During the pandemic, approximately 60% of full-time and part-time employees in the U.S. worked remotely. Firms weren’t ready for their employees to work remotely, but many employers quickly realized the benefits of remote work. As remote work became more common, the number of cyber criminals increased drastically. IT professionals have never been more cautious with their work security.

The awaited OpenSSL 3.0.7 patch was released on Nov. 1. The OpenSSL Project team announced two HIGH severity vulnerabilities (CVE-2022-3602, CVE-2022-3786), which affect all OpenSSL v3 versions up to 3.0.6. These vulnerabilities are remediated in version 3.0.7, which was released Nov. 1. The vulnerabilities fixed include two stack-based buffer overflows in the name constraint checking portion of X.509 certificate verification.

On Tuesday, November 8, 2022, VMware disclosed three critical-severity vulnerabilities impacting VMware Workspace ONE Assist Server versions 21.x and 22.x. If successfully exploited, the reported vulnerabilities could lead to a threat actor obtaining administrative access to the application without the need to authenticate.

The Medibank hack began with the theft of credentials belonging to an individual with privileged access to Medibank’s internal systems. These credentials were sold and purchased on the dark web by an unconfirmed buyer who used them to gain access to Medibank’s internal system.

One of the primary challenges that our security analysts encounter is where and how to best use their time. Monitoring and reviewing the constant influx of data and alerts produced by our client’s networks whilst also finding the time to keep on top of trending and emerging threats is no mean feat, and not particularly conducive to a healthy work-life balance…

For far too long, the cybersecurity industry has subscribed to a flawed methodology — one that is based on the notion that organizations can avoid security threats through obscurity and secrecy. The assumption is that keeping security controls and processes covert makes products and data inherently more secure against cyber threats within the networks we defend. However, even the most sophisticated cybersecurity defenses are no match for well-funded, highly motivated adversaries.

Russia’s military incursion against Ukraine began on February 24, 2022, with a massive ground attack supported by several cyber incidents. This activity set the stage for what would become an active hybrid war fought in two domains: cyber and ground warfare.

Open source got more open source-y. Kubescape API is now documented on Swagger, the OpenAPI standard. That’s it in a nutshell. Scroll down to read more about it. We’re excited to share that we made another important step as an open-source company. We have documented the APIs of our newly open-sourced services using Swagger, the OpenAPI standard. This will help you integrate, interact and develop for the Kubescape platform.

Researchers from Lookout Threat Lab have uncovered two new surveillance campaigns targeting Uyghurs in the People’s Republic of China and abroad. One campaign introduces a novel Android surveillance tool we named BadBazaar that shares infrastructure with other previously encountered Uyghur-targeted tooling — as outlined in a 2020 whitepaper from the Lookout Threat Intelligence team.

“Have you backed up your files?” If you had a Dirham for every time you heard this and followed up with immediate action, you’d be a Shiekh by now. But alas, we’re here because you didn’t do your due diligence and now you have to pay the ultimate price—your data has been compromised and you’ll have to decide what to do about it. But don’t feel too bad; data backup at a corporate level is a luxury not everyone gets to enjoy.