Week in review: Macro-less Office documents zero-day bug, FluBot takedown, growing DDoS threats

OPIS

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Zero-day bug exploited by attackers via macro-less Office documents (CVE-2022-30190)
A newly numbered Windows zero-day vulnerability (CVE-2022-30190) is being exploited in the wild via specially crafted Office documents (without macros), security researchers are warning. And a variety of attackers have started leveraging it.

FluBot takedown: Law enforcement takes control of Android spyware’s infrastructure
An international law enforcement operation involving 11 countries has disrupted the spreading of the FluBot Android malware, which spreads via SMS and MMS and steals sensitive information – passwords, online banking details, etc. – from infected smartphones.

Microsoft Office apps are vulnerable to IDN homograph attacks
Microsoft Office apps – including Outlook – are vulnerable to homograph attacks based on internationalized domain names (IDNs).

Unpatched Atlassian Confluence zero-day exploited, fix expected today (CVE-2022-26134)
A critical zero-day vulnerability (CVE-2022-26134) in Atlassian Confluence Data Center and Server is under active exploitation, the software maker has warned on Thursday.

Zero-trust-washing: Why zero trust architecture is the framework to follow
Have we got to the point where the term “zero trust” is being misused or misrepresented by some vendors as they look to capitalize on its momentum in the market?

DDoS threats growing in sophistication, size, and frequency
Corero Network Security has published the latest edition of its annual DDoS Threat Intelligence Report that compiles the trends, observations, predictions, and recommendations based on DDoS attacks against Corero customers during 2021.

Paving your path to SASE: 4 tips for achieving connectivity and security
As the number of distributed workers continues to skyrocket, the quantity of new devices linking to company networks follows. Consequently, IT teams cannot effectively combat all their Internet connectivity and security challenges.

$39.5 billion lost to phone scams in last year
Truecaller announced a research conducted in partnership with The Harris Poll in March of 2022, and the findings detail trends/insights on the impact of spam and phone scams that have increasingly permeated the U.S. over the last 12 months.

How to support women in cybersecurity
The problem of not enough cybersecurity professionals is exacerbated by a lack of diversity in the sector. There is a disproportionately low ratio of women to men within the entire technology industry.

57% of all digital crimes in 2021 were scams
Group-IB shares its analysis of the landscape of the most widespread cyber threat in the world: scams. Accounting for 57% of all financially motivated cybercrime, the scam industry is becoming more structured and involves more and more parties divided into hierarchical groups.

Concentric’s AI technologies simplify and automate data security
In this video for Help Net Security, Karthik Krishnan, CEO at Concentric AI, talks about how they provide agentless connectivity to a wide variety of data repositories so you can govern access to your data wherever it resides. They process both structured and unstructured data in the cloud or on-premises.

There is no good digital transformation without cybersecurity
Network engineers and CIOs agree that cybersecurity issues represent the biggest risk for organizations that fail to put networks at the heart of digital transformation plans.

Future proofing: How companies can upgrade cyber defenses and be ready for tomorrow
In this video for Help Net Security, Jaspal Sawhney, Global CISO at Tata Communications, talks about future proofing, which starts with fostering a culture of security – ensuring that everyone in the company is doing their part to protect themselves and the organization.

Moving toward a more adaptable and tech-driven compliance function
A growing global regulatory focus on consumer privacy and data protection, along with new sustainability measurement and reporting laws is furthering the importance of compliance in supporting operational and environmental resilience.

How cybercriminals are targeting executives at home and their families
In this video for Help Net Security, Chris Pierson, CEO at BlackCloak, shares on these issues and emerging areas of risk for executives.

Autonomous vehicles can be tricked into erratic driving behavior
When a driverless car is in motion, one faulty decision by its collision-avoidance system can lead to disaster, but researchers at the University of California, Irvine have identified another possible risk: Autonomous vehicles can be tricked into an abrupt halt or other undesired driving behavior by the placement of an ordinary object on the side of the road.

The cyber posture of the U.S. Federal Government
In this video for Help Net Security, Bob Maley, CSO of Black Kite, talks about the risk susceptibility of U.S. defense contractors and how the federal sector is under constant threat of cyberattack.

Contactless is reigning: Consumers can’t even remember their PIN
Marqeta has released its 2022 State of Consumer Money Movement report looking at consumer payment, banking and shopping preferences, showing digital adoption is on the rise.

A closer look at the 2022 Microsoft Vulnerabilities Report
In this video for Help Net Security, Morey Haber, Chief Strategy Officer at Beyond Trust, talks about this report, which analyzes data from security bulletins publicly issued by Microsoft throughout the previous year.

Ransomware attacks still the #1 threat to businesses and organizations
In this video for Help Net Security, Victoria Kivilevich, Director of Threat Intelligence at KELA, talks about the Annual Cybercrime Intelligence report dedicated to ransomware trends.

Vishing attacks: What they are and how organizations can protect themselves
In this video for Help Net Security, Eric George, Director of Solutions Engineering, PhishLabs, talks about this constantly evolving threat.

Why are many businesses still not using a password manager?
In this video for Help Net Security, Hemant Kumar, CEO at Enpass, discusses why many businesses are still not using a password manager, the types of password management solutions that are available today, and how they address different business needs.

HP Wolf Security: A new breed of endpoint protection
Millions of employees are now working from home or in a hybrid setting. Unfortunately for cybersecurity, hackers aren’t confined to office walls. It’s time for your security to work from home, too. HP Wolf offers a new breed of endpoint protection.

Infosec products of the month: May 2022
Here’s a look at the most interesting products from the past month, featuring releases from: AuditBoard, BIO-key, Cohesity, Corelight, Data Theorem, Deepfence, ForgeRock, Fortinet, Hunters, Enpass, iDenfy, Kasten by Veeam, Kingston Digital, Microsoft, N-able, Nasuni, Netenrich, Orca Security, PIXM, Qualys, SafeGuard Cyber, SecureAge, Skybox Security, Sonatype, Trusona, and Uptycs.

New infosec products of the week: June 3, 2022
Here’s a look at the most interesting products from the past week, featuring releases from ESET, Kingston Digital, SecureAuth, SecurityMetrics, Semperis, and Traceable AI.




Share this