When looking at the scale and scope of worldwide cybercrime, password attacks are the most commonly observed type of threat in a given 60-second period.

Cybercrime is big and still growing bigger. It is often difficult to fully grasp the impact online attacks have had over the past decades. We used data from various Microsoft-owned properties and a mix of external sources to illustrate the scale and scope of worldwide cybercrime. Our comprehensive report on malicious activity highlights what is happening around the world within any given 60-second window.

**Cyberattacks Vary By Type and Focus**

If we’ve learned anything from our examination of last year’s online attacks, it’s that security teams need to be prepared to defend against a wide variety of threats at all times. According to RiskIQ, acquired by Microsoft in 2021, password attacks were far and away the most commonly observed type of threat, clocking in at 34,740 per minute. However, we also saw 1,902 Internet of Things (IoT) attacks and 1,095 distributed denial-of-service (DDoS) attacks during the same 60-second time period.

The threat picture gets even more complex the deeper we dive into internal Microsoft security data. We most commonly blocked email threats, identity threats, and brute-force authorization attacks for our customers.

When we examined a broad range of market data, we uncovered even more attacks. In 2021, seven phishing attacks occurred every minute, one SQL injection attack every two minutes, one new threat infrastructure detection every 35 minutes, one supply chain attack every 44 minutes, and one ransomware attack every 195 minutes. All of this comes together to create a tangled cybercrime landscape that security teams have to contend with.

**What Is the True Cost of Cybercrime?**

Cybercrime is a highly disruptive force, estimated to cause trillions of dollars in damages globally every year. The cost of cybercrime comes from damage done to data and property, stolen assets — including intellectual property — and the disruption of business systems and productivity.

Here’s a breakdown of how much cybercriminals cost businesses and consumers in 2021 per minute:

*   Worldwide economic impact of cybercrime: $1,141,553

*   Global cybersecurity spend: $285,388

*   E-commerce payment fraud losses: $38,052

*   Global ransomware damages: $38,051

*   Total cost of business email compromise: $4,566

*   Amount lost to cryptocurrency scams: $3,615

*   Average cost of breach: $8

*   Average cost of malware attacks: $5

How should enterprises guard against the disruptions and financial losses that come with a cybersecurity breach? They should start by understanding the full scope of the digital landscape that needs to be protected.

**What Should Organizations Expect?**

Threat actors are getting savvier about the tools and methods they use for evading detection, bypassing security systems, and perpetrating attacks. In 2021 there were 79,861 new hosts and 7,620 new IoT devices every minute. Likewise, we discovered 150 new domains, 53 new active LetsEncrypt SSL certificates, and 23 new mobile apps created in the same time period. Each of these additions can potentially act as a doorway for threat actors.

Cloud migrations, new digital initiatives, and shadow IT all widen the attack surface. At the enterprise level, that can mean a vast estate spanning multiple clouds and massively complex ecosystems. Meanwhile, cheap infrastructure and flourishing cybercrime economies grow the threat landscape that organizations, in turn, must track. Organizations need to ensure they’re one step ahead by creating a more holistic cybersecurity strategy that protects their operations on all fronts.

To gain control of this dynamic threat landscape, security teams must keep a pulse on new and emerging threats, the latest cybercrime tactics, and the leading tools at their disposal. Microsoft tracks more than 43 trillion signals every day to develop dynamic, hyper-relevant threat intelligence that evolves with the attack surface and helps us to detect and respond to threats rapidly. Our customers can access this intelligence directly to create a deep and unique view of the threat landscape, a 360-degree understanding of their exposure to it, and tools to mitigate and respond.

A Cyber Threat Minute: Cybercrime’s Scope in 60-Second Snapshots

What's next for the social network is anyone's guess—but here's what to watch as you wade through the privacy and security morass.

Elon Musk is buying Twitter for $44 billion after the least sexy will-they-won't-they saga of all time. And while Musk attempted to reassure advertisers yesterday that "Twitter obviously cannot become a free-for-all hellscape, where anything can be said with no consequences," the acquisition raises practical questions about what the social network's nearly 240 million active users can expect from the platform in the future.

Chief among these concerns are questions about how Twitter's stances on user security and privacy may change in the Musk era. A number of top Twitter executives were fired last night, including CEO Parag Agrawal, the company's general counsel Sean Edgett, and Vijaya Gadde, the company's head of legal policy, trust, and safety who was known for working to protect user data from law enforcement requests and court orders. Gadde ran the committee that ousted Donald Trump from Twitter in January 2021 following the Capitol riots. Musk, meanwhile, said in May that he would want to reinstate Trump on the platform and called the former US president's removal “morally bad.” 

This afternoon, Musk wrote that “Twitter will be forming a content moderation council with widely diverse viewpoints. No major content decisions or account reinstatements will happen before that council convenes.”

Content moderation has real implications for user security on any platform, particularly when it involves hate speech and violent misinformation. But other topics, including the privacy of Twitter direct messages, protection from unlawful government data requests, and the overall quality of Twitter's security protections, will loom large in the coming weeks. This is particularly true in light of recent accusations from former Twitter chief security officer Peiter “Mudge” Zatko, who described Twitter as having grossly inadequate digital security defenses in an August whistleblower report.

“Personally, I don’t know what to do, especially when you take Mudge’s whistleblower complaint into consideration,” says Whitney Merrill, a privacy and data protection lawyer and former Federal Trade Commission attorney. “I’m just not putting any sensitive data or data I’d like to stay confidential into DMs.”

Twitter offers a tool for downloading all the data it holds in your account, and reviewing your own trove is a good first step in understanding what information the company has linked to you. It's unclear, though, exactly how much control you currently have over deleting this data, and the policies could continue to evolve under the Musk administration. Twitter DMs, for example, only offer the option to “Delete for You,” meaning delete messages from your own account but not for other users. 

