurrency worth millions of U.S. dollars. In a statement today, Solana said that at 5 AM UTC the attack impacted more than 7,700 wallets, including Slope and Phantom.

A new report from Deloitte finds that the plethora of devices-and the work involved in managing them-is resulting in ongoing issues of tech fatigue and screen overload. Twenty-four percent of consumers said they're overwhelmed by the devices and subscriptions they need to manage, down from 32% last year. More than half of those surveyed are worried about the security vulnerability of their smartphones and smart home devices; 40% of users are concerned about data security on their smartwatches and fitness trackers.

VMware has released fixes for ten vulnerabilities, including CVE-2022-31656, an authentication bypass vulnerability affecting VMware Workspace ONE Access, Identity Manager and vRealize Automation, which the company considers critical and advises to patch or mitigate immediately.CVE-2022-31656 is an authentication bypass vulnerability affecting local domain users on VMware Workspace ONE Access, Identity Manager and vRealize Automation, that may allow an attacker with network access to the UI to obtain administrative access without the need to authenticate first.

Thousands of GitHub repositories were forked with their clones altered to include malware, a software engineer discovered today. While cloning open source repositories is a common development practice and even encouraged among developers, this case involves threat actors creating copies of legitimate projects but tainting these with malicious code to target unsuspecting developers with their malicious clones.

Virtualization services provider VMware on Tuesday shipped updates to address 10 security flaws affecting multiple products that could be abused by unauthenticated attackers to perform malicious actions. The most severe of the flaws is CVE-2022-31656, an authentication bypass vulnerability affecting local domain users that could be leveraged by a bad actor with network access to obtain administrative access.

60% of IT and security leaders are not confident in their organization's ability to ensure secure cloud access, even as adoption continues to grow across a diverse range of cloud environments, according to research from the Ponemon Institute. This Help Net Security video shows how zero trust can increase the security of your digital transformation.

One of the four encryption algorithms the US National Institute of Standards and Technology recommended as likely to resist decryption by quantum computers has has holes kicked in it by researchers using a single core of an Intel Xeon CPU, released in 2013. "Ran on a single core, the appended Magma code breaks the Microsoft SIKE challenges $IKEp182 and $IKEp217 in about 4 minutes and 6 minutes, respectively. A run on the SIKEp434 parameters, previously believed to meet NIST's quantum security level 1, took about 62 minutes, again on a single core," wrote Castryck and Decru, of Katholieke Universiteit Leuven in a a preliminary article [PDF] announcing their discovery.

Very few organizations are focusing on protecting their machine learning assets and even fewer are allocating resources to machine learning security. The advantages are proven, but as we've seen with other new technologies, they quickly become a new attack surface for malicious actors.

Supply chain attacks are on the rise, and many organizations seem unsure on how to respond to the threat, but I'm here to tell you that there are several steps you can take to minimize your risk of being involved in a supply chain breach. To minimize any unknowns, start with a full audit of your IT environment, including any unapproved shadow IT. You need to understand exactly what hardware, software and SaaS products are being used, where the security gaps lie, and which vendors and partners your business relies on - including the nature of those interactions, from the types of data they process to system interfaces and various levels of integration.