Security News > 2022 > November

Attempts to reorganize supply chains to cut out China and foil its attempts to build a high-tech chip industry will be costly and may simply cause the Middle Kingdom to redouble its efforts, says memory maker Kioxia. Flores said China would likely retaliate against the recently announced US export controls by ramping up domestic investment in NAND as a long-term solution to its chip supply issues.

While some security teams are beginning to assess their own open-source security by implementing SBOMs, many businesses are considering ditching open-source software altogether. Instead of reluctantly using open source and blaming developers when something goes wrong, businesses should be working with the open-source community with the aim of improving security and working to minimize the fallout from the next vulnerability.

A 22-year-old student German federal police believe to be the administrator of one of the largest German-speaking, dark-web forums has been arrested. According to German law enforcement, the student, from Lower Bavaria, served as the operator of the third version of Deutschland im Deep Web since November 2018.

In this Help Net Security video, Matthew Chiodi, Chief Trust Officer of Cerby, talks about the likely hole in your security strategy. This video zeroes in on one of the most important yet often missed areas of zero trust: unmanageable applications, which leading analysts say contribute to a third of all security breaches.

Recent cyberthreats have highlighted security gaps in the software supply chain, and enterprises must take a closer look at their third-party due diligence processes to ensure trust and security. In a recent survey conducted by the Neustar International Security Council, 76% of security and information technology professionals worldwide cited software supply chain risk as a top security priority, and fully 77% attributed the increased rigor of due diligence processes they have in place for external managed service providers to the Log4j vulnerability and other prominent attacks against software and service providers.

The report, Developer Engagement Report: Are Your Developers Happy or Halfway Out The Door?, draws on data from 860 global developers from different backgrounds to identify trends regarding satisfaction and retention of developers, and provide best practices for IT leaders to avoid developer burnout and turnover. "We continue to be amazed by how IT leaders and developers around the globe continue to innovate in the face of challenges. However, with a global talent shortage of over one million developers, IT leaders will not be able to hire their way out of the challenges they face in response to the insatiable appetite for building high-performance, quality software," said Gonçalo Gaiolas, Chief Product Officer of OutSystems.

A cybersecurity firm has issued another unofficial patch to squash a bug in Windows that Microsoft has yet to fix, with this hole being actively exploited to spread ransomware. Specifically, an attacker could prevent Windows from putting the MotW flag on files extracted from a ZIP archive obtained from an untrusted source.

LogRhythm has unveiled LogRhythm Axon, a cloud-native security operations platform built for security teams that are stretched thin by overwhelming amounts of data and an ever-evolving threat landscape. Verica ProwlerPro SaaS strenghtens security posture for companies running software on AWS. Verica launched ProwlerPro SaaS, providing companies running software on AWS with free AWS security solution.

India's Home Ministry has asked state governments to crack down on illegal lending apps it says have led to "Multiple suicides by citizens owing to harassment, blackmail, and harsh recovery methods." A letter sent last week states: "Large numbers of complaints have been reported across India pertaining to illegal digital lending apps that provide short-term loans or micro credits at exorbitant interest rates with processing or hidden charges, especially to vulnerable and low-income people and use the borrower's confidential personal data like contacts, location, photos/videos for blackmail/harassment."