Security News > 2022 > October

Only a third of PostgreSQL databases connected to the internet use SSL for encrypted messaging, according to a cloud database provider. Bit.io, which offers a drag-and-drop database as a service based on PostgreSQL, searched shodan.io to create a sample of 820,000 PostgreSQL servers connected to the internet over September 1-29.

In what's a new phishing technique, it has been demonstrated that the Application Mode feature in Chromium-based web browsers can be abused to create "Realistic desktop phishing applications." Application Mode is designed to offer native-like experiences in a manner that causes the website to be launched in a separate browser window, while also displaying the website's favicon and hiding the address bar.

"As a result the data is not readable by human admins as well as the cloud providers' hypervisors, other tenants or the operating system. So you no longer have to trust the cloud provider's security even if they were corrupted and intentionally malicious." Intel SGX offers an additional layer of beyond data and application isolation inside the TEE. The remote attestation function verifies that a cloud user's SGX-enabled application can be trusted.

The Identity Theft Resource Center has published a research that shows nearly 40 percent of ITRC victims say their personal information was stolen, compromised or misused in the past year. This Help Net Security video provides information how social media account takeover affect consumers and victims.

In yet another case of bring your own vulnerable driver attack, the operators of the BlackByte ransomware are leveraging a flaw in a legitimate Windows driver to bypass security solutions. "The evasion technique supports disabling a whopping list of over 1,000 drivers on which security products rely to provide protection," Sophos threat researcher Andreas Klopsch said in a new technical write-up.

Looking way ahead in the forecast, Microsoft Server 2012/2012 R2 will go into ESU support following the October 2023 Patch Tuesday on October 11. October 2022 Patch Tuesday forecast Expect the trend to address more CVEs in the older operating systems to continue.

Three US national security agencies - CISA, the FBI and the NSA - on Thursday issued a joint advisory naming the 20 infosec exploited by state-sponsored Chinese threat actors since 2020. The Cybersecurity and Infrastructure Security Agency, National Security Agency and Federal Bureau of Investigation stated they collectively consider the People's Republic of China state-sponsored cyber activities as "Being one of the largest and most dynamic threats to U.S. government and civilian networks."

How do you best spend a cybersecurity budget you have long been hoping you'd get? That's the question state, local, and territorial governments are starting to ask themselves in the wake of a major September announcement from the Department of Homeland Security. DHS will be doling out $1 billion in funding over the next four years as part of a first-of-its-kind cybersecurity grant program specifically aimed at SLT governments.

In this Help Net Security video, Alon Levin, VP of Product Management at Seraphic Security, explains what social engineering is, and how prevalent it is. He offers insight into the three ways enterprises can mitigate the risks of social engineering.

Like any other innovation, the integration of IoT technology in smart buildings will bring benefits as well as more and newer risks. The market for smart building technologies continues to grow at even faster rates.