Security News > 2022 > November

Microsoft has asserted that China's offensive cyber capabilities have improved, thanks to a law that has allowed Beijing to create an arsenal of unreported software vulnerabilities. China's 2021 law required organizations to report security vulnerabilities to local authorities before disclosing them to any other entity.

A phishing-as-a-service platform known as Robin Banks has relocated its attack infrastructure to DDoS-Guard, a Russian provider of bulletproof hosting services. The switch comes after "Cloudflare disassociated Robin Banks phishing infrastructure from its services, causing a multi-day disruption to operations," according to a report from cybersecurity company IronNet.

The International Committee of the Red Cross wants to devise a digital equivalent of its emblems, to signify that certain digital resources are protected and must not be targeted during cyberwarfare. "For more than 150 years, protective emblems like the red cross have been used to convey a simple message: In times of armed conflict, those who wear the red cross or facilities and objects marked with [it] must be protected from harm," the organization wrote last week, adding "The obligation of all warring parties to respect and protect medical and humanitarian actors applies online as well."

Despite the clear advantages of cloud infrastructure, one of the main challenges that often gets overlooked is the need to: trust that the infrastructure will be secure enough against threats and that the chosen cloud provider won't purposefully or inadvertently access the data processing on their infrastructure. Can I use secure enclaves to improve data collaboration with other teams?

As cyber attackers increasingly look to capitalize on accelerating digitalization that has seen many enterprises significantly increase their reliance on cloud-based solutions and services as well as third-party service providers, software supply chain risk has become a major concern of organizations. In this Help Net Security video, Andy Zollo, Regional VP of EMEA at Imperva, talks about how organizations can assess and mitigate cyber risks within their supply chain.

In this Help Net Security video, Tonia Dudley, VP, CISO at Cofense, provides a look at the various changes seen in the phishing threat landscape. Dudley talks about the impact of credential phishing and business email compromise, which allow cybercriminals to steal substantial amounts of money from global organizations.

The cybersecurity market is prone to mergers and acquisitions. While we may see a wave of consolidation, which is expected given the amount of venture financing committed to cybersecurity in the last few years, organizations now face the decision to either raise more funding in a challenging environment as valuations normalize or seek an acquisition, as growth investors shift away due to market conditions.

LastPass released findings from its fifth annual Psychology of Password report, which revealed even with cybersecurity education on the rise, password hygiene has not improved. Regardless of generational differences across Boomers, Millennials and Gen Z, the research shows a false sense of password security given current behaviors across the board.

Australian health insurer Medibank - which spent October discovering a security incident was worse than it first thought - has announced it will not pay a ransom to attackers that made off with personal info describing nearly ten million customers. "Based on the extensive advice we have received from cyber crime experts we believe there is only a limited chance paying a ransom would ensure the return of our customers' data and prevent it from being published," CEO David Koczkar stated in a stock market filing published on Monday.

You can up software supply chain security by implementing these measuresThe COVID-19 pandemic has been a driving force in digital acceleration, and it continues to wield its influence in how organizations and their staff embrace work. Most missed area of zero trust: Unmanageable applicationsIn this Help Net Security video, Matthew Chiodi, Chief Trust Officer of Cerby, talks about the likely hole in your security strategy.