This Week in Security News – January 21, 2022

Credit to Author: Jon Clay| Date: Fri, 21 Jan 2022 00:00:00 +0000

 This week, read about various cybersecurity threats that affect industrial control and the Cybersecurity and Infrastructure Security Agency (CISA)’s latest cyberattack warnings.

Read more

Working in 5 Different Positions in the Global Supply Chain

Credit to Author: Employee Voices| Date: Fri, 21 Jan 2022 14:00:43 +0000

First-ever job experience as a purchasing intern I was in my eighth out of nine semesters in college when I applied to Schneider Electric’s internship program in the purchasing department… Read more »

The post Working in 5 Different Positions in the Global Supply Chain appeared first on Schneider Electric Blog.

Read more

Crime Shop Sells Hacked Logins to Other Crime Shops

Credit to Author: BrianKrebs| Date: Fri, 21 Jan 2022 17:11:36 +0000

Up for the “Most Meta Cybercrime Offering” award this year is Accountz Club, a new cybercrime store that sells access to purloined accounts at services built for cybercriminals, including shops peddling stolen payment cards and identities, spamming tools, email and phone bombing services, and those selling authentication cookies for a slew of popular websites.

Read more

Celebrating 20 Years of Trustworthy Computing

Credit to Author: Lauren Goodwin| Date: Fri, 21 Jan 2022 17:00:00 +0000

20 years ago this week, Bill Gates sent a now-famous email to all Microsoft employees announcing the creation of the Trustworthy Computing (TwC) initiative. The initiative was intended to put customer security, and ultimately customer trust, at the forefront for all Microsoft employees.

The post Celebrating 20 Years of Trustworthy Computing appeared first on Microsoft Security Blog.

Read more

CISA calls for urgent action against critical threats

Credit to Author: Pieter Arntz| Date: Fri, 21 Jan 2022 13:02:47 +0000

CISA warns that every organization in the United States is at risk from cyberthreats that could disrupt essential services.

Categories: Reports


(Read more…)

The post CISA calls for urgent action against critical threats appeared first on Malwarebytes Labs.

Read more

Codex Exposed: Task Automation and Response Consistency

Credit to Author: Forward-Looking Threat Research Team| Date: Fri, 21 Jan 2022 00:00:00 +0000

Being able to automate tasks or programmatically execute them unsupervised is an essential part of both regular and malicious computer usage, so we wondered if a tool like Codex was reliable enough to be scripted and left to run unsupervised, generating the required code.

Read more

Emotet Spam Abuses Unconventional IP Address Formats to Spread Malware

Credit to Author: Ian Kenefick| Date: Fri, 21 Jan 2022 00:00:00 +0000

We found waves of Emotet spam campaigns using unconventional IP addresses to evade detection.

Read more

Microsoft beefs up Edge's security against zero-day attacks

Credit to Author: Lucas Mearian| Date: Thu, 20 Jan 2022 13:16:00 -0800

In the latest release of its Edge beta, Microsoft introduced a new way for IT admins to better secure the Chromium-based browser against web-based attacks.

The release notes for Microsoft Edge Beta Channel describe the new security features as employing several techniques to guard against so-called zero-day exploits; Zero-day exploits are software or network vulnerabilities developers are unaware of, and so they’ve not been patched.

Imagine if the keylock mechanism on your home’s backdoor was faulty and jiggling the doorknob released the latch. Burglars could walk door to door looking for that particular vulnerability and jiggle doorknobs until one opened. Zero days are the same concept, but in cyberspace.

To read this article in full, please click here

Read more