Security News > 2022 > December

In brief Certificate Authority TrustCor responded to its ejection from Mozilla and Microsoft's browsers by offering refunds for some customers, while leaving others to pick up the mess on their own. In a list of upcoming changes published to TrustCor's website, the company said all of its resellers had been notified that TrustCor "Will not offer new or renewed server certificates commercially at this time."

Organizations need to do the same and take a multidimensional approach to cybersecurity because biannual training videos aren't enough to engage employees or protect your business. Many cybersecurity training strategies don't prepare employees for scenarios like these.

MITRE ATT&CK is a knowledge base of adversary tactics and techniques based on real-world observations. Below you can find a collection of MITRE ATT&CK tools and resources available for free.

Security is the number one driver behind most DevOps and DevSecOps implementations. Only 30% feel confident in the level of collaboration between security and development, 86% experience challenges in their current approaches to security and 51% admit that they don't fully understand how security fits into DevSecOps.

Rackspace has not offered any explanation of the "Security incident" that has taken out its hosted Exchange environment and led the company to predict multiple days of downtime before restoration. The Register has conversed with customers who profess to having little technical expertise - which is fair enough given Rackspace promotes its hosted Exchange service as suitable for "Any business size or need" and that an "Award-winning team of support experts is available to solve your technical problems 24x7x365."

Every year the personal data of millions of people, such as passwords, credit card details, or health details, fall into the hands of unauthorized persons through hacking or data processing errors by companies. In the EU, any data leak that may result in risks for the concerned individuals must be reported within 72 hours.

The rising adoption of connected medical devices is accelerating cyberattacks, according to Capterra's Medical IoT Survey of healthcare IT professionals. Medical practices with more than 70% of their devices connected are 24% more likely to experience a cyberattack than practices with 50% or fewer connected devices.

A new set of Android malware, phishing, and adware apps have infiltrated the Google Play store, tricking over two million people into installing them. One app illustrated by Dr. Web that has amassed one million downloads is TubeBox, which remains available on Google Play at the time of writing this.

Pre-auth RCE in Oracle Fusion Middleware exploited in the wildA pre-authentication RCE flaw in Oracle Access Manager that has been fixed in January 2022 is being exploited by attackers in the wild, the Cybersecurity and Infrastructure Security Agency has confirmed by adding the vulnerability to its Known Exploited Vulnerabilities Catalog. LastPass, GoTo announce security incidentLastPass and its affiliate GoTo have announced that they suffered a security incident and, in LastPass' case, a possible data breach.

Open source software hosting and cloud computing provider Fosshost will no longer be providing services as it reaches end of life. UK-based non-profit Fosshost has been providing services to several high profile open source projects like GNOME, Armbian, Debian and Free Software Foundation Europe completely free of charge.