More broadly, Twitter's current policy on account deactivation simply says, “If you do not log back into your account for the 30 days following the deactivation, your account will be permanently deactivated.  Once permanently deactivated, all information associated with your account is no longer available in our Production Tools.” It is unclear what exactly this means in terms of long-term data retention and, again, policies may change in the future.

“It appears Twitter isn't even deleting data of end users, and private messages are kept forever or maybe until all participants delete,” Merrill says. (Twitter did not yet respond to WIRED's request for comment.)

It's worth noting that for most users, Twitter's core purpose as a public microblogging service is something of a saving grace. A lot of the things most people have done on Twitter over the years were meant to be publicly accessible. But private Twitter accounts and direct message chats are both popular Twitter features and important considerations as the company evolves.

“This is an emerging situation, but to the extent DMs were ever considered safe from inspection by staff, the threat is greater with the extensively reported rumors of staff reductions,” says Jake Williams, director of cyber-threat intelligence at the security firm Scythe and a former National Security Agency hacker. “Some of the first staff to be cut in any reorganization are personnel involved in nonfunctional activities, such as security specialists and internal policy oversight.”

Zatko, the former Twitter chief security officer, warned in both his written report and subsequent Congressional testimony of rogue insiders at Twitter, including nation-state actors, woefully inadequate access controls, and weak digital security defenses. As a result, a lack of security investment in the Musk era could pose a real danger to users over time. And Twitter has been plagued by both criminal and state-backed attacks over the years.

It's important to keep in mind, though, that the social giant is still a public company and that Musk himself would face legal liability if he or any of his appointees personally access user data or take other rogue actions like, say, leveraging the Twitter mobile application to grab user data outside of Twitter's scope.

“This all should be very concerning, but users don't need to overreact,” Williams says. “There will still be disincentives to run afoul of regulators.”

Even if many users are sticking around to see how things shake out, some are already balking at the extreme uncertainty of the situation. This evening, General Motors said it was temporarily suspending advertising on the social network.

If Musk Starts Firing Twitter's Security Team, Run

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 21 and Oct. 28. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key

Threat Roundup for October 21 to October 28

DataHub is an open-source metadata platform. Prior to version 0.8.45, the `StatelessTokenService` of the DataHub metadata service (GMS) does not verify the signature of JWT tokens. This allows an attacker to connect to DataHub instances as any user if Metadata Service authentication is enabled. This vulnerability occurs because the `StatelessTokenService` of the Metadata service uses the `parse` method of `io.jsonwebtoken.JwtParser`, which does not perform a verification of the cryptographic token signature. This means that JWTs are accepted regardless of the used algorithm. This issue may lead to an authentication bypass. Version 0.8.45 contains a patch for the issue. There are no known workarounds.

**Release Highlights****User Experience**

*   Allow Term Groups to be the target of permissions
*   Customize browser favicon via REACT_APP_FAVICON_URL param
*   Some UX improvements for charts & dashboards entity pages to reduce confusion
*   Performance improvements on the lineage visualization
*   Search bar for dataset schema tab

**Developer Experience**

*   Add rest endpoint for restoring indices of a single entity (/aspects?action=restoreIndices)
*   Create new platform instances via CLI
*   Improved impact analysis performance due to an added caching layer
*   Support for Patch as seen in August 2022 town hall.

**Metadata Ingestion**

*   Introduces bigquery-beta source
*   Looker source memory usage dramatically reduced
*   Report memory usage during ingestion
*   Improve Tableau lineage
*   Usage statistics for Tableau
*   LookML can automatically clone your Git repository. LookML is now supported in UI-based ingestion.
*   dbt supports column-level meta mappings
*   Support for deletion & rollback of time series data
*   Upgrade to browse path forms

\[see next page for list of commits\]

