The official app for Beijing 2022 Winter Olympics, 'My 2022,' was found to be insecure when it comes to protecting the sensitive data of its users.Most importantly, the app's encryption system carries a significant flaw that enables middle-men to access documents, audio, and files in cleartext form.'My 2022' is also subject to censorship based on a list of k

A new ransomware family called 'White Rabbit' appeared in the wild recently, and according to recent research findings, could be a side-operation of the FIN8 hacking group.FIN8 is a financially motivated actor who has been spotted targeting financial organizations for several years, primarily by deploying POS malware that can steal credit card details.A simp

Law enforcement authorities from 10 countries took down VPNLab.net, a VPN service provider used by ransomware operators and malware actors.The disruptive joint action was coordinated by Europol and took place on January 17, 2022. It involved simultaneous law enforcement actions in Germany, the Netherlands, Canada, the Czech Republic, France, H

Many organizations have cloud security on their minds going into 2022. In April 2021, for instance, Gartner predicted that global end-user spending on cloud management and security services would reach $18 million the following year. That’s a growth of 30% over the previous two years.  The forecasts discussed above raise an important question. Wh

Despite the current ‘buzz’ cliché phrase that ‘security is top of mind’ with business leadership, a new report from the World Economic Forum (WEF) highlights the continuing gap between business and security leaders.The report, WEF’s Global Cybersecurity Outlook 2022, was described to SecurityWeek as “the launch of our flagship report that we are planning to

It’s tempting to view cybersecurity through the lens that new and better technology will knock down threats and deliver all the protection an organization needs. While the right tools, applications and systems are essential, the problem for most organizations is managing a security framework. Currently, nearly 600,000 cybersecurity positions remain unfi

The supply chain is under a historic amount of pressure, but the strain on its cybersecurity and risk management may be in even worse condition. As 2021 draws to a close, the global supply chain is in a state comparable to rush-hour traffic in bad weather. Everything seems to be backed up whether due to supply and demand issues, wait times at shipping ports,

The pre-release announcement for Critical Patch Update (CPU) for January 2022 states that Oracle will fix 483 new flaws. This pre-release announcement for Critical Patch Update (CPU) for January 2022 confirms that Oracle security updates will address 483 new security patches. The Critical Patch Update for January will be released on Tuesday, January 18, 2

The maintainers of a "disposable email service" blocklist have decided to add Firefox Relay to the list, leaving many users of the service upset.Firefox Relay is a privacy-centric email service that enables users to protect their real email addresses and hence limit spam.Firefox Relay to go into disposable email blocklistLaunched in November 2021, Firefox Re

Microsoft Edge has added a new feature to the Beta channel that will mitigate future in-the-wild exploitation of unknown zero-day vulnerabilities.The new capability is part of a new browsing mode designed to focus on the Microsoft Edge's security while navigating the web."This feature is a huge step forward because it lets us mitigate unforeseen active zero

Zoho addressed a new critical severity flaw (CVE-2021-44757) that affects its Desktop Central and Desktop Central MSP unified endpoint management (UEM) solutions Zoho fixed a new critical severity flaw, tracked as CVE-2021-44757, that affects its Desktop Central and Desktop Central MSP unified endpoint management (UEM) solutions. The issue is an authe

A large-scale cyber-espionage campaign targeting primarily renewable energy and industrial technology organizations have been discovered to be active since at least 2019, targeting over fifteen entities worldwide.The campaign was discovered by security researcher William Thomas, a Curated Intelligence trust group member, who employed OSINT (open-source

Nintendo has warned customers of multiple sites impersonating the Japanese video game company's official website and pretending to sell Nintendo Switch consoles at significant discounts.This rare warning was issued last week via the gaming multinational's corporate site, which also hints at the severity of the issue."We have confirmed the existence of a fake

DHL was the most imitated brand in phishing campaigns throughout Q4 2021, pushing Microsoft to second place, and Google to fourth.This isn't surprising considering that the final quarter of every year includes the Black Friday, Cyber Monday, and Christmas shopping season, so phishing lures based on package deliveries naturally increase.DHL is an internationa

Zoho has addressed a new critical severity vulnerability that affects the company's Desktop Central and Desktop Central MSP unified endpoint management (UEM) solutionsManageEngine Desktop Central is an endpoint management platform that allows admins to deploy patches and software over the network and troubleshoot them remotely.Zoho has fixed the security fla