CyberSecurity Updates

14 Dec

Microsoft Patch Tuesday, December 2022 Edition

Information, Insights

Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software. The most pressing patches include a zero-day in a Windows feature that tries to flag malicious files from the Web, a critical bug in PowerShell, and a dangerous flaw in Windows 11 systems that was detailed publicly prior to this week’s Patch Tuesday. The security updates include…

Read More
14 Dec

Cybersecurity Trends 2023: Securing our hybrid lives

Information

ESET experts offer their reflections on what the continued blurring of boundaries between different spheres of life means for our human and social experience – and especially our cybersecurity and privacy The future isn’t what it used to be. This adage, if a little trite, has taken on a whole new meaning after our lives turned on a dime with the outbreak of the COVID-19 pandemic. And as the world was bouncing back from the…

Read More
14 Dec

Top tips for security‑ and privacy‑enhancing holiday gifts

Information

Think outside the (gift) box. Here are a few ideas for security and privacy gifts to get for your relatives – or even for yourself. Some don’t cost a penny! Thanks to a decade or more of big-name data breaches, global privacy scandals and consumer rights legislation like the GDPR, we’re all more aware of cybersecurity and privacy issues today. And now that many of us are working more from home and our personal and…

Read More
14 Dec

COVID-bit: the wireless spyware trick with an unfortunate name

Information

by Paul Ducklin If you’re a regular Naked Security reader, you can probably guess where on the planet we’re headed in this virtual journey…. …we’re off once more to the Department of Software and Information Systems Engineering at Ben-Gurion University of the Negev in Israel. Researchers in the department’s Cyber-Security Research Center regularly investigate security issues related to so-called airgapped networks. As the name suggests, an airgapped network is deliberately disconnected not only from the…

Read More
14 Dec

Patch Tuesday: 0-days, RCE bugs, and a curious tale of signed malware

Information

by Paul Ducklin Another month, another Microsoft Patch Tuesday, another 48 patches, another two zero-days… …and an astonishing tale about a bunch of rogue actors who tricked Microsoft itself into giving their malicious code an official digital seal of approval. For a threat researcher’s view of the Patch Tuesday fixes for December 2002, please consult the Sophos X-Ops writeup on our sister site Sophos News: For a deep dive into the saga of the signed…

Read More
14 Dec

Apple patches everything, finally reveals mystery of iOS 16.1.2

Information

by Paul Ducklin Apple has just published a wide range of security fixes for all its supported platforms, from the smallest watch to the biggest laptop. In other words, if you’ve got an Apple product, and it’s still officially supported, we urge you to do an update check now. Remember that even if you’ve set your iDevices to update entirely automatically, doing a manual check is still well worth it, because: It ensures that you…

Read More
14 Dec

Lacework adds new capabilities to its CSPM solution

Data Breaches, Malware, Social Engineering

Lacework on Wednesday released new cloud security posture management (CSPM) capabilities, designed to help organizations create custom policies for AWS, Google Cloud, and Azure to secure their cloud infrastructure.  The new CSPM solution offers three key enhancements. First, it allows organizations to customize policies and ensure configurations align with an organization’s specific needs. Second, it helps organizations build custom cross-account reports to measure hygiene. Finally, the new CSPM will now be compliant with the latest…

Read More
14 Dec

High-Severity Memory Safety Bugs Patched With Latest Chrome 108 Update

Information, News

Google this week announced a Chrome update that resolves eight vulnerabilities in the popular browser, including five reported by external researchers. All five security defects are use-after-free flaws, a type of memory safety bug that has been prevalent in Chrome over the past years, and which Google has long-battled to eliminate. According to Google’s advisory, four of these issues are high-severity bugs, impacting components such as Blink Media, Mojo IPC, Blink Frames, and Aura. The…

Read More
14 Dec

Wiz debuts PEACH tenant isolation framework for cloud applications

Data Breaches, Malware, Social Engineering

Cloud security vendor Wiz has announced PEACH, a tenant isolation framework for cloud applications designed to evaluate security posture and outline areas of improvement. The firm stated that the framework has been developed on the back of its cloud vulnerability research to tackle security challenges impacting tenant isolation. Security boundaries, incohesion, transparency impacting tenant isolation in cloud applications In a blog post, Wiz wrote that there have been several cross-tenant vulnerabilities in various multi-tenant cloud…

Read More
14 Dec

New Royal ransomware group evades detection with partial encryption

Data Breaches, Malware, Social Engineering

A new ransomware group dubbed Royal that formed earlier this year has significantly ramped up its operations over the past few months and developed its own custom ransomware program that allows attackers to perform flexible and fast file encryption. “The Royal ransomware group emerged in early 2022 and has gained momentum since the middle of the year,” researchers from security firm Cybereason said in a new report. “Its ransomware, which the group deploys through different…

Read More