**What's Changed**

*   fix(privileges) Add Term Groups as targetable entities for privileges by @chriscollins3456 in #5806
*   fix(javadocs): remove ampersand from pdl causing issue in doc generation for openapi by @RyanHolstien in #5808
*   chore(ingest): remove archived docs by @hsheth2 in #5793
*   feat(ingest): add rewrite option for metadata file check by @hsheth2 in #5763
*   feat(cli): add support for sampled reporting to keep logs manageable by @shirshanka in #5800
*   docs(refactor): Refactor Tags Feature Guide by @maggiehays in #5781
*   docs(feature-guide) Impact Analysis by @maggiehays in #5765
*   feat(theming): set custom favicon via env var by @gabe-lyons in #5810
*   test(smoke-test): check debug arg in executor requests by @hsheth2 in #5811
*   fix(ingest): bigquery-beta - Fixing dependencies by @treff7es in #5814
*   feat(ingest): looker - reduce memory requirements by @shirshanka in #5815
*   feat(restore-indices): add endpoint for restore indices, add basic check for graph by @anshbansal in #5805
*   fix(frontend): download node only when USE\_SYSTEM\_NODE is set to false by @szalai1 in #5817
*   doc: Make Airflow link clickable by @daha in #5803
*   feat(ingest):looker - reduce mem usage, misc reporting improvements by @shirshanka in #5823
*   feat(model, ingest): populate sizeInBytes in snowflake, fall back to table level profiling for large tables by @mayurinehate in #5774
*   chore(docker): make curl/wget commands quiet in docker by @hsheth2 in #5819
*   chore: cleanup references to the old ember app by @hsheth2 in #5797
*   fix(ingest): spark-lineage: Adding additional debug logs to spark lineage by @treff7es in #5772
*   fix(docker): add missing port mappings for non-neo4j quickstart by @hsheth2 in #5799
*   fix(ingest): looker - report dashboard scanning correctly by @shirshanka in #5829
*   feat(cli): report memory usage during ingest by @shirshanka in #5828
*   fix(ingest): presto-on-hive - Fixing mysql filter by @treff7es in #5825
*   docs(big query): add needed delete permission to list by @maaaikoool in #5826
*   chore(ingest): set isort combine\_as\_imports by @hsheth2 in #5820
*   fix(ingest): use AwsConnectionConfig instead of AwsSourceConfig by @hsheth2 in #5813
*   feat(ingest): looker test connection by @hsheth2 in #5768
*   feat(ingest): improve tableau lineage, workbooks query, fix pagination by @mayurinehate in #5756
*   fix(ingest): profiling - memory usage reduction by @shirshanka in #5830
*   feat(monitoring): enable JMX and OTEL for frontend pods by @szalai1 in #5834
*   fix(standalone-consumers): Exclude Solr from spring boot application config & make them run on M1 by @pedro93 in #5827
*   feat(hooks): Add toggle for enabling/disabling platform event hook by @pedro93 in #5840
*   feat(transformers): Add semantics & transform\_aspect support in transformers by @mohdsiddique in #5514
*   feat(ci): auto label PRs by @anshbansal in #5839
*   feat(inputs): improving clarity on inputs for dashboards by @gabe-lyons in #5841
*   feat(ingest): add utility for converting MCEs to MCPs by @hsheth2 in #5812
*   chore(smoke): add additional log in smoke test by @hsheth2 in #5842
*   fix(ingest): fix doc generation import ordering issue with postgres by @hsheth2 in #5846
*   feat(docker) Adds Sasl support to base ingestion image by @pedro93 in #5855
*   fix(graphql) Fix null pointer exception when fetching entity aspect via graphql by @chriscollins3456 in #5857
*   fix(ingest): reporting should work with timestamps by @shirshanka in #5860
*   fix(patch-entity-registry): Remove exception for entities with key aspects. by @pghazanfari in #5831
*   fix(browse): Fixing browse path to remove requirement for simple name suffix by @jjoyce0510 in #5634
*   fix(ingest): bigquery - Fixing sharded regexp pattern config by @treff7es in #5861
*   perf(elastic search graph service): improving perf of lineage query by @gabe-lyons in #5858
*   chore(ingest): remove outdated GE compatibility hack by @hsheth2 in #5862
*   ci(ingest): test with python 3.10 by @hsheth2 in #5863
*   docs: improve doc generation, add better docs for snowflake, looker by @shirshanka in #5867
*   feat(ci): tweak auto-label globs by @anshbansal in #5849
*   fix(m1): preflight works with brew postgres@14 by @shirshanka in #5868
*   feat(smoke-tests) Make smoke tests use standalone consumers by @pedro93 in #5856
*   fix(domains): adding 10,000+ text when domain list caps out elastic count capacity by @gabe-lyons in #5838
*   docs(notifications): slack notification docs by @anshbansal in #5871
*   feat(docker): Update Dockerfiles to use java 11 runtime by @pedro93 in #5853
*   Scroll issue on Glossary related entity page by @Ankit-Keshari-Vituity in #5804
*   fix(ingest): include urns in rest sink failure logs by @hsheth2 in #5848
*   fix(docker): Bumps JRE 11 to latest by @pedro93 in #5875
*   feat(ingest): support reading config file from stdin by @hsheth2 in #5847
*   fix(ingest): remove dbt delete_tests_as_datasets option by @hsheth2 in #5865
*   fix(ingest): avrogen handling for missing fields with default values by @hsheth2 in #5844
*   refactor(ingest): add ALL\_ENV\_TYPES constant by @hsheth2 in #5866
*   feat(cli) Make docker compose quiet by @pedro93 in #5869
*   feat(datahub-protobuf): add support for shadow jar, publish by @shirshanka in #5882
*   feat(jars): better jar versioning for datahub-client, spark-lineage and protobuf by @shirshanka in #5883
*   fix(dev-docker): set right context for frontend dev build by @szalai1 in #5885
*   fix(ci): fix jar release action dependencies by @shirshanka in #5884
*   feat(schema) Add search filter to Schema tab by @chriscollins3456 in #5845
*   feat(ui) Add entity search input to shared folder by @chriscollins3456 in #5876
*   fix(ingest): datahub-api - move instantiation to the right config class by @shirshanka in #5878
*   feat(ingest): looker - improve defaults for usage extraction now that… by @shirshanka in #5893
*   fix(ingest): add missing trino types by @ms32035 in #5870
*   fix(ingest): remove dbt disable_dbt_node_creation and load_schema options by @hsheth2 in #5877
*   fix(frontend): forward Host header as X-Forwarded-Host by @codesorcery in #5816
*   feat(ingestion-ui) Sort ingestion sources by last execution time by @chriscollins3456 in #5807
*   docs(schema-history): update schema history docs by @aditya-radhakrishnan in #5894
*   docs(feature-guide) Refactor Domains feature guide by @chriscollins3456 in #5859
*   feat(charts & dashboards): improving chart & dashboard entity page rendering by @gabe-lyons in #5864
*   test(ingest): use pytest parameterization for dbt integration tests by @hsheth2 in #5879
*   refactor(ingest): move aspect maps to dedicated file by @hsheth2 in #5821
*   feat(ingest): make sink use type annotations by @hsheth2 in #5899
*   feat(ingest): add entity type inference to mcpw by @hsheth2 in #5880
*   feat(deletion & rollback): Server & Client side changes to support timeseries aspect deletion & rollback. by @rslanka in #4756
*   fix(ci): fix globs for auto-labeling PRs by @anshbansal in #5903
*   feat(ingest): minor changes in snowflake-beta source, add basic tests by @mayurinehate in #5910
*   feat(ingestion): schema inference for jsonlines in S3 by @hieunt-itfoss in #5725
*   refactor(gms): Refactoring util + entity client class locations by @jjoyce0510 in #5902
*   fix(ingest): support relative paths in lookml base\_folder by @hsheth2 in #5914
*   feat(graphql) Add new 'entities' endpoint to batch get entities by urn by @chriscollins3456 in #5915
*   fix(ingest): handle lookml directory being in a symlink'd folder by @hsheth2 in #5916
*   fix(doc) - fix boolean property in json schema by @treff7es in #5919
*   fix(ingest): hide internal profiler.allow\_deny\_patterns from config by @hsheth2 in #5619
*   feat(ingestion-ui) Display ingestion sources in UI more dynamically by @chriscollins3456 in #5789
