Month: May 2022

Vulnerabilities

Issued by: Dark Reading

CyberCatch today announced the publication of its quarterly Small and Medium-Sized Businesses Vulnerabilities Report (SMBVR) for Q1 2022 to alert small and medium-sized businesses (SMBs) to an alarming rise in vulnerabilities detected in Internet-facing websites, servers and applications. Of greatest concern, CyberCatch’s SMBVR has detected – for the first time in the report’s history —…

Mobile Security

Issued by: Security Week

According to an advisory released Friday by the Microsoft 365 Defender Research Team, a total of four documented vulnerabilities were found – and fixed – in a mobile framework owned by mce Systems, an Israeli company that provides software to mobile carriers. “Coupled with the extensive system privileges that pre-installed apps have, these vulnerabilities could…

Vulnerabilities

Issued by: Security Week

The vulnerability, tracked as CVE-2022-22972, affects VMware Workspace ONE Access, Identity Manager and vRealize Automation. It allows a malicious actor who has network access to the UI to bypass authentication. Shortly after VMware released patches, the US Cybersecurity and Infrastructure Security Agency (CISA) warned that threat actors would “quickly develop a capability to exploit CVE-2022-22972,”…

Malware & Threats

Issued by: Dark Reading

Ransomware incidents are on the rise and this week proved no exception, with the discovery of a Linux-based ransomware family called Cheerscrypt targeting VMware ESXi servers and an attack on SpiceJet, India’s second largest airline. Meanwhile, an oddball “GoodWill” variant purports to help the needy. The Cheerscrypt ransomware variant was uncovered by Trend Micro and…

Application Security

Issued by: Dark Reading

The Federal Trade Commission (FTC) has issued a $150 million fine against Twitter for misrepresenting its security and privacy practices. The FTC, in cooperation with the Department of Justice (DoJ), says that Twitter has been using the email addresses and phone numbers it collects from users to enable two-factor authentication to serve targeted advertising. In…

Application Security

Issued by: Security Week

High profile supply chain attacks like SolarWinds, Kaseya, Codecov, ua-parser-js and Log4j have put pressure on companies and governments to address the risks associated with open source and other software supply chain risks. President Biden’s May 2021 Executive Order includes supply chain attacks as an area of concern. More recently, on January 13, 2022, a…

Network Security

Issued by: Security Week

At a time when there countless unfulfilled cybersecurity positions worldwide, too many companies overlook neurodiverse candidates in their hiring processes. This a huge mistake as people with autism, dyslexia, and other conditions often possess skills that are well suited for cybersecurity work. Those skills include the ability to concentrate, a capacity for recognizing anomalies, and…

Software Security

Issued by: Dark Reading

Netskope, the leader in Security Service Edge (SSE) and zero trust, today announced a key expansion of data protection capabilities to endpoint devices and private apps. The introduction of a patented endpoint data loss prevention (DLP) solution will enable Netskope Intelligent SSE customers to protect data everywhere it moves across the hybrid enterprise. Zero trust…