The threat associated with nation-state-backed hacking groups has been well-researched and chronicled in recent times, but there’s another, equally dangerous set of adversaries that’s operated comparatively in the shadows for years. These are hack-for-hire groups that specialize in breaking into systems and stealing email and other data as a service. Their clients can be private…

RSA CONFERENCE 2022 – If cloud services weren’t complicated enough for the typical business today to properly configure and secure, there’s also a lesser-known layer of middleware that cloud providers run that can harbor hidden security flaws. Researchers from Wiz.io last week at RSA Conference in San Francisco unveiled an open source, cloud middleware database…

At a time when there countless unfulfilled cybersecurity positions worldwide, too many companies overlook neurodiverse candidates in their hiring processes. This a huge mistake as people with autism, dyslexia, and other conditions often possess skills that are well suited for cybersecurity work. Those skills include the ability to concentrate, a capacity for recognizing anomalies, and…

Some major tech companies have unwittingly opened harassment and exploitation opportunities to the women and children who they have pledged to protect. This happened because they provided information in response to emergency data requests from legitimate law enforcement accounts that hackers had compromised. This finding came from four federal law enforcement agencies and a couple…

Tracked as CVE-2022-1364 and considered “high severity,” the exploited security hole is described as a type confusion in the V8 JavaScript and WebAssembly engine. Attacks targeting type confusion bugs in Chrome’s V8 engine may lead to arbitrary code execution. All Chromium-based browsers are impacted. “Google is aware that an exploit for CVE-2022-1364 exists in the…

More than half of the world’s websites use Google Analytics to help their owners understand the behavior of users. The software, which deploys cookies to track user behavior, costs nothing in cash terms — though the vast trove of data helps to fuel Google’s massive profits. However, in 2020 the framework overseeing how personal data…

The critical flaw, tracked as CVE-2022-0971, has been described as a use-after-free issue affecting the Blink Layout component. Sergei Glazunov of Google Project Zero has been credited for reporting the flaw. Google doesn’t often assign a “critical severity” rating to Chrome vulnerabilities. In fact, over the past year, only four other Chrome updates fixed a…

Multifactor authentication (MFA) became mainstream in 2021. Google began pushing to make MFA its default for all users. The Biden administration even required all federal agencies and contractors to implement MFA in its Executive Order on Improving the Nation’s Cybersecurity. MFA adds in extra layers of verifying a user’s identity so that attackers cannot compromise…