Security News

ShiftLeft released its second annual AppSec Progress Report documenting critical trends in application security and how organizations are shifting security left to deal with the ever-rising volume of attacks and disclosed vulnerabilities. By identifying and prioritizing OSS vulns that are actually attackable, AppSec teams and developers fix what matters, ship code faster and actually improve security with fewer, better fixes.

In the traditional vulnerability management process, the definition of a vulnerability is straightforward, "A CVE or a Software Vulnerability." CVEs are important to be managed; however, it is not sufficient to deal with the complex attack surface. Advanced Vulnerability Management provides a broader approach to vulnerabilities and addresses different security risks in the IT vulnerability landscape.

An ongoing outage affects multiple Microsoft 365 services, with customers worldwide reporting delays, sign-in failures, and issues accessing their accounts. The affected services include the Exchange Online hosted email platform for businesses and the Microsoft Teams communication platform, as well as SharePoint Online, the Graph API, and Universal Print.

Simply put: XDR extends visibility across the environment and exposes threats that could be easily overlooked when relying on point security solutions. This new approach to cybersecurity often comes at a cost and requires resources and headcount that small security teams can't afford.

A newcomer on the ransomware scene has coopted a 14-year-old malware variant to help it maintain persistence on a targeted network in a recent attack, researchers have found. Black Basta, a ransomware group that emerged in April, leveraged Qbot,, to move laterally on a compromised network, researchers from security consulting firm NCC Group wrote in a blog post published this week.

During the first day of Pwn2Own Vancouver 2022, contestants won $800,000 after successfully exploiting 16 zero-day bugs to hack multiple products, including Microsoft's Windows 11 operating system and the Teams communication platform. The first to fall was Microsoft Teams in the enterprise communications category after Hector Peralta exploited an improper configuration flaw.

According to a Splashtop's report, that has come at a cost as 65% of IT help desk teams throughout the U.S are reporting an increase in the number of team members reporting unsustainable levels of stress. "With many employees working remotely on a regular basis, IT and help desk staff face higher ticket volumes, more diverse set of devices to support, and greater security challenges," said Philip Sheu, CTO at Splashtop.

Calling TA410 an umbrella group comprised of three teams dubbed FlowingFrog, LookingFrog and JollyFrog, Slovak cybersecurity firm ESET assessed that "These subgroups operate somewhat independently, but that they may share intelligence requirements, an access team that runs their spear-phishing campaigns, and also the team that deploys network infrastructure." TA410 - said to share behavioral and tooling overlaps with APT10 - has a history of targeting U.S-based organizations in the utilities sector as well as diplomatic entities in the Middle East and Africa.

As security professionals, we aren't known for our levity. Why do many employees dislike their colleagues in the cybersecurity function? Because the first and often only experience of interacting with security is being told they're doing something wrong, and that it will take extra work to resolve.

This comprehensive study of nearly 700 technologists, now in its fourth year, explored the most urgent challenges development teams face when building applications with open source. It also reveals new insights into how confident technologists are in their organizations' current open source management practices, and in the open source components and languages they use more generally.