*   fix(docs): Feast recipe documentation by @danilopeixoto in #5917
*   fix(docker): skip zoneinfo backport on newer python versions by @hsheth2 in #5912
*   fix(favicons): update multiple favicons if present by @gabe-lyons in #5927
*   feat(ingest): lookml - support for git checkout by @shirshanka in #5924
*   refactor(ingest): simplify DefaultSQLParser alias by @hsheth2 in #5935
*   feat(ingest): support version option in datahub client get\_aspect\_v2 by @hsheth2 in #5934
*   fix(ingest): add dbt redshift type mappings by @hsheth2 in #5933
*   fix(ci): process older issues first by @anshbansal in #5926
*   fix(ingest): move git requirement into lookml deps by @hsheth2 in #5932
*   feat(elastic-setup): more verbose logging by @anshbansal in #5937
*   fix(docker) Add platform to docker-compose command by @firasomrane in #5683
*   fix(airflow): prioritize conn\_type over id-based type inference by @hsheth2 in #5911
*   feat(ingestion): Refactor standard state-handling tasks into a common handler that are common across all stateful ingestion sources. by @rslanka in #5766
*   fix(docs): lookml - clean up links by @shirshanka in #5938
*   feat(search): Add support for Elasticsearch object field type by @justinas-marozas in #5891
*   feat(ingest): add ConfigEnum type by @hsheth2 in #5734
*   fix(transformer): fix invalid lastModified.actor entry in transformers by @mayurinehate in #5906
*   refactor(gms): Adding Java Entity Services by @jjoyce0510 in #5931
*   fix(ingest): fix type annotations on some pydantic fields by @hsheth2 in #5795
*   feat(docs) Adds guide on how to use personal access tokens by @pedro93 in #5873
*   feat(ingestion) Add more info to glue entities by @skrydal in #5874
*   feat(ingestion-ui) Add LookML form to managed ingestion UI by @chriscollins3456 in #5939
*   fix(ingest): Fix snowflake usage stateful ingestion backward compatibility check. by @rslanka in #5943
*   feat(ingest): skip ssh known\_hosts verification for git clone by @hsheth2 in #5945
*   fix(ui) Make LookML deploy key a textarea and format key by @chriscollins3456 in #5946
*   feat(docs): lookml - add video for ui ingestion, remove secret step u… by @shirshanka in #5948
*   fix(ingest): add trailing newline to ssh keys by @hsheth2 in #5947
*   docs(airflow): show that rest host points at gms by @hsheth2 in #5913
*   feat(delta-lake): support delta tables from minio by @MugdhaHardikar-GSLab in #5758
*   refractor(snowflake): move snowflake-beta to certified snowflake source by @mayurinehate in #5923
*   docs: datahub\_conn\_id => conn\_id in Airflow Integration by @GyuhoonK in #5920
*   fix(docs): fix loom embed by @shirshanka in #5956
*   fix(build): fix preflight script for m1 for lib postgresql by @shirshanka in #5957
*   docs(airflow) add back auth token info for airflow by @hsheth2 in #5960
*   feat: qualifiedName support + populating glue ARN by @skrydal in #5952
*   feat(elastic-setup): add better error handling by @anshbansal in #5963
*   docs(ingest): add example of ssl with mysql by @hsheth2 in #5954
*   feat(ingestion-ui) Use CLI version defined in recipe for test connection by @chriscollins3456 in #5959
*   feat(ingest): add support for aliases in plugin registry by @hsheth2 in #5958
*   feat(elasticsearch-setup): Add insecure option for curl by @BogdanAntoniu78 in #5887
*   feat(ci): exempt from stale label by @anshbansal in #5964
*   fix(ingest): continue validation of s3 path\_specs even if platform is set by @mayurinehate in #5951
*   fix(ui) Filter search through schemas based on non-editable tags and terms as well by @chriscollins3456 in #5942
*   refactor(ingest): use typed objects in dbt ingestion by @hsheth2 in #5929
*   feat(ingest): bigquery-v2 - Add profiling feature by @treff7es in #5953
*   fix(quickstart): elasticsearch-setup script fails on curl by @shirshanka in #5975
*   feat(protobuf): support for custom platform, subtypes, misc improvements by @shirshanka in #5973
*   feat(dashboard): add subTypes aspect to dashboard entity by @Masterchen09 in #5843
*   fix(patch-entity-registry): Use AspectSpec to retrieve aspect class in order to support custom entity ingestion via patch mechanism. by @pghazanfari in #5936
*   fix(ingest): handle uname missing on windows by @hsheth2 in #5981
*   ci: reduce pip backtracking in airflow plugin by @hsheth2 in #5982
*   fix(ingest): pin great-expectations dependency to fix profiling error by @mayurinehate in #5980
*   refactor(looker): Migrating to new browse path format by @jjoyce0510 in #5688
*   feat(ingest): dbt column-level meta mappings + add_terms operation by @hsheth2 in #5970
*   fix(datahub-ranger-plugin): add support to publish jars by @shirshanka in #5983
*   feat(docs): Adds docs on K8s scheduled ingestion by @pedro93 in #5984
*   feat(ingest): presto-on-hive stateful, catalog and pascalcase subtype config by @aezomz in #5890
*   fix(kafka-setup) Bump kafka version to existing version by @pedro93 in #5995
*   Small UI bugs by @Ankit-Keshari-Vituity in #5886
*   feat(data platform) adding data platform indexing & select platform modal in frontend by @gabe-lyons in #5988
*   Worked on the pop-over of matched entity by @Ankit-Keshari-Vituity in #5851
*   refactor(docs): Updating GraphQL documentation with fixes, and more examples by @jjoyce0510 in #5989
*   docs(upgrading-datahub): Add docs for upgrading-datahub v0.8.44 by @jjoyce0510 in #5998
*   chore(docs-website): bump docusaurus to v2.1.0 by @hsheth2 in #5792
*   docs: remove wip UI ingestion doc by @hsheth2 in #6000
*   feat(cli): extend put command to support platform creation by @shirshanka in #5990
*   feat(ingest): presto-on-hive - Description and hive view support by @treff7es in #5993
*   fix(ingest): encode reserved characters when creating dataset urn by @mayurinehate in #5977
*   feat(ingestion): Tableau dashboard & chart usage stats by @mohdsiddique in #5999
*   feat(ingestion): Documentation on adding stateful ingestion use-cases to new sources by @rslanka in #5985
*   refactor(ingest): streamline two-tier db config validation by @hsheth2 in #5986
*   feat(ui): Add Nullable label to Schema Render by @mkamalas in #5909
*   refactor(frontend): Misc frontend improvements by @jjoyce0510 in #6012
*   fix(docs-site): make banner a bit smaller by @hsheth2 in #6016
*   feat(ingest): add --no-pull-images option to docker quickstart by @hsheth2 in #6017
*   docs(users): move changing default user up by @anshbansal in #6020
*   Worked on the dynamic column width of stats table by @Ankit-Keshari-Vituity in #5996
*   Worked to hide the recent search from search bar by @Ankit-Keshari-Vituity in #6021
*   docs: fix a markdown typo by @ltxlouis in #6019
*   fix(ingest): lookml - make explore parsing more robust by @shirshanka in #6028
*   fix(ingest): better error handling in glue by @hsheth2 in #6030
*   fix(gms): Write back lineage search results to in-memory cache bound to feature flag by @RyanHolstien in #6006
*   fix(docs-site): style custom announcement bar by @jeffmerrick in #6022
*   fix(ownership-differ): standardise ownership change event payload by @ngamanda in #5967
*   feat(ingestion): Add fail-safe stale entity removal via configurable 'fail\_safe\_threshold' param. by @rslanka in #6027
*   refactor(ingest): move common host\_port validation by @hsheth2 in #6009
*   feat(ingest): aws - support extra args to role config by @hsheth2 in #6031
*   fix(frontend): refactoring AuthServiceClient by @aditya-radhakrishnan in #6029
*   refactor(gms): Improving JWT parsing logic by @jjoyce0510 in #6025
*   fix(ingest): support snowflake-beta extra compatibility by @hsheth2 in #6032
*   fix(platform): Add aws-secretsmanager-jdbc driver in dependencies by @atul-chegg in #5968
*   feat(patch): initial support of json patch style semantics in MCPs by @RyanHolstien in #5901
*   fix(ingest): bigquery-beta - Project name quote and graceful lineage/usage failures by @treff7es in #6035

