Security News > 2022 > August

Microsoft on Friday disclosed a potential connection between the Raspberry Robin USB-based worm and an infamous Russian cybercrime group tracked as Evil Corp. The tech giant said it observed the FakeUpdates malware being delivered via existing Raspberry Robin infections on July 26, 2022. Raspberry Robin, also called QNAP Worm, is known to spread from a compromised system via infected USB devices containing malicious a.LNK files to other devices in the target network.

The shift to cloud-native development, along with the increased speed in development brought about by the adoption of DevOps processes, has made the challenges connected with securing software supply chains infinitely more complex, according to recent research from Venafi. In this Help Net Security video, Kevin Bocek, VP of Threat Intelligence and Business Development, Venafi, discusses how CIOs are becoming increasingly concerned about the serious business disruptions, revenue loss, data theft, and customer damage that can result from successful software supply chain attacks.

Vade announced its H1 2022 Phishers' Favorites report, a ranking of the top 25 most impersonated brands in phishing attacks. With 11,041 unique phishing URLs, Microsoft is the top target for brand impersonation.

CIS-CAT Lite is the free assessment tool developed by the CIS, which helps users implement secure configurations for multiple technologies. With unlimited scans available via CIS-CAT Lite, your organization can download and start implementing CIS Benchmarks in minutes.

As of June 30, 2022, 91% of companies across all verticals, states, and business size that must comply with CCPA are still unprepared to meet CCPA requirements, according to CYTRIO. Further, 94% of companies that must comply with GDPR are ill prepared to meet the GDPR compliance requirements. "The majority of companies that must meet CCPA, CPRA, and GDPR compliance have a long way to go, and with enforcements looming, many are exposed to compliance enforcement fines and private-right of-action," said Vijay Basani, CEO, CYTRIO. "Through our ongoing research, we aim to educate the market on the importance of data privacy rights compliance, the need to enable consumers to easily exercise their data privacy rights, and how companies can build trust with their customers leveraging automated Data Subject Access Request submission and response solutions."

Darktrace launched Darktrace PREVENT, an interconnected set of AI products that deliver a proactive cyber security capability to help organizations pre-empt future cyber-attacks. CertiK launched several web3 Skynet security features to bolster end-to-end security for the web3 world.

The report, titled Technology-facilitated abuse: National survey of Australian adults' experiences [PDF], used a sample of 4,562 subjects and found that approximately one in three TFA victimization experiences occurred "In a current or former intimate partner relationship." Australians with a disability, the LGBTQ+ community, and indigenous Australians were more likely to have experienced TFA than other groups. "We have no constraints within the company which precludes anyone from choosing what they want to do and we've had extensive discussions and meetings with the appropriate authorities," said the CEO. Labor rights organization Nascent Information Technology Employees Senate told The Register Parekh's comments were "Misleading."