Security News > 2022

Microsoft is investigating user reports that MS Access runtime applications stop opening after installing this month's Patch Tuesday Office/Access security updates. According to customers' complaints on Microsoft's official community website and Reddit, July's cumulative updates trigger this issue for MS Access 2016 and MS Access 2013 are KB5002112 and KB5002121, respectively.

New survey reveals lack of staff, skills, and resources driving smaller teams to outsource security. As business begins its return to normalcy, CISOs at small and medium-size enterprises were asked to share their cybersecurity challenges and priorities, and their responses were compared the results with those of a similar survey from 2021.

The cache-based targeted de-anonymization attack is a cross-site leak that involves the adversary leveraging a service such as Google Drive, Dropbox, or YouTube to privately share a resource with the target, followed by embedding the shared resource into the attack website. The attack, in a nutshell, aims to unmask the users of a website under the attacker's control by connecting the list of accounts tied to those individuals with their social media accounts or email addresses through a piece of shared content.

An emerging threat cluster originating from North Korea has been linked to developing and using ransomware in cyberattacks targeting small businesses since September 2021. The group, which calls itself H0lyGh0st after the ransomware payload of the same name, is being tracked by the Microsoft Threat Intelligence Center under the moniker DEV-0530, a designation assigned for unknown, emerging, or a developing group of threat activity.

The Tor Project team has announced the release of Tor Browser 11.5, a major release that brings new features to help users fight censorship easier. The Tor Browser has been created specifically for accessing sites through The Onion Router network to offer users anonymity and privacy when accessing information on the internet.

Trend Micro Research has published an anatomy of a Windows remote code execution vulnerability lurking in the Network File System. The vulnerability in question, CVE-2022-30136, was patched by Microsoft in June but the research makes for interesting reading both in terms of the vulnerability itself and the potential for exploitation.

The new proposal-championed by Mayor London Breed after November's wild weekend of orchestrated burglaries and theft in the San Francisco Bay Area-would authorize the police department to use non-city-owned security cameras and camera networks to live monitor "Significant events with public safety concerns" and ongoing felony or misdemeanor violations. Currently, the police can only request historical footage from private cameras related to specific times and locations, rather than blanket monitoring.

Log4j exploitation: Risk and effects of remediation efforts. While cybersecurity vendors continue to flag attacks involving Log4Shell exploitation, "The Board also found that to date, generally speaking, exploitation of Log4j occurred at lower levels than many experts predicted, given the severity of the vulnerability."

The U.S. Department of Commerce's National Institute of Standards and Technology has chosen the first group of quantum-resistant encryption tools, designed to withstand the assault of a future quantum computer, which could potentially crack the security used to protect privacy in the digital systems we rely on every day - such as online banking and email software. This Help Net Security video covers the highlights of four encryption algorithms selected by NIST..

The bad news keeps on rolling for British recruitment agency Morgan Hunt amid confirmation it suffered a digital burglary, with intruders making off with the personal data for some of the freelancers on its books. The info accessed on the database included contractors' names, contact details, identity documents, proof of address documents, National Insurance number, and date of birth.