Risk Assessments/Management

Cybersecurity job postings have exceeded 714,000 during the 12-month period through April 2022, representing a 43% increase over the previous year, compared with only an 18% overall increase in employment demand, according to The Record, a news site by cybersecurity firm Recorded Future.

The Hacker News reports that the Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool dubbed "DogWalk" has been given an unofficial patch amid the continued exploitation of the Follina flaw.

The Cybersecurity and Infrastructure Security Agency has clarified that security flaws should have a CVE identifier, reliable proof of active exploitation, including exploitation attempts, and necessary patches, mitigations, or workarounds, to be included in its Known Exploited Vulnerabilities catalog, according to SecurityWeek.

Vulnerable Linux servers with unpatched Atlassian Confluence Server and Data Center installations have been targeted by numerous botnets, according to BleepingComputer.

London-based security awareness firm CybSafe has pulled in a $28 million investment in a Series B funding round led by Evolution Equity Partners, SecurityWeek reports.

Organizations have been urged by RSA CEO Rohit Ghai to consider identity as a constant in cybersecurity amid evolving threats, according to TechRepublic.

Cybersecurity collaboration between the industry and government has been lacking, with National Cyber Director Chris Inglis noting that such partnership had not been discussed "very well" and Cybersecurity and Infrastructure Security Agency Director Jen Easterly saying that the term had not been tackled when she began serving in the government, CyberScoop reports.

ZDNet reports that cybercriminals have been spending a median dwell time of 15 days inside compromised networks in 2021, compared with 11 days in 2020, indicating a prolonged duration for performing malicious activities without being detected.