**New Contributors**

*   @pghazanfari made their first contribution in #5831
*   @codesorcery made their first contribution in #5816
*   @hieunt-itfoss made their first contribution in #5725
*   @firasomrane made their first contribution in #5683
*   @GyuhoonK made their first contribution in #5920
*   @BogdanAntoniu78 made their first contribution in #5887
*   @ltxlouis made their first contribution in #6019
*   @atul-chegg made their first contribution in #5968

**Full Changelog**: v0.8.44...v0.8.45

CVE-2022-39366: Release DataHub v0.8.45 · datahub-project/datahub

SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Menu.php.

活动（美国空间400 一年,赠送 .com 或.net 的域名 及 https ssl 证书 价值（1999元），活动只限使用本系统的用户，免费安装系统）  
声明:官方唯一QQ客服 **1181698019**(黑蚂蚁.阿梁)

最新消息疑问解答BUG反馈发展建议经验共享模版服务视频教程

注册 登陆

CVE-2021-38734: SEMCMS外贸网站商城系统 SCSHOP_v1.1 更新

Is the new Heartbleed or just a bleeding distraction?

Is the new Heartbleed or just a bleeding distraction?

Developers of the OpenSSL cryptography library have taken the unusual step of pre-warning that an update due to land next Tuesday (November 1) will fix a critical vulnerability.

The looming OpenSSL 3.x patch represent the only the second time the project has addressed a flaw classified as ‘critical’. The only previous OpenSSL update of such elevated severity addressed the infamous Heartbleed vulnerability (CVE-2014-0160).

Heartbleed was a memory handling bug that opened the door for attackers to access secret keys, passwords, and sensitive personal information from vulnerable servers. At the time of its discovery eight years ago, experts from Netcraft estimated that the flaw affected 17% of SSL web servers or “half a million widely trusted websites”.

Little is known about the upcoming critical fix (OpenSSL 3.0.7), other than it is restricted to OpenSSL version 3.0, the latest release line of the software, and does not affect previous versions.

