Chronicle’s VirusTotal (VT) is a boon to security researchers and a gift to potential criminals. Apart from virus samples it contains likely millions of user credentials readily available to anyone who knows where and how to look.This is the finding of SafeBreach researchers who wanted to see if VT’s advanced search capabilities could provide a supercharged

Many organizations have cloud security on their minds going into 2022. In April 2021, for instance, Gartner predicted that global end-user spending on cloud management and security services would reach $18 million the following year. That’s a growth of 30% over the previous two years.  The forecasts discussed above raise an important question. Wh

Researchers at cloud security startup Orca Security have publicly documented a pair of vulnerabilities in AWS CloudFormation and AWS Glue that attackers could use to leak sensitive files or access other customers’ data.The first of the security flaws is described as an XML External Entity (XXE) error that could have been exploited to leak sensitive file

Federal Communications Commission (FCC) chairwoman Jessica Rosenworcel this week proposed updated policies around telecom providers’ reporting of data breaches.The Notice of Proposed Rulemaking (NPRM) shared by Rosenworcel within the FCC seeks to strengthen rules for notifying customers affected by a data breach and federal law enforcement.Per the updated ru

Today, digital transformation (DX) is happening in every industry. Organizations operating in sectors that typically eschew technology are moving to the cloud, leveraging IoT and using analytics. Digital transformation plays a critical role for any company to stay competitive and resilient. But what does digital transformation look like for most companies,

Apple has released an iOS security update with a fix for a persistent denial-of-service flaw in the HomeKit software framework but only after an independent researcher publicly criticized the company for ignoring his discovery.The iOS 15.2.1 patch, available for all supported iPhones and iPads, is described simply as a “resource exhaustion issue” that causes

Mozilla has released Firefox 96 with patches for 18 security vulnerabilities affecting its flagship web browser and the Thunderbird mail program.Of the newly patched security flaws, nine are rated high-severity while six carry a "medium-severity" rating.The most important of these issues is CVE-2022-22746, a race condition leading to the bypass of full-scree

As if chief information security officers (CISOs) did not have enough to deal with, add one more issue to their plates: information warfare. These operations now target private and non-governmental entities almost as often as they involve world powers. That’s why it’s more important than ever to know the difference between misinformation and dis

Microsoft’s first batch of patches for 2022 is a big one: 97 documented security flaws in the Windows ecosystem, some serious enough to cause remote code execution attacks.The January security updates from Redmond cover security defects in a wide range of default Windows OS components, including a critical flaw in the HTTP Protocol Stack (http.sys) that Micr

Celebrated cryptographer Moxie Marlinspike is stepping down as chief executive at Signal, temporarily turning the reins of the popular encrypted messaging platform to WhatsApp co-founder Brian Acton.Marlinspike, who created Signal and led its growth into becoming a must-use encrypted messaging app, said Signal would begin the search for a new chief executive

Research shows the “Great Resignation” phenomenon is accompanied by a “Great Exfiltration” as people leave their jobs and take company data with themAs business has moved to the cloud, so has crime. Cloud apps are now the primary source of malware downloads. In 2020, 46% of malware came from the cloud. This rose to 66% in Q4 2021 (peaking at 73% during the y

The Apache Software Foundation (ASF) is calling out for-profit companies leeching on open-source code, warning that “only a tiny percentage” of downstream vendors are contributing to securing the open-source ecosystem.“[The] community is defined by those who show up and do the work. Companies that build open source into their products rarely participate in t

The risk posture of small and medium-sized businesses has changed a lot over the last few years. Bluntly: small businesses inherited a series of digital risks. Many of these risks, such as supply chain and cloud-related risks, can wound and devastate a small business. Meanwhile, the enterprise, armed with more resources, could sustain the shock. When, and h

Threat hunters in the U.K.’s National Health Service have raised an alarm for an unknown threat actor hitting vulnerable VMWare Horizon servers with exploits for the ubiquitous Log4j security flaw.The warning comes almost exactly one month after the first disclosure of a Log4j remote code execution vulnerability that threatens major damage on the internet an

Switzerland's army has banned the use of WhatsApp whilst on duty, a spokesman confirmed Thursday, in favour of a Swiss messaging service deemed more secure in terms of data protection.The ban also applies to using other messaging apps like Signal and Telegram on soldiers' private phones during service operations.At the end of December, commanders and chiefs