Security News
The Federal Bureau of Investigation warns of increasing complaints that cybercriminals are using Americans' stolen Personally Identifiable Information and deepfakes to apply for remote work positions. The public service announcement, published on the FBI's Internet Crime Complaint Center today, adds that the deepfakes used to apply for positions in online interviews include convincingly altered videos or images.
The latest version of the OpenSSL library has been discovered as susceptible to a remote memory-corruption vulnerability on select systems. OpenSSL 1.1.1 as well as OpenSSL forks BoringSSL and LibreSSL are not affected.
QNAP, Taiwanese maker of network-attached storage devices, on Wednesday said it's in the process of fixing a critical three-year-old PHP vulnerability that could be abused to achieve remote code execution. "A vulnerability has been reported to affect PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24, and 7.3.x below 7.3.11 with improper nginx config," the hardware vendor said in an advisory.
These attacks should be seen as a lesson that can inform future security strategies to mitigate ransomware risk. With organizations continuing to support remote and hybrid work, they no longer have the visibility and control they once had inside their perimeter.
Martin Herfurt, a security researcher in Austria, quickly noticed something odd about the new feature: Not only did it allow the car to automatically start within 130 seconds of being unlocked with the NFC card, but it also put the car in a state to accept entirely new keyswith no authentication required and zero indication given by the in-car display. "The authorization given in the 130-second interval is too general [it's] not only for drive," Herfurt said in an online interview.
Follina abuses Microsoft Office to execute remote code. CVE-2022-30190, also known as "Follina", is a remote code execution vulnerability that affects Microsoft Office, reported on May 27, 2022.
NordLayer is not just a client-based VPN tool that you have your employees install and hope they remember to use, it also includes an admin console that allows you to keep tabs on those employees if they're using the VPN, and what gateways they've connected to. NordLayer also features threat management, network management, 2FA/SSO/biometric authentication, auto-connect, network segmentation, site-to-site dedicated gateways, shared servers, AES 256-bit encryption, ThreatBlock, custom DNS, dedicated IP addresses, jailbroken device detection and smart remote access.
Workspot announced a survey report which reveals that in the past year, due to remote work, 83% of IT leaders expanded or accelerated their cloud strategies, while still facing increasing challenges with security, and concerns about employee compliance to new controls. With that in mind, budgets are expected to increase throughout the year to improve remote work technologies.
Locks that use Bluetooth Low Energy to authenticate keys are vulnerable to remote unlocking. The research focused on Teslas, but the exploit is generalizable.
Security, employee compliance biggest challenges when supporting remote workers. For its report "The State of Remote Work 2022: A Survey of End-User Computing Decision Makers," Workspot commissioned market research firm Dimensional Research to survey 304 IT professionals about their remote workforce.