YOU MAY ALSO LIKE HyperSQL DataBase flaw leaves library vulnerable to RCE

OpenSSL 3.0.x only debuted in 2021, a factor that might limit the extent of the problems next week’s announcement will reveal. OpenSSL has been around since 1998 and most systems today are still built using earlier release lines.

No details of the upcoming patch or the critical flaw it tackles have been released. In the absence of any hard info, infosec Twitter has gone into overdrive with some speculating that the vulnerability might represent the “next Heartbleed”.

One security expert from Google, for example, has suggested on the basis of recent software commits and a blog post by the OpenSSL team that the update might relate to a denial-of-service (DoS) issue.

**Feel the DHEat**

This particular DoS bug – known as DHEat and previous confirmed to affect OpenVPN and SSH services – involves enforcing the Diffie-Hellman key exchange.

DHEat (AKA CVE-2002-20001) scores 7.5 on the CVSS 3.1 index, indicating high severity and falling somewhat short of critical.

On the face of it, an OpenSSL patch for DHEat would appear to be a poor candidate for a critical patch unless OpenSSL is particularly vulnerable. A recent OpenSSL blog post referencing DHEat makes it even more unlikely that the looming patch tackles this issue.

It seems more likely that a previously unknown vulnerability is at play, according to experts quizzed by The Daily Swig.

**Action stations**

Brian Fox, CTO of Sonatype, told us that organizations should audit their code base for exposure to any vulnerability in OpenSSL 3.0.x, leaving them prepared to either patch or isolate vulnerable systems next week.

“In the first instance, it’s critical to find out where 3.x is used,” Fox said. “More importantly, it’s vital to get tooling in place to avoid having to audit and identify components manually every time.”

Catch up on the latest encryption-related news and analysis

Fox went on to argue that speculation about the content of the upcoming fix were, at best, “unhelpful”. He said: “The speculation assumes that the fix is available in the publicly visible source and the advance notice gives attackers time to find it. This assumption may not be true. It is a best practice at some times to embargo the actual change until after the announcement for this exact reason.

“The team at OpenSSL consists of some of the foremost experts in handling high profile open source vulnerability disclosures and if they have determined this is the best course of action – to give advance notice – then I have faith in that decision.”

Professor Alan Woodward, a computer scientist at the University of Surrey, reasoned that the problem is unlikely to be related to the older vulnerability.

“If the OpenSSL vulnerability is truly critical as per their own definition, then it sounds dire,” Prof. Woodward told The Daily Swig. “If it’s the older vulnerability, I fear they may have cried wolf. It isn’t helpful to give so little information but as it is a tiny team I can see why.”

Prof. Woodward concluded: “I guess we’ll all have to wait until next week.”

YOU MAY ALSO LIKE GitHub patches bug that could allow access to another user’s repo

Upcoming ‘critical’ OpenSSL update prompts feverish speculation

Embedding security throughout your company has greater organizational impact and myriad benefits.

As cybersecurity has become an increasingly important consideration in corporate decision-making, there's been a corresponding move to elevate the role of the chief information security officer (CISO) to a higher point in the executive hierarchy. The reasoning seems to be, "If cyber is important, CISOs must be important." However, elevating the role sets the CISO up to be a lone voice in the desert crying "security," with little connection to the day-to-day decision-makers in IT, engineering, or products.

This has led to some undesirable consequences, like the Facebook exec who thought it was OK that the company's security measures caused hours-long delays in responding to its Oct. 4, 2021, outage, or the Uber exec who paid off hackers who breached his system, rather than acknowledge the breach, or the numerous CISOs who have invested in "additional layers of security" rather than admit they made poor selections initially. In all of these cases, the CISO's isolation from functional business units undoubtedly played a role in the tunnel thinking these decisions reflect.

**Organizational Impact**

Perhaps it's time to reimagine the role of the CISO. Maybe it's better to see the CISO's importance reflected in organizational impact rather than organizational status. Perhaps embedding security in functional units will result in better security.

Imagine the CISO as a part of the IT organization ecosystem. They would be involved in every decision about the infrastructure, and security concerns would be integral to those decisions rather than tacked on after the fact. This would allow for a set of "security" solutions based on how the network is structured and managed, rather than on special security capabilities inserted into the infrastructure by an outside group.

Imagine a security expert embedded in the software development organization. They would be able to refine the development process to make sure code is written and tested with an eye to security, without saddling the developers with processes that are alien to them, thereby reducing the vulnerabilities in the company's code. Imagine a security expert embedded in product lines. They would be able to make sure the corporate infrastructure protects their IP and that their development process reduces the vulnerabilities in their product.

In all these cases, security becomes a factor in corporate decisions grounded in the reality of corporate operations. The technical expertise of the CISO becomes integral to day-to-day work rather than a constraint imposed upon it. Similarly, security and compliance need to work seamlessly so that financial systems and communications with partners and vendors remain secure. This extends to telecom systems and other hardware.

**The Risk Factor**

This seems like a more impactful way to make the technical dimension of security a powerful voice in company execution. However, one may wonder if this will diminish the policy dimension, balkanizing it to address the special interests of individual functional units. This concern can be addressed by expanding the role of the chief risk officer to include the security policy functions currently carried out by the CISO. 

This has the benefit of keeping security policy at the C-level, where it gets the attention it needs. It has the further benefit of having cybersecurity risk considered in the context of other risks (risk to availability, risk to reputation, to address the cases above). Security would no longer be an end in itself, but a dimension of doing business. This doesn't mean security needs to battle it out with other concerns and make accommodations that compromise the security posture of the organization. Rather, it sets up an environment that trades the either/or mentality for one that seeks to satisfy all requirements.

