Security News

The report also details the top browser security threats of 2022, which include phishing attacks via high reputation domains, malware distribution via file sharing systems, data leakage exploiting personal browser profiles, outdated browsers, compromised passwords, vulnerable unmanaged devices, high-risk extensions, shadow IT, and account takeovers with phishing credentials. In addition to the stats and analysis of the prominent threats, the report provides a retrospect of the main news stories that left a mark in the world of browser security in 2022.

Your technology is always changing, and you often play catchup to secure it. This isn't easy in the cloud when you share security responsibility with the cloud service providers.

With a focus on the security of web app firewalls, pen tests target application programming interfaces, servers and any leaky point of entry. Security firm Pentera's second annual report on pen testing deployment in the U.S. and Europe found that 92% of organizations are lifting their overall IT security budgets.

SaaS-to-SaaS app installations are growing nonstop at organizations around the world. Third-party app connections typically take place outside the view of the security team, are not vetted to understand the level of risk they pose.

Relief may not come soon, if research firm Gartner's predictions hold true that fully a quarter of security leaders will depart the cybersecurity field entirely by 2025 due to work pressures. In a new report, the firm predicts that nearly half of cybersecurity leaders will change jobs, and that by 2025, lack of talent or human failure will be responsible for over half of significant cyber incidents.

The healthcare provider giant said on Monday that Fortra issued an alert saying that it had "Experienced a security incident" leading to some CHS data being compromised. A subsequent investigation revealed that the resulting data breach affected the personal and health information of up to 1 million patients.

The Russia-affiliated Sandworm used yet another wiper malware strain dubbed NikoWiper as part of an attack that took place in October 2022 targeting an energy sector company in Ukraine. The use of SDelete is notable, as it suggests that Sandworm has been experimenting with the utility as a wiper in at least two different instances to cause irrevocable damage to the targeted organizations in Ukraine.

Over several weeks in October of 2022, Specops collected 4.6 million attempted passwords on their honeypot system. Though the examples given here focused on RDP connections, a honeypot is not limited to that type of connection, and any remote access system is subject to attacks, like SSH. What should an organization do to minimize the potential damage?

In December 2022, security company Mandiant, now a Google Cloud company, identified a FortiOS malware written in C that exploited the CVE-2022-42475 FortiOS vulnerability. The Linux version of the malware, when executed, performs a system survey and enables communications with a hardcoded command-and-control server.

Anti-analysis techniques are deployed by malware to evade analysis or render the file analysis much more complex and difficult for researchers and malware sandboxes. File enumeration is a critical operation for ransomware operators.