The week in security: Fraud losses going up, password security still down

Losses to email-based fraudsters are continuing to soar as business email compromise (BEC) exploits human weaknesses to deliver big gains for cybercriminals, new figures have confirmed.

Staff aren’t very good at maintaining good passwords either, with World Password Day turning up the usual reminders that everyone needs to take this stuff seriously – but still isn’t doing so.

New ransomware is leveraging a flaw in Oracle WebLogic to install itself on vulnerable business systems.

Also needing patching was the Cisco Nexus 9000, whose fabric switch software has flaws that the vendor was calling to be patched.

As if the week’s vulnerabilities file wasn’t big enough already, Windows 10 PCs from Dell were being endangered by a flaw in the company’s SupportAssist app.

And, to top it off, enterprises were being hit by a newly released exploit that leverages a known configuration vulnerability in both on-premise and cloud-based SAP instances.