There are numerous access control technologies that would have protected Facebook effectively without locking out its own personnel. When the security risk is considered along with the availability risk, those more pragmatic solutions would emerge.

Reimagining the Role of the CISO

Cloud computing was the lifeline that kept many companies running during the pandemic. But it was a classic case of medicine that comes with serious side effects. 
Having anywhere, anytime access to data and apps gives companies tremendous flexibility in a fast-changing world, plus the means to scale and customize IT at will. The cloud is an asset or upgrade in almost every way.
With one glaring

Cloud computing was the lifeline that kept many companies running during the pandemic. But it was a classic case of medicine that comes with _serious_ side effects.

Having anywhere, anytime access to data and apps gives companies tremendous flexibility in a fast-changing world, plus the means to scale and customize IT at will. The cloud is an asset or upgrade in almost every way.

With one glaring exception: cybersecurity.

The cloud promised to make companies more secure and security more straightforward. Yet over the same time period that the cloud took over computing, cyber attacks grew steadily worse while security teams felt increasingly overwhelmed.

Why?

We will explain shortly. For lean security teams, the more important question is how to make cloud security work, especially as the cloud footprint grows (a lot) faster than security resources. Will the cloud always cast a shadow on cybersecurity?

Not with the strategy outlined in a free ebook from Cynet called "The Lean IT Guide to Cloud Security". It explains how security teams with less than 20, 10, or even 5 members can make cloud security work from here forward.

****Storms Brewing in the Cloud****

The "cloud rush" prompted by the pandemic certainly caught hacker's attention. Attacks on cloud services rose 630% in 2020 and topped on-premises attacks for the first time. The sudden increase in cloud adoption explains some of that uptick – the cloud was a larger target than before. But this really had nothing to do with the pandemic.

It was only a matter of time before hackers started relentlessly targeting the cloud, now costing businesses $3.8 million on average with each successful breach.

Clouds look to hackers like prime targets, more appealing than almost any other.

On the one hand, clouds house huge stores of valuable data along with mission-critical applications. They are where the valuable targets live, so they're an obvious, even inevitable attack vector.

On the other hand, clouds either complicate or compromise many of the cyber defenses already in place, while coming with complicated defensive requirements of their own. Many cloud environments end up insecure, making them an easy attack vector as well.

As long as hackers continue to see clouds as equally vulnerable and valuable, the onslaught of attacks will only get worse. The damages will too.

****Making Sense of the Shared-Responsibility Model****

A big reason that cloud security gaps are so common (and so gaping) is because of the unique way we approach cloud cybersecurity.

Most cloud providers rely on the shared-responsibility model, where security responsibilities are split between the vendor and the customer.

Typically, customers handle data accountability, endpoint protection, and identity and access management. Vendors deal with application and network controls, host infrastructure, and physical server security (sharing agreements vary).

Research consistently shows that customers are confused about what is and isn't their responsibility. But even among those that aren't confused, the dividing line between responsibilities can (and has) lead to contentious disputes or security loopholes waiting for hackers to find them.

Problematic as the shared-responsibility model may be, it's standard practice. What's more, it can be a tremendous asset to learn security teams in particular provided they know their responsibilities...and pick the right partner.

****Cloud Security Starts with Vendor Selection****

For better or for worse, the shared-responsibility model obligates cloud customers to form security partnerships with their vendors. And some vendors are better than others.

Thoroughly vetting any cloud provider must be a prerequisite, but that takes time on the part of the evaluator and transparency on the part of the provider. Certifications like STAR Level 2 verify a provider's security credentials, but some companies go a step further and hire risk management services to evaluate a particular cloud. In any case, the goal is to get independent, objective proof the provider takes security seriously.

Upon selecting a vendor, following their security guidance (to the letter) could not be more important. Failure to do so has caused more than a few cloud attacks. Lean teams can make major improvements to cloud security, often at no cost whatsoever, by simply doing what the vendor says to do.

****The Key Pieces for Lean Security Teams****

Picking the right provider/partner solves a big part of the cloud security puzzle. That said, important and ongoing responsibilities still fall _entirely_ on the security team. These can be the weak-points that open the door to cloud attacks – but the right tools address each of the key responsibilities facing cloud customers, and the right vendors integrate more of those tools onto platforms to consolidate cloud security in a manageable form.

In the free ebook "The Lean IT Guide to Cloud Security", Cynet describes what the optimal cloud security toolkit looks like, along with how lean security teams can take advantage of similar strengths without increasing staff or ballooning security spending.

The ebook offers an effective guide to cloud security to the _many_ companies struggling to protect their most important IT. By design, however, it's also a practical and accessible framework designed to help security teams of any size secure cloud deployments of any size.

If cloud security falls on your shoulders, use the guidance from Cynet to make the maximum impact for the minimal investment.

Find out the keys to success in "The Lean IT Guide to Cloud Security" by downloading the free ebook.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Cloud Security Made Simple in New Guidebook For Lean Teams

Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges leading to a complete compromise of the Aruba EdgeConnect Enterprise Orchestrator with versions 9.1.2.40051 and below, 9.0.7.40108 and below, 8.10.23.40009 and below, and any older branches of Orchestrator not specifically mentioned.

