Security News > 2022 > December

The idea is simple, yet previously not clearly articulated: to ensure privacy, information should be divided architecturally and institutionally such that each entity has only the information they need to perform their relevant function. Architectural decoupling entails splitting functionality for different fundamental actions in a system, such as decoupling authentication from connectivity.

A state-sponsored hacking group with links to Russia has been linked to attack infrastructure that spoofs the Microsoft login page of Global Ordnance, a legitimate U.S.-based military weapons and hardware supplier. The cybersecurity firm said it discovered 38 domains, nine of which contained references to companies like UMO Poland, Sangrail LTD, DTGruelle, Blue Sky Network, the Commission for International Justice and Accountability, and the Russian Ministry of Internal Affairs.

Public sector bans of Chinese platform TikTok on the grounds of national security have arisen in both Taiwan and additional US states following last week's ban in South Dakota. Last month, Taiwan's Mainland Affairs Council reportedly said the government has prohibited Chinese-funded corporations from operating online platforms in Taiwan and ByteDance does not operate a branch in Taiwan.

Cryptocurrency investment companies are the target of a developing threat cluster that uses Telegram groups to seek out potential victims. "DEV-0139 joined Telegram groups used to facilitate communication between VIP clients and cryptocurrency exchange platforms and identified their target from among the members," the tech giant said.

Vivaldi 5.6 was released today with a Mastodon client integrated directly into the browser's sidebar, seamlessly incorporating the rising social media platform in the browser's interface. [...]

Where's the Night's Watch when you need them? Microsoft has warned Europe to be on alert for cyber attacks from Russia this winter, just as a series of attacks hit Russian organizations –...

ConductorOne open-sourced their identity connectors in a project called Baton, available on GitHub. Each connector gives developers the ability to extract, normalize, and interact with workforce...

A computer program known as a "Bot" acts as an agent for a user or another program or mimics human action. Bots are typically used to automate particular tasks so they can be used without specific human instructions.

Achieving that at scale requires trust intelligence: technology, process, workflow, and metrics to measure trust across the business. Stakeholders from across the business must understand how trust is measured and how it should be managed.

Threat actors allegedly looking for contacts and monitoring org's future plans The Canadian branch of Amnesty International was the target of an attack it has pinned on a Chinese state-sponsored actor.…