Security News > 2022

TikTok's Global Chief Security Officer Roland Cloutier has "Transitioned" from his job into "a strategic advisory role focusing on the business impact of security and trust programs." Cloutier's change was revealed in a Saturday organizational update that starts with Cloutier himself signing off from the job on grounds that TikTok has "Made significant progress in delivering on the promises we've made to our global community, business partners, and governments around the world."

Following the launch of a new "Data safety" section for the Android app on the Play Store, Google appears to be readying to remove the app permissions list from both the mobile app and the web. The Data safety section, which Google began rolling out in late April 2022, is the company's answer to Apple's Privacy Nutrition Labels in iOS, allowing users to have a unified view of an app's data collection and processing practices.

A zero trust security architecture is the gold standard for blocking and containing threats, but there's been heavy skepticism around the practicality of implementing zero trust in operational technology environments with the mix of legacy and modern equipment. The survey conducted among 250 cybersecurity professionals in energy, aerospace, port operations, transportation, pipeline operations, utilities, and retail supply chain & warehousing found that 88% of OT cybersecurity leaders have already taken steps to adopt zero trust.

Cumulative merchant losses to online payment fraud globally between 2023 and 2027 will exceed $343 billion, according to Juniper Research. Online payment fraud includes losses across the sales of digital goods, physical goods, money transfer transactions and banking, as well as purchases like airline ticketing.

Senior execs from Alibaba Cloud were summoned to discuss the data leak that saw information pertaining to a billion Chinese citizens sold on the dark web, according to Nikkei and The Wall Street Journal. The Shanghai Police leak is believed to be the biggest data breach ever.

The Matrix open network for decentralized communication has announced a record growth of 79% in the past 12 months, now counting more than 60 million users. According to a press release shared with BleepingComputer, the Matrix decentralized messaging network has added a record 25 million users to its services in the past year, which was mainly the result of three events.

Linode + Kali Linux: Added security for cloud instancesKali Linux, the popular open source Linux distribution specialized for penetration testing, ethical hacking and security auditing, can now be used by Linode customers. The enemy of vulnerability management? Unrealistic expectationsOrganizations vary by size, industry, level of maturity, but one thing that they all have in common is needing to know how to quickly remediate security vulnerabilities.

Researchers following the activities of advanced persistent threat groups originating from China, North Korea, Iran, and Turkey say that journalists and media organizations have remained a constant target for state-aligned actors. Proofpoint analysts have been following these activities from 2021 and into 2022 and published a report about several APT groups impersonating or targeting journalists.

SMBs, beware: Microsoft said this week it has discovered a North Korean crew targeting small businesses with ransomware since September of last year. After the gang gets its eponymous malware onto a victim's network, it follows the standard ransomware playbook: encrypt files, and demand a Bitcoin payment to restore the data.

Threat analysts have uncovered a large-scale campaign targeting Elastix VoIP telephony servers with more than 500,000 malware samples over a period of three months. Security researchers at Palo Alto Networks' Unit 42 say that the attackers' goal was to plant a PHP web shell that could run arbitrary commands on the compromised communications server.