\-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Aruba Product Security Advisory =============================== Advisory ID: ARUBA-PSA-2022-015 CVE: CVE-2022-37913, CVE-2022-37914, CVE-2022-37915 Publication Date: 2022-Oct-11 Status: Confirmed Severity: Critical Revision: 1 Title ===== Multiple Vulnerabilities in Aruba EdgeConnect Enterprise Orchestrator Overview ======== Aruba has released patches for Aruba EdgeConnect Enterprise Orchestrator that address multiple security vulnerabilities. Affected Products ================= - Aruba EdgeConnect Enterprise Orchestrator (on-premises) - Aruba EdgeConnect Enterprise Orchestrator-as-a-Service - Aruba EdgeConnect Enterprise Orchestrator-SP and Aruba EdgeConnect Enterprise Orchestrator Global Enterprise Tenant Orchestrators - Orchestrator 9.1.2.40051 and below - Orchestrator 9.0.7.40108 and below - Orchestrator 8.10.23.40009 and below - Any older branches of Orchestrator not specifically mentioned Versions of Aruba EdgeConnect Enterprise Orchestrator that are end of life are affected by these vulnerabilities unless otherwise indicated. Details ======= Authentication Bypass Leading to System Takeover in Aruba EdgeConnect Enterprise Orchestrator Web-Based Management Interface (CVE-2022-37913, CVE-2022-37914) --------------------------------------------------------------------- Vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to bypass authentication. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges leading to complete compromise of the Aruba EdgeConnect Enterprise Orchestrator host. Internal References: ATLSP-12, ATLSP-25 Severity: Critical CVSSv3.x Overall Score: 9.8 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Discovery: These vulnerabilities were discovered and reported by Daniel Jensen (@dozernz) via Aruba's Bug Bounty Program. Unauthenticated Remote Code Execution in Aruba EdgeConnect Enterprise Orchestrator Web-Based Management Interface (CVE-2022-37915) --------------------------------------------------------------------- A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. Internal References: ATLWL-313 Severity: Critical CVSSv3.x Overall Score: 9.8 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Discovery: This vulnerability was discovered and reported by Daniel Jensen (@dozernz) via Aruba's Bug Bounty Program Affected: This vulnerability only affected the versions listed - Aruba EdgeConnect Enterprise Orchestrator (on-premises) - 9.1.x branch only - Any 9.1.x Orchestrator instantiated as a new machine with a release prior to 9.1.3.40197 - Orchestrators upgraded to 9.1.x were not affected. Resolution: If you have a version of Aruba EdgeConnect Enterprise Orchestrator (on-premises) that you believe is affected from the above criteria, please reach out to TAC for resolution assistance. Resolution ========== Upgrade Aruba EdgeConnect Enterprise Orchestrator to one of the following versions with the fixes to resolve all issues noted in the details section. - Aruba EdgeConnect Enterprise Orchestrator (on-premises) - Orchestrator 9.2.0.40405 and above - Orchestrator 9.1.3.40197 and above - Orchestrator 9.0.7.40110 and above - Orchestrator 8.10.23.40015 and above - Aruba EdgeConnect Enterprise Orchestrator-as-a-Service - TAC will automatically create a support case for Aruba (Silver Peak) hosted Orchestrators to be upgraded. - Aruba EdgeConnect Enterprise Orchestrator-SP and Aruba EdgeConnect Enterprise Orchestrator Global Enterprise Tenant Orchestrators - Service providers must upgrade all tenants to a patched version listed above Aruba does not evaluate or patch product versions that have reached their End of Support (EoS) milestone. Supported versions as of the publication date of this advisory are: - Aruba EdgeConnect Enterprise Orchestrator 9.2.x - Aruba EdgeConnect Enterprise Orchestrator 9.1.x - Aruba EdgeConnect Enterprise Orchestrator 9.0.x - Aruba EdgeConnect Enterprise Orchestrator 8.10.x For more information about Aruba's End of Support policy visit: https://www.arubanetworks.com/support-services/end-of-life/ Workaround ========== To minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above. Exploitation and Public Discussion ================================== Aruba is not aware of any public discussion or exploit code that target these specific vulnerabilities as of the release date of the advisory. Revision History ================ Revision 1 / 2022-Oct-11 / Initial release Aruba SIRT Security Procedures ============================== Complete information on reporting security vulnerabilities in Aruba Networks products and obtaining assistance with security incidents is available at: https://www.arubanetworks.com/support-services/security-bulletins/ For reporting \*NEW\* Aruba Networks security issues, email can be sent to aruba-sirt(at)hpe.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at: https://www.arubanetworks.com/support-services/security-bulletins/ (c) Copyright 2022 by Aruba, a Hewlett Packard Enterprise company. This advisory may be redistributed freely after the release date given at the top of the text, provided that the redistributed copies are complete and unmodified, including all data and version information. -----BEGIN PGP SIGNATURE----- iQFLBAEBCAA1FiEEMd5pP5EnbG7Y0fo5mP4JykWFhtkFAmM9iKkXHHNpcnRAYXJ1 YmFuZXR3b3Jrcy5jb20ACgkQmP4JykWFhtk6hgf+Pog4Ikx66VHFIjT7owVLkbJ8 HK65RReWCqE8ruyeIeySQa4nZJ+nJZRaHagnunkRNeteC67ETo77Go8NetZ+XKnU SJ5AUF60+M8Yog4OOloNG8/ki0Eh/HZT6Stge+j/dJ1d+3QL78SPrFpUBEUWNOTM hTgwrkP+IZZJCJYHz+dy2bBNF5wwyzRau5xokoxAHzuJt4No01fTWQT3NWipPoBJ eNZKwDLMJBQCQGONY2yWCIs1QZZUQ3z7Ag7JbiJcRApSI91rxKbcCau5+14VmOZd PwUnVt85ijaQCxFO6yJXUgwrjYF/XjpP4IdcoKOCxOYquNVZzYgDFL+Iz9FWcQ== =HYd8 -----END PGP SIGNATURE-----

CVE-2022-37914

Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server Dashboard allows Command Injection. This affects 1.7.0 versions before 1.7.16.1.

Tag

#ssl