Security News > 2022 > September

A new research study focused on SaaS usage among enterprises across the USA, UK, and Europe, highlights a striking difference between consumption and security of SaaS applications. The majority of respondents reported more than half of their applications are now SaaS-based, and 70% of organizations in the UK reported spending more on SaaS applications today than a year ago.

82% of Global CIOs say the CIO role has become more challenging compared with just two years ago as they are confronting a vast array of unique challenges, from the increasing use of AI and automation to talent acquisition in a global, remote workforce. Globally, CIOs find it most difficult to solve challenges related to data privacy/security, cybersecurity/ransomware, keeping up with technological change, managing fragmented IT vendor ecosystems and adopting/deploying new technology.

Three former US government cyber-spies who, among other things, illicitly compromised and snooped on Americans' devices for the United Arab Emirates government have been banned from participating in international arms exports under a deal reached with Uncle Sam. Per the terms of the agreements, Ryan Adams [PDF], Marc Baier [PDF] and Daniel Gericke [PDF], all three former NSA operatives, will be "Debarred," meaning they are prohibited from participating in any activities regulated under the International Traffic in Arms Regulations for three years.

Traffers are generally organized as teams and compromise websites in order to hook the traffic and bring the visitors to malicious content. The typical organization for such a team is pretty straightforward: One or several team administrators lead traffers but also handle the malware licenses and the analysis and selling of the logs collected by the traffers.

When trying to click tweets on the Twitter web app, the only things that show up are the errors and a Retry button underneath, with no sidebar menu. Some users also have issues loading the Twitter website altogether, while others say that their not even able to connect to Twitter's servers, according to Downdetector.

Microsoft says the latest Windows 11 preview build has improved the Accounts Settings page to provide Xbox subscription management capabilities. The new 'Your Microsoft account' settings page within Windows 11's Settings was rolled out by the Windows Insider team starting in October 2021.

LastPass source code breach - do we still recommend password managers? DOUG. That's important to point out, because a lot of people, I think, who don't understand how password managers work - and I wasn't totally clear on this either as you write in the article, your local machine is doing the heavy lifting, and all the decoding is done *on your local machine*, so LastPass doesn't actually have access to any of the things you're trying to protect anyway.

Chile's national computer security and incident response team has announced that a ransomware attack has impacted operations and online services of a government agency in the country. The attack started on Thursday, August 25, targeting Microsoft and VMware ESXi servers operated by the agency.

Microsoft warned customers today that it will finally disable basic authentication in random tenants worldwide to improve Exchange Online security starting October 1, 2022."Since our first announcement nearly three years ago, we've seen millions of users move away from basic auth, and we've disabled it in millions of tenants to proactively protect them. We're not done yet though, and unfortunately usage isn't yet at zero. Despite that, we will start to turn off basic auth for several protocols for tenants not previously disabled," the Exchange Team said today.

The government of Montenegro has provided more information about the attack on its critical infrastructure saying that ransomware is responsible for the damage and disruptions. Public Administration Minister Maras Dukaj stated on local television yesterday that behind the attack is an organized cybercrime group.