Here are today’s top cybersecurity-cybercrime stories compiled by “DarkReading.com.”

Views expressed in this cybersecurity update are those of the reporters and correspondents.

Accessed on 30 January 2022, 1305 UTC.

Content supplied by “DarkReading.com.”

Source:  https://www.darkreading.com/

Please click link or scroll down to read your selections.


Latest News

More Security Flaws Found in Apple’s OS Technologies

Apple’s updates this week included fixes for two zero-day flaws, several code execution bugs, and vulnerabilities that allowed attackers to bypass its core security protections.


Phishing Simulation Study Shows Why These Attacks Remain Pervasive

Email purportedly from human resources convinced more than one-fifth of recipients to click, the majority of whom did so within an hour of receiving the fraudulent message.



With Cloud the Norm, Insiders Are Everywhere — and Pose Greater Risk

After companies accelerated their adoption of cloud infrastructure, remote workers are now insiders and pose significant risks, and costs, to companies.


JFrog’s New Tools Flag Malicious JavaScript Packages

The three open source tools flag malicious JavaScript packages before they are downloaded and installed from the npm package manager.


Millions of Routers, IoT Devices at Risk as Malware Source Code Surfaces on GitHub

“BotenaGo” contains exploits for more than 30 vulnerabilities in multiple vendor products and is being used to spread Mirai botnet malware, security vendor says.


OMB Issues Zero-Trust Strategy for Federal Agencies

Federal officials tout the strategy as a more proactive approach to securing government networks.


Experts Urge Firms to Patch Trivial-to-Exploit Flaw in Linux PolicyKit

The memory corruption vulnerability in a policy component installed by default on most Linux distributions allows any user to become root. Researchers have already reproduced the exploit.


VPNLab.net Shuttered in Latest Spate of Global Takedowns

Europol and 10 nations seized servers and disconnected the anonymous network allegedly used by many cybercriminals in the latest effort to hobble cybercrime groups.


Latest Commentary

Navigating Nobelium: Lessons From Cloud Hopper & NotPetya

Nearly every organization should assume that it is at risk, but there are ways of countering the tactics used by advanced persistent threats.

Jan 28, 2022


IFSEC Seeks Security Pros for New Survey on Physical Access Control

Take part in an IFSEC Global survey to better understand the state of access control in 2022.

Jan 27, 2022



Log4j Proved Public Disclosure Still Helps Attackers

Disclosure also puts organizations in the awkward position of trying to mitigate a vulnerability without something like a vendor patch to do the job.

Jan 27, 2022


Cybersecurity Is Broken: How We Got Here & How to Start Fixing It

It’s not just your imagination — malicious threats have exponentially increased organizational risk.

Jan 26, 2022


Why It’s Time to Rethink Incident Response

The incident response landscape has changed drastically, largely from shifting attitudes among insurance companies and, to some extent, business customers feeling the pain of security incidents.

Jan 26, 2022



Cybersecurity In-Depth

Go to The Edge

The Looming CISO Mental Health Crisis — and What to Do About It, Part 1
The next big threat to corporate security may not be a new strain of malware or innovative attacker tactics, techniques, and processes. It may be our own mental health.
Security Service Edge: 4 Core Tenets for Your SASE Journey
Historically we’ve held network conversations to address security problems, but that doesn’t work in a cloud-based world.
IT Pros May Use Cloud, But They Trust On-Prem More
While opinions about the trustworthiness of the cloud are split, everyone believes that’s where hackers will focus their efforts.

Tech News and Analysis

Go to DR Tech

JFrog’s New Tools Flag Malicious JavaScript Packages
The three open source tools flag malicious JavaScript packages before they are downloaded and installed from the npm package manager.
The Case for Backing Up Source Code
As enterprise data security concerns grow, security experts urge businesses to back up their GitLab, GitHub, and BitBucket repositories.
Automating Response Is a Marathon, Not a Sprint
Organizations should balance process automation and human interaction to meet their unique security requirements.
—–

For the latest cybersecurity news and information, please check the blog sidebar, links, and twitter posts.

Thanks for joining us today.

Russ Roberts (https://atomic-temporary-195915488.wpcomstaging.com).