Security News
78% of security professionals expect breach and incident reporting requirements to create more work for their teams, and 77% expect increased work from privacy requirements. "Regulatory developments around both incident reporting and privacy will undoubtedly continue to ramp up in 2023," said Bill Bernard, AVP, Security Strategy at Deepwatch.
WordPress sites are being targeted by a previously unknown strain of Linux malware that exploits flaws in over two dozen plugins and themes to compromise vulnerable systems. "If sites use outdated versions of such add-ons, lacking crucial fixes, the targeted web pages are injected with malicious JavaScripts," Russian security vendor Doctor Web said in a report published last week.
Since the first months of 2020, ransomware attacks have been on the rise and are in the news again. In this presentation, Dave Lewis, Global Advisory CISO at Cisco, talks about the historical rise and fall of ransomware from floppy disks to RaaS, why it's seen a resurgence in popularity along with recent data on the state of ransomware currently, and how you can improve your defenses against ransomware attacks.
Now there are new third party risk assessment strategies, services and tools that can help identify security "Weak points" in your company's supply chain. In 2021, BlueVoyant, a cybersecurity provider, reported that 98% of organizations it had surveyed said they had been impacted by a supply chain security breach.
It's the last regular working weekday of 2022, in the unsurprisingly relaxed and vacationistic gap between Christmas and New Year. So you were probably expecting us to come up either with a Coolest Stories Of The Year In Review listicle, or with a What You Simply Must Know About Next Year thinly-disguised-as-not-a-listicle listicle.
Cybersecurity researchers have exposed a wide variety of techniques adopted by an advanced malware downloader called GuLoader to evade security software. In November 2021, a JavaScript malware strain dubbed RATDispenser emerged as a conduit for dropping GuLoader by means of a Base64-encoded VBScript dropper.
According to analysis by cloud security startup Wiz and EY, 93 percent of cloud environments were vulnerable to the Log4Shell vulnerability. It's a challenge that existing tools struggle with, argues Wiz product vice president Yinon Costica, who points out that these have been adapted ad-hoc from an established computing model not built with cloud security in mind.
Multiple high-severity vulnerabilities have been disclosed in Passwordstate password management solution that could be exploited by an unauthenticated remote adversary to obtain a user's plaintext passwords. "Successful exploitation allows an unauthenticated attacker to exfiltrate passwords from an instance, overwrite all stored passwords within the database, or elevate their privileges within the application," Swiss cybersecurity firm modzero AG said in a report published this week.
Cybersecurity researchers have detailed two security flaws in the JavaScript-based blogging platform known as Ghost, one of which could be abused to elevate privileges via specially crafted HTTP requests. Tracked as CVE-2022-41654, the authentication bypass vulnerability that allows unprivileged users to make unauthorized modifications to newsletter settings.
A decentralized work environment makes it easier for criminals to target employees through private social channels, as the employee does not feel that they are being watched as closely as they would in a busy office setting. Not every employee affected by a restructuring suddenly becomes a bad guy, but security leaders should work with Human Resources or People Operations and people managers to make them aware of this type of criminal scheme, so that they can take the necessary steps to offer support to employees who could be affected by such organizational or personal matters.