Security News > 2022 > October

You might even wonder whether that employee had any cybersecurity training whatsoever. At some point, as a cybersecurity practitioner with the responsibility of educating your users and making them aware of the risks that they are exposed to, you'd think that your colleagues would stop falling for what is literally the oldest trick in the hacking playbook.

A 46-year-old man in the U.S. has been sentenced to 25 years in prison after being found guilty of laundering over $9.5 million accrued by carrying out cyber-enabled financial fraud. Elvis Eghosa Ogiekpolor of Norcross, Georgia, operated a money laundering network that opened at least 50 business bank accounts for illicitly receiving funds from unsuspecting individuals and businesses after falling victim to romance frauds and business email compromise scams.

An ex-NSA employee has been charged with trying to sell classified data to the Russians. It's a weird story, and the FBI affidavit raises more questions than it answers.

With this cloud computing market outlook, there is also a growth in the cloud computing threat landscape, which has resulted in the need for cloud security provisions. Over the years, cloud security has taken different trends and dimensions to ensure that cloud resources are protected against attacks: A TechRepublic report suggests that the cloud security market will surpass $123 billion by 2032.

The U.S. Cybersecurity and Infrastructure Security Agency has issued a new Binding Operational Directive that directs federal agencies in the country to keep track of assets and vulnerabilities on their networks six months from now. To that end, Federal Civilian Executive Branch enterprises have been tasked with two sets of activities: Asset discovery and vulnerability enumeration, which are seen as essential steps to gain "Greater visibility into risks facing federal civilian networks."

Keep your business totally secure with this decentralized VPN We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships. This pocket-size device is small enough to take anywhere, and it provides VPN protection through a decentralized network.

Nicknamed ProxyNotShell, a new exploit used in the wild takes advantage of the recently published Microsoft Server-Side Request Forgery vulnerability CVE-2022-41040 and a second vulnerability, CVE-2022-41082 that allows Remote Code Execution when PowerShell is available to unidentified attackers. Based on ProxyShell, this new zero-day abuse risk leverage a chained attack similar to the one used in the 2021 ProxyShell attack that exploited the combination of multiple vulnerabilities - CVE-2021-34523, CVE-2021-34473, and CVE-2021-31207 - to permit a remote actor to execute arbitrary code.

Australian telecom giant Optus on Monday confirmed that nearly 2.1 million of its current and former customers suffered a leak of their personal information and at least one form of identification number as a result of a data breach late last month. "Approximately 1.2 million customers have had at least one number from a current and valid form of identification, and personal information, compromised," Singtel said in an announcement made on its website.

The president of casual Japanese chain restaurant Kappa Sushi resigned yesterday in the wake of a data-theft scandal that has rocked the world of sushi trains. Before he became boss of Kappa Sushi, Tanabe led rival discount sushi establishment Hama Sushi - which has accused Tanabe of stealing trade secrets by accessing data caches that reveal how it slices the price of nigiri to just 75 cents.

The pros and cons of OSS. The challenge of OSS security is that just because everyone can look at the source code, it does not mean anyone will. A recent report from the Linux Foundation found that the average number of outstanding critical vulnerabilities in an application is 5.1, and that 41% of organizations are not confident in their open source software security.