Week in review: Spot deep-faked job candidates, data exfiltration via bookmarks, Patch Tuesday forecast

Cybersecurity news

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Browser synchronization abuse: Bookmarks as a covert data exfiltration channel
Two universal and seemingly innocuous browser features – the ability to create bookmarks (aka “favorites”) and browser synchronization – make users’ lives easier, but may also allow hackers to establish a covert data exfiltration channel.

Ransomware gangs are hitting roadblocks, but aren’t stopping (yet)
Ransomware attacks are in decline, according to reports by several cybersecurity companies. Why is that?

Cyberattack prevention is cost-effective, so why aren’t businesses investing to protect?
In this Help Net Security interview, Former Pentagon Chief Strategy Officer Jonathan Reiber, VP Cybersecurity Strategy and Policy, AttackIQ, offers insight for CISOs – from talking to the Board to proper budget allocation.

August 2022 Patch Tuesday forecast: Printers again?
Looking ahead to next week, we have a server end-of-life and still more updates that can impact printers.

How to minimize your exposure to supply chain attacks
Supply chain attacks are on the rise, and many organizations seem unsure on how to respond to the threat. Here are are several steps you can take to minimize your risk of being involved in a supply chain breach.

The most impersonated brand in phishing attacks? Microsoft
Vade announced its H1 2022 Phishers’ Favorites report, a ranking of the top 25 most impersonated brands in phishing attacks.

6 ways your cloud data security policies are slowing innovation – and how to avoid that
As practically every organization shifts from managing their data in network-based data centers to storing it in the cloud, cloud data security policies are created to secure this data in a cloud environment. With more and more data migrating to the cloud, these policies must adapt to a wide range of data stores, locations, uses and environments.

Phishers use custom phishing kit to hijack MFA-protected enterprise Microsoft accounts
An ongoing, large-scale phishing campaign is targeting owners of business email accounts at companies in the FinTech, Lending, Insurance, Energy and…