Security

Just in case you didn't have enough to worry about at the moment, the Information Security Forum has published its Threat Horizon 2022 report, looking ahead to the cyber challenges of the next two years.

Balancing today's realities with forecasts that push the limits of thinking, the report highlights nine major threats, broken down into three themes, that organizations can expect to face as a result of developments in technology.

Digital risk protection company Terbium Labs has released a trend report on the stolen and fraudulent data of three of the largest multi-good dark web marketplaces, which finds that fraud guides account for 49 percent of the data being sold.

Personal data lags some way behind at at 15.6 percent, followed by non-financial accounts and credentials (12.2 percent), financial accounts and credentials (8.2 percent), fraud tools and templates (eight percent) and payment cards (seven percent).

Containerization is increasingly popular, but its adoption presents challenges when it comes to vulnerability management and protection.

DevOps security specialist NeuVector is launching new features for its platform aimed at enterprise teams.

Both the Windows and macOS versions of Zoom have critical, unpatched security vulnerabilities that could be exploited by hackers to target users and spy on calls and meetings.

Security experts say -- despite not having seen the actual code for the exploits -- that the Windows version of Zoom is affected by an RCE (Remote Code Execution) described as being "perfect for industrial espionage". The zero-days have been offered for sale for $500,000.

With a sudden shift to remote working many companies are faced with lowering quality controls and making short term tactical fixes to support their remote workforce, increasing their exposure to threats and cyberattacks.

Security specialist F-Secure has launched a new offering based on its award-winning managed detection and response (MDR) service, F-Secure Countercept.

With many more people working from home currently the risks to business data from the use of potentially insecure applications is increased.

Kaspersky is launching a new version of its Endpoint Security Cloud, which will enable businesses to control the unauthorized use of potentially insecure applications and sites by employees whilst working from home.

Microsoft's monthly Patch Tuesday security updates are always important, but the ones released this week are particularly important. Not only do the fixes address numerous zero-day vulnerabilities, but the security flaws they fix were being actively exploited.

In all, Microsoft has plugged 113 CVE-numbered vulnerabilities this month. 17 of these are marked as being critical, and 96 as important.

Cybersecurity is important to any enterprise, but it's especially key to those that are delivering critical infrastructure.

But recent research from Nozomi Networks shows that often the development of a holistic security approach is being driven by events such as security breaches.

With greater numbers than ever working remotely due to the coronavirus crisis, there's increased focus on the security risks posed by home networks.

New research from BitSight, based on analysis of over more than 41,000 organizations, reveals that networks used to work from home are 3.5 times more likely to have malware present than the traditional corporate network.

Problems for Zoom and users of the videoconferencing software seem just about unending. Following on from the revelation that a number of account credentials were available on the dark web, a new report shows that in fact there are credentials for hundreds of thousands of accounts available on hacking forums.

In all, over half a million account details have been found available -- some sold for fractions of a penny, and others made available completely free of charge.

A new study from Check Point Research highlights the brands which are most frequently imitated by criminals in attempts to steal individuals' personal information or payment credentials.

The Brand Phishing Report for the first quarter of this year shows Apple was the brand most frequently imitated, up from seventh place in the final quarter of 2019.

As part of its continuing efforts to regain trust following a series of privacy and security scandals, Zoom has announced that it is introducing the option for users to choose which countries their data is routed through.

The move comes after concerns were voiced at Zoom's admission that some US calls were being routed through China. The new option will allow users to opt in or out of specific data center regions; unfortunately, this feature will not be made available to everyone.

Cloudflare has moved away from using Google's reCAPTCHA, opting instead for the independent hCaptcha bot detector.

The company explains the reasons behind the change, citing not only the fact that Google would now like to charge Cloudflare for what used to be a free service, but also the privacy concerns that stem from anything to do with Google.

The various security and privacy issues that have plagued Zoom in recent weeks have not only caused users to look at the video conferencing software differently, but also forced the company to take a long, hard look at itself.

Having already apologized for the numerous issues people have experienced, as well as making changes to the way the service works, Zoom has now also taken steps to prevent users from being Zoombombed. The change is a relatively minor one in the scheme of things, but it's an important one.

A new survey finds that 85 percent of companies believe embracing the public cloud is critical to fuel innovation. But of those who have already adopted public cloud, only 40 percent have in place an approach to managing cloud and container security.

The study by DivvyCloud finds only 58 percent say their organization has clear guidelines and policies in place for developers building applications and operating in the public cloud. Of those, 25 percent say these policies are not enforced, while 17 percent confirm their organization lacks clear guidelines entirely.