Articles of interest from the week of January 24, 2022

Lazarus Hackers Use Windows Update To Deploy Malware

North Korean-backed hacking group Lazarus has added the Windows Update client to its list of living-off-the-land binaries (LoLBins) and is now actively using it to execute malicious code on Windows systems. (By Sergiu Gatlan, BleepingComputer)

65% of Organizations Continue To Rely on Shared Logins

As organizations look to embrace modern approaches to security in 2022, a strongDM survey has revealed that access management is one of the most crucial factors to achieving this goal. “Whether it’s ransomware, breaches, or just about any other type of security issue, virtually all begin at the same place–access,” said Tim Prendergast, strongDM CEO. (By Help Net Security)

Home Working Drives 44% Surge in Insider Threats

The security vendor’s 2022 Cost of Insider Threats Global Report was compiled from interviews with over 1000 IT professionals and analysis of more than 6800 incidents across the globe. It revealed that the cost and frequency of insider incidents are on the rise. Associated costs jumped 34%, from $11.5m in 2020 to $15.4m in 2021, while the overall volume surged by 44% over the period. (By Phil Muncaster, Infosecurity)

Ransomware Is Still the Biggest Security Worry for Business, but It’s Not the Only Headache

According to research by Microsoft, Ransomware is the number one cybersecurity concern that chief information security officers (CISO) are facing at the beginning of 2022, but it's just one of many issues that they're attempting to tackle. (By Danny Palmer, ZDNet)

Apple Releases iOS & macOS Updates to Patch Actively Exploited 0-Day Vulnerability

Apple on Wednesday released iOS 15.3 and macOS Monterey 12.2 with a fix for the privacy-defeating bug in Safari, as well as to contain a zero-day flaw, which it said has been exploited in the wild to break into its devices. (By Ravie Lakshmanan, The Hacker News)