Security News > 2022

SMBs can obtain advice about cybersecurity quite easily from a plethora of resources. Extreme risks shouldn't be left unaddressed, because cyberattacks against SMBs are too common and attackers still successfully exploit human weaknesses, primarily via email.

While traditional application security controls remain necessary, they are not quite up to the API security challenge. There are certain basic API security practices organizations can implement to create a more resilient API security posture.

In the Foreword to this year's survey, NewVantage Partners CEO Randy Bean, and Thomas H. Davenport, a Fellow with the firm, write "The ten years of the survey provide a useful measure of progress-or the lack thereof in some respects-in how companies are managing these important initiatives. From 2012 to 2022 the survey has assessed the initiatives that large companies are focused on, where they are investing and the returns they are getting, the roles assigned to manage data, and the issues that cause significant challenges." The state of data and AI initiatives Investment in data and AI initiatives continues to grow as efforts deliver measurable results.

36% of the growth will originate from APAC for the embedded hypervisor software market. China and Japan are the key markets for embedded hypervisor software in APAC. Market growth in APAC will be faster than the growth of the market in other regions.

Managing the security of your third parties is crucial, but security assessments are riddled with problems, including a lack of context, scalability and relevance. In this comprehensive guide, we provide the direction you need to make your organization's third-party security program efficient and scalable.

Microsoft has released an emergency out-of-band update to address a Windows Server bug leading to Remote Desktop connection and performance issues. Affected platforms include Windows Server 2022, Windows Server 2019, Windows Server 2016, and Windows Server 2012 R2. The updates that address this issue are not available from Windows Update and will not install automatically on affected systems.

Threat actors vigorously launched exploit attempts and testing during the last weeks of December, Microsoft said on Monday, in the latest update to its landing page and guidance around the flaws in Apache's Log4j logging library. To evade detection, attackers are mixing up the request patterns: For example, Microsoft has seen exploit code written that runs a lower or upper command within the exploitation string.

Microsoft is warning of continuing attempts by nation-state adversaries and commodity attackers to take advantage of security vulnerabilities uncovered in the Log4j open-source logging framework to deploy malware on vulnerable systems. "We have observed many existing attackers adding exploits of these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on-keyboard attacks."

Google says Manifest V3 is focused on security, privacy and performance, but it could also break Chrome browser extensions used by millions of people. The EFF is right, and Google's plans for MV3 is yet another reason why the best browser for Linux, Windows and Mac isn't Google Chrome.

While this new report outlines authentication requirements for government agencies, they are also excellent guidelines for all fields and user levels. On the strength of passwords, NIST underlines that the requirements of using special characters, for example !$#%&, are obsolete since users still tend to add something that will keep the password memorable.