Security News

Threat actors associated with the notorious Emotet malware are continually shifting their tactics and command-and-control infrastructure to escape detection, according to new research from VMware. "The ongoing adaptation of Emotet's execution chain is one reason the malware has been successful for so long," researchers from VMware's Threat Analysis Unit said in a report shared with The Hacker News.

Researchers have disclosed details about a now-patched high-severity security flaw in Packagist, a PHP software package repository, that could have been exploited to mount software supply chain attacks. Packagist is used by the PHP package manager Composer to determine and download software dependencies that are included by developers in their projects.

Microsoft is working on updating Microsoft Defender for Office 365 to allow Microsoft Teams users to alert their organization's security team of any dodgy messages they receive.Microsoft Defender for Office 365 protects organizations from malicious threats from email messages, links, and collaboration tools.

The Atlantic Council has published a report on securing the Internet of Things: "Security in the Billions: Toward a Multinational Strategy to Better Secure the IoT Ecosystem." The report examines the regulatory approaches taken by four countries-the US, the UK, Australia, and Singapore-to secure home, medical, and networking/telecommunications devices. The report recommends that regulators should 1) enforce minimum security standards for manufacturers of IoT devices, 2) incentivize higher levels of security through public contracting, and 3) try to align IoT standards internationally.

According to VMware, such movements were observed in 25% of all attacks. One of the best things that organizations can do to counter these types of attacks is to look for ways to improve overall visibility.

The big story from last month was the LastPass breach, in which an attacker apparently got access to just one part of the LastPass network, but was able to make off with the company's proprietary source code. LastPass has now published an official follow-up report on the incident, based on what it has been able to figure out about the attack and the attackers in the aftermath of the intrusion.

Uber suffered a cyberattack Thursday afternoon with a hacker gaining access to vulnerability reports and sharing screenshots of the company's internal systems, email dashboard, and Slack server. The New York Times, which first reported on the breach, said they spoke to the threat actor, who said they breached Uber after performing a social engineering attack on an employee and stealing their password.

The State of Digital Trust 2022 research report from ISACA found that nearly all respondents believe digital trust is important and 63% said that digital trust is relevant to their jobs. Those that measure digital trust have two areas in common-their board of directors has prioritized digital trust and they use a digital trust framework, according to the report.

U.S. moving and storage rental company U-Haul has suffered a data breach due to an unauthorized person having accessed an unspecified number of rental contracts, U-Haul's parent company Amerco has revealed in a last week.It is not known have many customers have been affected, but apparently their payment card information is safe - the person had access "Only" to customers' name, driver's license or state identification number.

Delinea set out to understand what IT security leaders are doing to reduce the risk of a privileged account or identity-based attack. This report reveals how people close to the process feel about their progress, what obstacles stand in their way, and where they're making investments for the future.