Security News

Patching security vulnerabilities should be a straightforward process. A report released Monday, August 8, by security firm Rezillion looks at how older vulnerabilities patched by the vendor still pose risks to organizations.

In Q1 of 2022, fintech companies experienced 2.5 times more attacks than in the two previous years. The growing rate of cybercrime has added to the market unrest and questioned fintech preparedness; some claimed that the industry players are more susceptible to virtual threats than traditional banking, with greater resources at their disposal.

A new report from Osterman Research codifies the increasing dependence of businesses upon their mobile apps, and reveals a jarring disconnect between the strategic importance of apps versus the level of focus and resources applied to protect organizational apps against runtime threats. This Help Net Security video reveals how run-time security threats against mobile apps and APIs continue to inflict damage on organizations.

Microsoft says it will give enterprise security operation centers broader access to the massive amount of threat intelligence it collects every day.Both services - Defender Threat Intelligence and Defender External Attack Surface Management - use technologies that Microsoft inherited when it bought cybersecurity company RiskIQ for $500 million in 2021.

Miscreants making use of typosquatting are being spotted by researchers at Sonatype, emphasizing the need to check that the package is really the one you meant to download. The latest packages detected use variations of the spelling of "Requests", a hugely popular HTTP library available via PyPI. Of the project, the description notes: "Requests is one of the most downloaded Python packages today, pulling in around 30M downloads / week - according to GitHub. Requests is currently depended upon by 1,000,000+ repositories." Focusing on the requesys package, researchers found scripts that would stomp over Windows user's folders and begin encrypting files.

Cyber executives may not be sufficiently prioritizing threats from vulnerabilities within the value chain, beyond the immediate boundaries of their own organizations, according to Tata Consultancy Services. This Help Net Security video highlights how confident executives are about their cyber strategy.

Threat actors are finding their way around Microsoft's default blocking of macros in its Office suite, using alternative files to host malicious payloads now that a primary channel for threat delivery is being cut off, researchers have found. The beginning of the decrease coincided with Microsoft's plan to start blocking XL4 macros by default for Excel users, followed up with the blocking of VBA macros by default across the Office suite this year.

A worrying 73.48% of organizations feel they have wasted the majority of their cybersecurity budget on failing to remediate threats, despite having an over-abundance of security tools at their disposal, according to Gurucul. Only 25% of organizations consider their biggest threat to be from inside the business, despite insider threats increasing by 47% over the past two years.

SonicWall has published its latest threat report, showing a drop in ransomware but an increase in malware attacks in the first half of 2022. In an interview with The Register, SonicWall CEO Bill Conner noted that factors including the Russia and Ukraine conflict as well as the activities of law enforcement agencies had at least partially caused the drop but warned: "I think in the next six to 12 months you're going to see ransomware come back strong as the state of affairs settle into whatever this new norm is."

A new report from Osterman Research codifies the increasing dependence of businesses upon their mobile apps, and reveals a jarring disconnect between the strategic importance of apps versus the level of focus and resources applied to protect organizational apps against runtime threats. Poor visibility into security threats against mobile apps.