Weakness in Microsoft Office 365 Message Encryption could expose email contents
WithSecure researchers are warning organizations of a security weakness in Microsoft Office 365 Message Encryption (OME) that could be exploited by attackers to obtain …
New infosec products of the week: October 14, 2022
Here’s a look at the most interesting products from the past week, featuring releases from ABBYY, Digi International, Portnox, Stytch, and Thales. Digi SAFE: Connectivity …
Alternative payment methods are creating new fraud risks
A Juniper Research study found that the total cost of eCommerce fraud to merchants will exceed $48 billion globally in 2023, from just over $41 billion in 2022. It predicted …
Here’s 5 of the world’s riskiest connected devices
Forescout’s research team analyzed 19 million connected devices deployed across five different industries, to find the riskiest device groups: smart buildings, medical …
Consumers want more transparency on how companies manage their data
Cisco published its 2022 Consumer Privacy Survey, an annual global review of consumers’ perceptions and behaviors on data privacy, highlighting the critical need for further …
For most companies ransomware is the scariest of all cyberattacks
SonicWall released the 2022 SonicWall Threat Mindset Survey which found that 66% of customers are more concerned about cyberattacks in 2022, with the main threat being focused …
Microsoft patches Windows flaw exploited in the wild (CVE-2022-41033)
October 2022 Patch Tuesday is here, with fixes for 85 CVE-numbered vulnerabilities, including CVE-2022-41033, a vulnerability in Windows COM+ Event System Service that has …
Auth bypass bug in FortiOS, FortiProxy is exploited in the wild (CVE-2022-40684)
After privately warning customers last week that they need to patch or mitigate CVE-2022-40684, a critical vulnerability affecting FortiOS, FortiProxy, and FortiSwitchManager, …
Unpatched Zimbra RCE bug exploited by attackers (CVE-2022-41352)
A still unpatched vulnerability (CVE-2022-41352) in Zimbra Collaboration is being exploited by attackers to achieve remote code execution on vulnerable servers. About the …
Critical vm2 sandbox escape flaw uncovered, patch ASAP! (CVE-2022-36067)
Oxeye researchers discovered a severe vm2 vulnerability (CVE-2022-36067) that has received the maximum CVSS score of 10.0. Called SandBreak, this new vulnerability requires …
Lack of transparency, systemic risks weaken national cybersecurity preparedness
What is critical infrastructure? If you ask 5 different people, you may receive 5 different answers. The term critical infrastructure has lost much of its meaning as a …
Microsoft Teams: A channel for sensitive business information sharing that needs better backup
Hornetsecurity has found an urgent need for greater backup for Microsoft Teams with 45% of users sending confidential and critical information frequently via the platform. …
Featured news
Resources
Don't miss
- How CISOs can elevate cybersecurity in boardroom discussions
- A humble proposal: The InfoSec CIA triad should be expanded
- Rsync vulnerabilities allow remote code execution on servers, patch quickly!
- Contextal Platform: Open-source threat detection and intelligence
- Using cognitive diversity for stronger, smarter cyber defense