Google paid a record $8.7 million to Bug Hunters in 2021.

Views expressed in this cybersecurity-cybercrime update are those of the reporters and correspondents.

Accessed on 12 February 2022, 2146 UTC.

Content provided by “DarkReading.com.”

Source:  https://www.darkreading.com/

Please click link or scroll down to read your selections.


Latest News

DDoS Attacks on a Tear in Q4 2021

New data from Kaspersky shows distributed denial-of-service attacks increased by more than 50% in the fourth quarter of last year compared with the third quarter.


Google Paid Record $8.7 Million to Bug Hunters in 2021

Company’s Chrome and Android technologies continued to be target-rich environments for security researchers from around the world.



Credential-Stuffing Attacks on Remote Windows Systems Took Off in 2021

Password-guessing became last year’s weapon of choice, as attackers attempted to brute-force vulnerable Remote Desktop Protocol (RDP) servers, SQL databases, and SMB file shares.


Apple Releases Security Update for Webkit Flaw

A Webkit use-after-free vulnerability in iOS, iPadOS, Monterey, and Safari may already have been exploited, Apple said in a security advisory issued today.


Experts: Several CVEs From Microsoft’s February Security Update Require Prompt Attention

Microsoft’s release of relatively sparse vulnerability information makes it difficult for organizations to prioritize mitigation efforts, security experts say.


Linux Malware on the Rise

Ransomware, cryptojacking, and a cracked version of the penetration-testing tool Cobalt Strike have increasingly targeted Linux in multicloud infrastructure, report states.


Microsoft Issues 51 CVEs for Patch Tuesday, None ‘Critical’

One publicly known flaw — an elevation-of-privilege bug in Windows Kernel — was included in the patches.


Google Cuts User Account Compromises in Half With Simple Change

The online tech giant auto-enabled two-step verification for more than 150 million users, throwing up steep hurdles against scammers and attackers.


Latest Commentary

What CISOs Should Tell the Board About Log4j

It’s time for a reset with the board of directors. Very few have a dedicated, board-level cybersecurity committee, which means cybersecurity isn’t viewed as a critical executive function.

Feb 11, 2022


Data Transparency Hasn’t Made Us Safer Yet. Can It Uncover Breach Causality?

Advanced machine learning models within an XDR framework could uncover what actually causes breaches, but first we need better data transparency.

Feb 10, 2022



Log4j and the Role of SBOMs in Reducing Software Security Risk

Enterprises are spending a pittance on securing their software supply chain, which makes COTS software dangerous — vulnerabilities can be “hidden” in open source components.

Feb 09, 2022


Cyber Terrorism Is a Growing Threat & Governments Must Take Action

With its benefits of deniability, relatively low costs, and the ability to attack from anywhere, cyber terrorism will increasingly threaten civilians everywhere.

Feb 08, 2022


Salesforce DevOps Needs Guardrails

Some companies go too fast when it comes to SaaS, DevOps, and security, but smart developers and implementers will respect some basic guidelines to keep their product safe.

Feb 08, 2022



Cybersecurity In-Depth

Go to The Edge

BlackBerry Seeks to Restore Its Past Glory With Services Push
Selling security software might prove easier than selling phones, but can BlackBerry outsmart its competition?
Retailers’ Offboarding Procedures Leave Potential Risks
IT teams need to consider unforeseen threats to avoid violating privacy regulations and supplier contracts.
Bot Marketplaces as a Source of Future Data Breaches
Of the four bot marketplaces Cognyte analyzed, the Russian Market is the most dominant, but the others are all active, updated daily, and well-known, too.

Tech News and Analysis

Go to DR Tech

Defense Contractors Need to Check Their Six
Companies overall met government standards, but poor credential management left vulnerabilities.
Putting AI to Practical Use in Cybersecurity
Almost every cybersecurity product has an AI component. Here is where it’s working in the real world.
Big Pharma Finds Patch Management a Bitter Pill
One-quarter of pharmaceutical manufacturers received a failing grade on patch management, which is a vital step in heading off ransomware attacks.
—–

For the latest cybersecurity news and information, please check the blog sidebar, links, and twitter posts.  Thanks for joining us today.

Russ Roberts

https://atomic-temporary-195915488.wpcomstaging.com

https://paper.i/RussellRoberts (machine learning, artificial intelligence, IoT, and information security).