Security News > 2022 > August

Countries around the world are realizing that with the amount of data at our disposal, data privacy regulations are paramount to keeping customers and employees safe and organizations protected. "Pretty soon after getting into the cloud, our security group started to say that the security posture could very well be better in the cloud than we had in our data center," said Aaron Carreras, Vice President of Data Management and Transparency Services Technology at FINRA. Their role as an oversight organization meant their ability to segment and access data was key.

Modern aircraft are more connected now than they ever have been. The results have been rewards like faster flight turnarounds, greater fuel efficiency, and more comfortable and enjoyable passenger experiences.

The U.S. Cybersecurity and Infrastructure Security Agency on Friday added 10 new actively exploited vulnerabilities to its Known Exploited Vulnerabilities Catalog, including a high-severity security flaw affecting industrial automation software from Delta Electronics. The development adds weight to the notion that adversaries are getting faster at exploiting newly published vulnerabilities when they are first disclosed, leading to indiscriminate and opportunistic scanning attempts that aim to take advantage of delayed patching.

With roughly 700,000 cybersecurity positions open, businesses across America are feeling the direct impact of the cyber talent shortage. In this Help Net Security video, Mark Manglicmot, SVP of Security Services at Arctic Wolf, talks about creating cyber career opportunities during the talent shortage.

With the healthcare industry continuing to be a top attack vector for cybercriminals and ransomware threat groups, H1 2022 saw an interesting change in targets as attackers moved from large hospital systems and payers, big targets that would likely yield the most data but also have more sophisticated defenses, to smaller hospital systems and specialty clinics that lack the same level of security preparedness, staff size, or budget. Total breaches are declining: The number of reported breaches crested during the second half of 2020 when organizations were so distracted by the pandemic that attackers had an easier time breaching their defenses.

Vulnerability disclosures impacting IoT devices increased by 57% in the first half of 2022 compared to the previous six months, according to a research by Claroty. The report also found that over the same time period, vendor self-disclosures increased by 69%, becoming more prolific reporters than independent research outfits for the first time, and fully or partially remediated firmware vulnerabilities increased by 79%, a notable improvement given the relative challenges in patching firmware versus software vulnerabilities.

LockBit ransomware gang announced that it is improving defenses against distributed denial-of-service attacks and working to take the operation to triple extortion level.The gang has recently suffered a DDoS attack, allegedly on behalf of digital security giant Entrust, that prevented access to data published on its corporate leaks site.

The threat actor behind the Twilio hack used their access to steal one-time passwords delivered over SMS from customers of Okta identity and access management company. Okta provides its customers with multiple forms of authentication for services, including temporary codes delivered over SMS through Twilio.

The threat actor behind the Twilio hack used their access to steal one-time passwords delivered over SMS from customers of Okta identity and access management company. Okta provides its customers with multiple forms of authentication for services, including temporary codes delivered over SMS through Twilio.

At the same time, DuckDuckGo introduces new features that enhance the email service's anti-tracking system, a direct reply function, and smart encryption for embedded links. Email Protection is DuckDuckGo's dedicated email forwarding solution that strips emails from advertising and profiling trackers before they land in the user's regular inbox.