Security News > 2022 > December

Opening them up to external people and entities often makes technology level integration a challenge, as developers relying on REST APIs come up against the reality of on prem, homegrown IAM systems. "They were just meant for internal consumption." Supporting the sort of relationships we've described means exposing those systems to multiple customer and business entities, via web channels, mobile apps and social systems.

Almost 300 apps, downloaded by around 15 million users, have been pulled from the Google Play and Apple App stores over claims they promised quick loans at reasonable rates but then used extortion and other predatory schemes against borrowers. Lookout contacted Google and Apple about the apps and said Wednesday that none of them were still available for download. "What's been identified is a tiny drop in the bucket overall," Chris Clements, vice president of solutions architecture for Cerberus Sentinel, told The Register, adding that "Anything over zero shouldn't be acceptable."

72% of organizations remain vulnerable to the Log4Shell vulnerability as of October 1, 2022, Tenable's latest telemetry study has revealed, based on data collected from over 500 million tests. "While an organization may have been fully remediated at some point, as they've added new assets to their environments, they are likely to encounter Log4Shell again and again. Eradicating Log4Shell is an ongoing battle that calls for organizations to continually assess their environments for the flaw, as well as other known vulnerabilities."

The FTC's recent actions demonstrate a trend toward increased cybersecurity and data privacy scrutiny. It intends to further expand its role in setting and enforcing cybersecurity and data privacy standards.

Lookout researchers have discovered nearly 300 Android and iOS apps that trick victims into unfair loan terms, exfiltrate excessive user data from mobile devices, and then use it to pressure and shame the victims for repayment. Aimed at consumers in developing countries - Colombia, India, Indonesia, Kenya, Mexico, Nigeria, the Philippines, Thailand, and Uganda - the apps and their operators are taking advantage of victims' inability to qualify for a traditional loan.

A recent report from the US Government Accountability Office has shown that K-12 educational institutions are reluctant to report cyber incidents as they fear they would be penalized. During the fiscal year of 2022, FSA received 409 incident reports, which was down from 460 of the previous year.

Defense contractors hold information that's vital to national security and will soon be required to meet Cybersecurity Maturity Model Certification compliance to keep those secrets safe. Nation-state hackers are actively and specifically targeting these contractors with sophisticated cyberattack campaigns.

A new report conducted by Enterprise Strategy Group highlights why today's security teams find it increasingly difficult to detect and stop cyber threats targeting their organizations. The research found that 70% of organizations have fallen victim to an attack that used encrypted traffic to avoid detection.

The new Picus Complete Security Validation Platform levels up the company's attack simulation capabilities to remove barriers of entry for security teams. The new Security Posture Management product from Abnormal gives security teams immediate visibility to each of the potential entry and exit points to the cloud email platform.

Remote access and collaboration company GoTo disclosed today that they suffered a security breach where threat actors gained access to their development environment and third-party cloud storage service. The company says they first learned of the incident after detecting unusual activity in their development environment and third-party cloud storage service.