Industry News
Enterprise IT
Top stories summarized by our editors
1/24/2022

Jetpack security researchers have discovered that threat actors have injected backdoors into 53 WordPress plugins and 40 themes, which they can use to take control of any WordPress website. Sucuri researchers add that the criminals are most likely using the compromised add-ons to direct victims to malware-distributing and scam websites.

More Summaries:
Sucuri
1/24/2022

Cybercriminals are increasingly selling bank credentials through Telegram, while Cybersixgill reports that the decline in the sale of financial accounts on the platform is due to fewer credit cards being issued during the pandemic. Cybersixgill notes that "a parallel decrease was also identified in the total number of compromised credit cards sold on underground markets."

Full Story:
BleepingComputer
1/24/2022

The UK and Australia have formed a Cyber and Critical Technology Partnership to stop cybercriminals from shopping jurisdictions for lighter penalties; also, the countries have agreed to exchange personnel. The agreements build "a network of liberty that will deter cyberattacks before they happen and call out malign actors who perpetrate the acts," said UK Foreign Secretary Liz Truss.

Full Story:
The Register (UK)
1/24/2022

The Pennsylvania Senate has passed legislation that requires the state to develop methods to prevent ransomware attacks and to notify victims of a breach. The legislation comes following a report that bank account details of people receiving unemployment compensation had been diverted to fraudulent accounts.

Full Story:
The Associated Press
1/24/2022

Chief information and security officers can strengthen their own insider threat protocols by studying Iran's information-gathering tactics, such as the use of Facebook to build relationships. CISOs must constantly vet people and understand that even loyal insiders can be involved in long-term plots to access data.

1/24/2022

Jon Brandt and Naomi Buckwalter discuss how to address some of the most pressing current challenges on the cybersecurity landscape in a Cyber Pro episode of the ISACA Podcast.

Full Story:
ISACA
1/24/2022

A report by Atlas VPN finds that credentials from 6 billion accounts were compromised in 2021, a record that underscores the importance of good password management. The "compilation of many breaches" data breach leaked 3.2 billion email and password combinations alone.

Full Story:
Tech.co
1/24/2022

DefendX CEO Joe Cutroneo sees investing in secure cloud storage, addressing the risk of social engineering attacks and organizing unstructured data as among the key steps organizations must take to protect themselves from data breaches. "Ransomware as a service (RaaS) is continuing to expand and develop, and there's no reason to think this trend won't keep worsening," Cutroneo writes.

1/24/2022

Improving supply chain security, using hybrid and multicloud strategy, planning for a sustainable future and -- most especially -- establishing a successful hybrid workforce model are the main themes Deloitte's 2022 Technology Industry Outlook report says tech companies must focus on to thrive this year. Deloitte's Paul Silverglate asserts that "[t]he companies that are best able to work collaboratively and in a heterogeneous environment are the ones that are going to be the most successful."

Full Story:
ZDNet
1/24/2022

A CoderPad poll found that about two-thirds of recruiters from 131 countries believe there is bias in tech recruitment, which contributes to the industry's lack of diversity. Forty-two percent of the respondents said moving to a skills-based review during the hiring process could help reduce bias, while the poll also revealed equal pay and diverse worker backgrounds were supported by recruiters.

Full Story:
Euronews (France)