Security News > 2022 > October

The relationship between boards of directors and CISOs could be better these days. According to a report from cyber security firm ProofPoint in collaboration with Cybersecurity at MIT Sloan, while 69% of board members report seeing eye-to-eye with their CISO, only 51% of CISOs say the same thing.

Microsoft says the Windows 11 2022 Update has a new deployment phase as it is now available to all seekers on eligible devices. "We are entering a new phase of the rollout for Windows 11, version 22H2 and we are increasing its availability to all who check for updates on eligible Windows devices," the company says on the Windows Health dashboard.

One of the most famous catchphrases in television history. Popularized by the BBC gameshow and delivered by caustic TV presenter Anne Robinson, it is still the ultimate put down.

Microsoft has updated the mitigations for the latest Exchange zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082, also referred to ProxyNotShell.Reported privately to Microsoft three weeks ago, CVE-2022-41040 is a server-side request forgery that enables privilege escalation and works with CVE-2022-41082 to trigger remote code execution on on-premise Exchange server deployments.

A novel Android malware called RatMilad has been observed targeting a Middle Eastern enterprise mobile device by concealing itself as a VPN and phone number spoofing app. The mobile trojan functions as advanced spyware with capabilities that receives and executes commands to collect and exfiltrate a wide variety of data from the infected mobile endpoint, Zimperium said in a report shared with The Hacker News.

Australia's largest telecommunications company Telstra disclosed that it was the victim of a data breach through a third-party, nearly two weeks after Optus reported a breach of its own. "There has been no breach of Telstra's systems," Narelle Devine, the company's chief information security officer for the Asia Pacific region, said.

There remains some hesitancy in fully adopting this approach, and organizations must weigh the benefits and risks before deciding whether shadow IT is to be fully embraced. Since Forrester Research coined the model in 2010, zero trust has proven its ability to provide organizations guidance on continuously managing and mitigating evolving risks to protect their digital assets and outweigh the adverse effects of so-called "Bad shadow IT." Despite this, zero trust presents plenty of risks to an organization, and these can often outweigh the positive outcomes.

Cybersecurity biz Kaspersky has spotted a modified version of the Tor Browser it says collects sensitive data on Chinese users. The data collected by the browser itself includes internet history and data entered into website forms, said the threat hunter.

A new directive issued by the Cybersecurity and Infrastructure Security Agency is ordering US federal civilian agencies to perform regular asset discovery and vulnerability enumeration, to better account for and protect the devices that reside on their networks. "Over the past several years, CISA has been working urgently to gain greater visibility into risks facing federal civilian networks, a gap made clear by the intrusion campaign targeting SolarWinds devices," the agency explained the impetus for the Binding Operational Directive 23-01.

A new Android spyware named 'RatMilad' was discovered targeting mobile devices in the Middle East, used to spy on victims and steal data. The RatMilad spyware was discovered by mobile security firm Zimperium who warned that the malware could be used for cyber espionage, extortion, or to eavesdrop on victim's conversations.