Security News > 2022 > November

A great cybersecurity recovery program can save businesses from long-term damage and save them money. Until recent years, this cybersecurity recovery investment would be spent on an annual tabletop exercise or disaster recovery test and auditing recovery plans.

Bitwarden announced the results of its 2023 Password Decisions Survey, which polled 800 IT decision makers across a wide range of industries, showing that passwordless technology is here to stay, with businesses enthusiastic about its perceived security benefits and improved user experience. In light of these challenges, 79% of IT decision makers want employees to use the same enterprise-wide password manager.

Microsoft has a new utility to the PowerToys toolset that will help Windows users find the processes using selected files and unlock them without requiring a third-party tool. As its name implies, the new File Locksmith utility can be used to deal with locked files that can't be deleted or opened because Windows says another process is using them.

The US Treasury Department has thwarted a distributed denial of service attack that officials attributed to Russian hacktivist group Killnet. According to Reuters, which first reported on the US Treasury incident, the Killnet DDoS flood didn't have any operational impact on the agency and it happened a couple days before the Russians turned their attention to JPMorgan Chase.

Threat actors are using the compromised infrastructure of an undisclosed media company to deploy the SocGholish JavaScript malware framework on the websites of hundreds of newspapers across the U.S. "The media company in question is a firm that provides both video content and advertising to major news outlets. [It] serves many different companies in different markets across the United States," Sherrod DeGrippo, VP of threat research and detection at Proofpoint, told BleepingComputer. The threat actor behind this supply-chain attack has injected malicious code into a benign JavaScript file that gets loaded by the news outlets' websites.

Threat actors are using the compromised infrastructure of an undisclosed media company to deploy the SocGholish JavaScript malware framework on the websites of hundreds of newspapers across the U.S. The threat actor behind this supply-chain attack has injected malicious code into a benign JavaScript file that gets loaded by the news outlets' websites. "Proofpoint Threat Research has observed intermittent injections on a media company that serves many major news outlets. This media company serves content via Javascript to its partners," Proofpoint's Threat Insight team revealed today in a Twitter thread. "By modifying the codebase of this otherwise benign JS, it is now used to deploy SocGholish."

Open-source repository SourceHut is pulling the plug on software projects that tap into cryptocurrency and blockchain. In a post published on Monday, Oct. 31, SourceHut founder and creator Drew DeVault said he would ban projects associated with these technologies, citing their use in "Get-rich-quick" schemes and other types of scams.

The Emotet malware operation is again spamming malicious emails after almost a four-month "Vacation" that saw little activity from the notorious cybercrime operation. Emotet is a malware infection distributed through phishing campaigns containing malicious Excel or Word documents.

The Emotet malware operation is again spamming malicious emails after almost a five-month "Vacation" that saw little activity from the notorious cybercrime operation.Emotet is a malware infection distributed through phishing campaigns containing malicious Excel or Word documents.

Microsoft is now testing a new way to help Windows 11 users get more out of its Windows Search by displaying tip flyouts in the taskbar. Starting today, Windows 11 will display tips prodding Windows Insiders who have installed the latest Windows 11 Dev build to search their PC and the web from the taskbar.