Security News

Offensive Security has released Kali Linux 2022.1, the latest version of its popular open source penetration testing platform. Visually refreshed and with improved usability for visually impaired users, it comes also with a new "Kali-linux-everything" image, wider compatibility for Kali's SSH client, and new tools.

Kali Everything Image - An all-packages-in-one solution now available to download. Kali-Tweaks Meets SSH - Connect to old SSH servers using legacy SSH protocols and ciphers. As the first version of the new year, the Kali Team has performed a visual refresh adding new backgrounds for the desktop, login, and boot displays, and a new installer theme.

5 services and tools helping companies with digital safety. As more companies and people use different digital platforms to advertise and promote their products and services, online integrity and safety are rapidly becoming a priority topic of concern.

Microsoft 365 has all the tools you need to run your organization in the cloud, from personal productivity to group collaboration, to advanced analytics and security management. While it does include compliance and policy tools, it doesn't claim to offer a full set of data recovery tools.

Toronto-based Citizen Lab has warned that an app required by Beijing law to attend the 2022 Olympics contains vulnerabilities that can leak calls and data to malicious users, as well as the potential to subject the user to scanning for censored keywords. The playbooks [PDF], which are documents that serve as info guides for Olympics-goers, instruct international visitors to download the app and use it to monitor health for 14 days prior to their departure for China.

As more companies focus on digital adoption goals in 2022, finding security tools to detect malicious activity is top-of-mind for executives. As cybercrime is set to cost the world 10.5 trillion dollars annually by 2025, IT executives and their teams will need to make policy changes, step up security training and use cybersecurity tools such as these to manage digital security in 2022 - and beyond.

Cyber criminals, under the moniker Aquatic Panda, are the latest advanced persistent threat group to exploit the Log4Shell vulnerability. Researchers from CrowdStrike Falcon OverWatch recently disrupted the threat actors using Log4Shell exploit tools on a vulnerable VMware installation during an attack that involved of a large undisclosed academic institution, according to research released Wednesday.

A new study showed that two-thirds of organizations are currently spending $100,000 or more annually on observability tools, with 38% spending $300,000 or more annually. Despite these investments, 75% of companies are still struggling to achieve true observability, according to LogDNA. While many organizations have four or more tools in their arsenal, they're often dissatisfied; in fact, more than half are unable to implement the tools they want because of vendor lock-in.

In recent attacks, the AvosLocker ransomware gang has started focusing on disabling endpoint security solutions that stand in their way by rebooting compromised systems into Windows Safe Mode. This tactic makes it easier to encrypt victims' files since most security solutions will be automatically disabled after Windows devices boot in Safe Mode.

Among all of the attacks aimed at rank-and-file users, there's one that stands out - the tech support scam. Tech support scams happen when people receive a message - either through a popup on their screen or an unsolicited phone call - insisting that something's wrong with their computer and needs fixing.