Can we trust web browsers to protect us, even if they say “HTTPS?” Not with the novel BitB attack, which fakes popup SSO windows to phish away credentials for Google, Facebook and Microsoft, et al. (By Lisa Vaas, Threatpost)
Cyber-insurance policies typically have "war exclusion" or "hostile act exclusion" language built into them. This language essentially says that insurers cannot defend against acts of war. In the first quarter of this year, cyber-insurance markets were already tightening war exclusion provisions to deny coverage. In light of Russia's invasion of Ukraine — and the anticipated cyber fallout — security professionals should review their cyber-insurance coverage with an eye toward determining coverage gaps. (By Beth Burgin Waller, Dark Reading)
Microsoft on Tuesday confirmed that the LAPSUS$ extortion-focused hacking crew had gained "limited access" to its systems, as authentication services provider Okta revealed that nearly 2.5% of its customers have been potentially impacted in the wake of the breach. (By Ravie Lakshmanan, The Hacker News)
HP has published security advisories for three critical-severity vulnerabilities affecting hundreds of its LaserJet Pro, Pagewide Pro, OfficeJet, Enterprise, Large Format, and DeskJet printer models. (By Bill Toulas, Bleeping Computer)
A new report released by the FBI's Internet Crime Complaint Center (IC3) shows that financial losses due to suspected cybercrime continued to rise sharply over the course of 2021, to a total of $6.9 billion in that year alone, with 847,000 complaints lodged by victims. (By Jon Gold, CSO)