Security News > 2023 > January

Only a quarter of the respondents said they were victims of ransomware attacks in 2022, a significant drop from 64% the previous year. Over the same period, 13% of companies with fewer than 100 staffers were victimized by ransomware, down from 34%. Why the decline? Delinea cited a few possible reasons: One factor may be the disbanding of the Conti ransomware group into smaller factions; another cause might be the greater effectiveness of security tools in preventing attacks; alternatively, it's possible fewer victims are reporting ransomware attacks.

Russian disinformation didn't materially affect the way people voted in the 2016 US presidential election, according to a research study published on Monday, though that doesn't make the effect totally inconsequential. Boffins from New York University, University of Copenhagen, Trinity College Dublin, and Technical University of Munich analyzed more than 700,000 social media posts in April and in October 2016 from Twitter accounts associated with the Internet Research Agency, a Russian influence operation.

Security researchers are warning that patching critical vulnerabilities allowing access to the network is insufficient to defend against ransomware attacks. One case is a Lorenz ransomware attack that reached completion months after the hackers gained access to the victim's network using an exploit for a critical bug in a telephony system.

Microsoft has fixed a known issue affecting Windows apps using ODBC database connections after installing the November 2022 Patch Tuesday updates. This issue impacts both client and server Windows platforms, from Windows 7 SP1 and Windows Server 2008 SP2 up to the latest released Windows 11 and Windows Server 2022.

Researchers at the universities of California, Virginia, and Microsoft have devised a new poisoning attack that could trick AI-based coding assistants into suggesting dangerous code. Given the rise of coding assistants like GitHub's Copilot and OpenAI's ChatGPT, finding a covert way to stealthily plant malicious code in the training set of AI models could have widespread consequences, potentially leading to large-scale supply-chain attacks.

To mark the January 2023 Patch Tuesday, Microsoft has released patches for 98 CVE-numbered vulnerabilities, including one exploited in the wild and one that's been publicly disclosed. The one publicly disclosed vulnerability - CVE-2023-21549, in Windows SMB Witness - is apparently less likely to be exploited in the latest Windows and Windows Server versions, even though attack complexity and privileges required are low, and no user interaction is needed.

One popular use of JSON is the JWT system, which isn't pronounced jer-witt, as it is written, but jot, an English word that is sometimes used to refer the little dot we write above above an i or j, and that refers to a tiny but potentially important detail. Loosely speaking, a JWT is a blob of JavaScript that is used by many cloud services as a service access token.

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.

Microsoft has published the Windows 10 KB5022282 and KB5022286 cumulative updates for versions 22H2, version 21H2, version 21H1, and 1809 to fix security vulnerabilities and resolve known bugs. This update is not available for Windows 10 1909 or Windows 10 2004.

Microsoft has addressed a known issue causing Blue Screen of Death crashes with 0xc000021a errors after installing the Windows 10 KB5021233 cumulative update released during the December Patch Tuesday. The issue was fixed in the KB5022282 update issued today for all Windows 10 versions currently under support.