Security News

Report: Cyberespionage threat actor exploits CVE-2022-42475 FortiOS vulnerability
2023-01-23 20:53

In December 2022, security company Mandiant, now a Google Cloud company, identified a FortiOS malware written in C that exploited the CVE-2022-42475 FortiOS vulnerability. The Linux version of the malware, when executed, performs a system survey and enables communications with a hardcoded command-and-control server.

Microsoft retracts its report on Mac ransomware
2023-01-12 13:42

Anti-analysis techniques are deployed by malware to evade analysis or render the file analysis much more complex and difficult for researchers and malware sandboxes. File enumeration is a critical operation for ransomware operators.

Global Risks Report: Understand the risk landscape in 2023 and beyond
2023-01-12 10:45

For the past 17 years the World Economic Forum's Global Risks Report has warned about deeply interconnected global risks. The window for action on the most serious long-term threats is closing rapidly and concerted, collective action is needed before risks reach a tipping point.

Chick-fil-A investigates reports of hacked customer accounts
2023-01-06 22:15

American fast-food restaurant chain Chick-fil-A is investigating what it described as "Suspicious activity" linked to some of its customers' accounts. A support page on Chick-fil-A's One Membership Program customer support website provides potentially affected clients with details on what to do if they notice unusual activity on their accounts, if they see any mobile orders placed without their approval, or if they're loyalty points were used to redeem or gift rewards fraudulently.

Cisco Talos report: Threat actors use known Excel vulnerability
2022-12-22 18:25

Microsoft Office files, particularly Excel and Word files, have been targeted by some cybercriminals for a long time. As exposed in new research from Cisco Talos, threat actors might leverage event handling functions in Excel files in order to automatically launch.

Microsoft reports macOS Gatekeeper has an 'Achilles' heel
2022-12-20 19:30

Security researchers at Microsoft have discovered a bug in macOS that lets malicious apps bypass Apple's Gatekeeper security software "For initial access by malware and other threats." Gatekeeper has been a part of macOS for a decade and is used to validate that apps are signed and notarized before allowing them to be launched.

How compliance leaders can encourage employees to report misconduct
2022-12-08 04:00

As Chief Compliance Officers continue to face challenges in restoring employee misconduct reporting to pre-pandemic levels, there are three strategies they should implement to increase confidence in their processes among employees, according to Gartner. "There are clearly structural challenges that have impaired effective misconduct reporting, ranging from new working models, to higher employee turnover, and increased societal polarization," said Chris Audet, VP, research, in the Gartner Legal, Risk & Compliance practice.

Why are K-12 educational institutions reluctant to report cyber incidents?
2022-12-01 05:00

A recent report from the US Government Accountability Office has shown that K-12 educational institutions are reluctant to report cyber incidents as they fear they would be penalized. During the fiscal year of 2022, FSA received 409 incident reports, which was down from 460 of the previous year.

GitHub sets up private vulnerability reports for public repos to avoid 'naming and shaming'
2022-11-14 22:00

GitHub is offering a scheme for security researchers to privately report vulnerabilities found in public repositories. Being able to privately report code flaws is important to researchers who are often left with choices that can lead to more security problems, GitHub said in a blog post.

2022 Cloud Data Security Report
2022-11-09 03:45

Security teams are in charge of their company's most important asset - data. Their mission is to make sure they discover and remediate all of the data-related risks and keep up with the frequent changes that can affect their sensitive data.