As many threat actors and groups seek to utilize recently discovered vulnerabilities, the Cyberint Research Team found several XFiles stealer campaigns, in which Follina vulnerability was exploited as part of the delivery phase. Follina is one of the most widespread vulnerabilities discovered throughout 2022. The vulnerability allows a threat actor to perform a remote code execution (RCE) through malicious Word documents. XFiles stealer is a vastly used info stealer that took off during the end of 2021.

The job of a CISO is one of constant change and unexpected challenges. One of the most energetic environments to govern is that of a university. Universities function not only as academic institutions, but also as research hubs, hosting both curious students, as well as notable scholars. This is an audience not known for slow-motion progress. They need results, and they expect them quickly. At a large university, the responsibility of a CISO is dizzying.

The widespread adaptability and integration of tools and the professionals who can effectively use them to comply with the law will significantly impact the careers of both lawyers and other legal personnel. One of the fastest-growing areas in the legal profession in the United States is Privacy Law. Privacy certifications endorse attorneys as credentialed privacy lawyers. Privacy certifications can boost income streams and growth potential while increasing job stability and sustainability.

With the rising trend of digitization, major companies like Airbnb, Microsoft and Twitter are staying out of the office, moving processes online and allowing employees the option to work from home. Organizations are adopting remote and hybrid working models. As a result, many people are spending more than double the amount of time online as they did pre-pandemic.

The Domain Name System (DNS) is responsible for mapping client-facing domain names to their corresponding IP addresses, making it a fundamental element of the internet. DNS-level events provide valuable information about network traffic that can be used to identify malicious activity. For instance, monitoring DNS lookups can help you see whether a host on your network attempted to connect to a site known to contain malware.

Companies have increasingly allowed bring your own device (BYOD) policies to support remote work, but in today’s cybersecurity landscape, this trend has led to an increased attack surface. Each additional endpoint increases the potential for credentials to be compromised through credential phishing attacks. Hackers are leveraging this trend to conduct insider attacks, leaving businesses vulnerable to data breaches.

We are thrilled to announce that CRN has recognized WatchGuard in its first-ever MES Matters list for 2022! This awards program highlights vendors that have proven themselves to be cutting-edge technology providers offering solutions that support the growth and innovation of midmarket organizations. CRN defines the midmarket as an organization with an annual revenue of $50M - $2B, and/or 100 – 2500 total supported users and seats.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Often a target for directory traversal, file packing utilities offer an excellent way to break a system. Sandboxing is a good test first but who regularly does that?

At CrowdStrike, we combine cloud scale with machine learning expertise to improve the efficacy of our machine learning models. One method for achieving that involves scanning massive numbers of files that we may not even have in our sample collections before we release our machine learning models. This prerelease scan allows us to maximize the efficacy of our machine learning models while minimizing negative impact of new or updated model releases.

The National Institute of Standards and Technology (NIST) recently updated its guidance to offer support for key practices and approaches involved in successful cyber security supply chain risk management (C-SCRM). In this blog post, we provide an overview of the update and what it means for organisations.