KnowBe4 2022 Phishing Test Report Confirms Business-Related Emails Trend 

KnowBe4 has announced the results of its 2022 and Q4 2022 top-clicked phishing report. The results include the top email subjects clicked in phishing tests, top attack vector types, holiday phishing email subjects and more insightful information that reveal the most popular phishing email tactics.

Phishing emails continue to be one of the most common and effective methods to maliciously impact a variety of organisations around the world – everyone is a potential victim. Cybercriminals constantly refine their strategies to outsmart end users and organisations by changing phishing email subjects to be more believable and attention grabbing. This shift in phishing tactics over time is evident in the increasing trend of cybercriminals using business-related email subjects.

Business phishing emails are lucrative and successful because of their potential to affect a user’s workday and routine. These include emails from HR, IT, managers and web services such as Google and Amazon. KnowBe4’s 2022 phishing test results reveal that for the year, nearly 50% of email subjects were HR related, while the other half were related to career development, IT and work project notifications. These types of emails bait recipients into opening them and are likely successful because they create a sense of urgency in users to act quickly, sometimes without thinking and taking the time to question the email’s legitimacy.

Additionally, this year’s phishing tests revealed the top vector for the year to be phishing links in the body of an email, which has stayed consistent for the last three consecutive quarters. The combination of these phishing tactics is clearly a working strategy for cybercriminals but detrimental to users and organisations as they can lead to cyber attacks such as business email compromise and ransomware.

Along with an increased utilisation of more business-related emails and links within emails, the Q4 2022 phishing test also shares the top holiday phishing email subjects. The holiday season is one of the busiest times of year for online activities and cybercriminals count on end users having their guards down when it comes to staying alert and spotting phishing emails. Like general phishing email subjects, holiday phishing email subjects consist of emails from HR and IT, however, they are also tailored to the holiday season and the festivities that typically happen during that time of the year by mentioning holiday parties, gifts, food and more.

“Cybercriminals are smart and pay attention to what works and what does not when it comes to effective phishing emails,” said Stu Sjouwerman, CEO, KnowBe4. “This is why we see email subjects evolve and upgrade over time to keep up with end users and what they may be susceptible to. Phishing emails are a year-round threat and remain a challenge during the holiday season as well – holiday phishing emails are the one gift that no one wants to receive in their inbox. KnowBe4’s phishing test reports emphasise the importance of new-school security awareness training that educate users on the latest and most common cyber attacks and threats. A strong security culture and an educated workforce is an organisation’s best defence to remain vigilant and stay safe online from cybercriminals and their attempted threats.” 

To download a copy of the 2022 and the Q4 2022 KnowBe4 Phishing Infographics, visit here and here.

The post KnowBe4 2022 Phishing Test Report Confirms Business-Related Emails Trend  appeared first on IT Security Guru.

Microsoft Patch Tuesday, December 2022 Edition

Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software. The most pressing patches include a zero-day in a Windows feature that tries to flag malicious files from the Web, a critical bug in PowerShell, and a dangerous flaw in Windows 11 systems that was detailed publicly prior to this week’s Patch Tuesday.

The security updates include patches for Azure, Microsoft Edge, Office, SharePoint Server, SysInternals, and the .NET framework. Six of the update bundles earned Microsoft’s most dire “critical” rating, meaning they fix vulnerabilities that malware or malcontents can use to remotely commandeer an unpatched Windows system — with little to no interaction on the part of the user.

The bug already seeing exploitation is CVE-2022-44698, which allows attackers to bypass the Windows SmartScreen security feature. The vulnerability allows attackers to craft documents that won’t get tagged with Microsoft’s “Mark of the Web,” despite being downloaded from untrusted sites.

“This means no Protected View for Microsoft Office documents, making it easier to get users to do sketchy things like execute malicious macros,
said Greg Wiseman, product manager at security firm Rapid7. This is the second Mark of the Web flaw Microsoft has patched in as many months; both were first publicly detailed over the past two months on Twitter by security researcher Will Dormann.

Publicly disclosed (but not actively exploited for now) is CVE-2022-44710, which is an elevation of privilege flaw in the DirectX graphics component of Windows 11.

Another notable critical bug is CVE-2022-41076, a remote code execution flaw in PowerShell — a key component of Windows that makes it easier to automate system tasks and configurations.

Kevin Breen at Immersive Labs said while Microsoft doesn’t share much detail about CVE-2022-41076 apart from the designation ‘Exploitation More Likely,’ they also note that successful exploitation requires an attacker to take additional actions to prepare the target environment.

“What actions are required is not clear; however, we do know that exploitation requires an authenticated user level of access,” Breen said. “This combination suggests that the exploit requires a social engineering element, and would likely be seen in initial infections using attacks like MalDocs or LNK files.”

Speaking of malicious documents, Trend Micro’s Zero Day Initiative highlights CVE-2022-44713, a spoofing vulnerability in Outlook for Mac.

“We don’t often highlight spoofing bugs, but anytime you’re dealing with a spoofing bug in an e-mail client, you should take notice,” ZDI’s Dustin Childs wrote. “This vulnerability could allow an attacker to appear as a trusted user when they should not be. Now combine this with the SmartScreen Mark of the Web bypass and it’s not hard to come up with a scenario where you receive an e-mail that appears to be from your boss with an attachment entitled “Executive_Compensation.xlsx”. There aren’t many who wouldn’t open that file in that scenario.”

Microsoft also released guidance on reports that certain software drivers certified by Microsoft’s Windows Hardware Developer Program were being used maliciously in post-exploitation activity.

Three different companies reported evidence that malicious hackers were using these signed malicious driver files to lay the groundwork for ransomware deployment inside victim organizations. One of those companies, Sophos, published a blog post Tuesday detailing how the activity was tied to the Russian ransomware group Cuba, which has extorted an estimated $60 million from victims since 2019.

Of course, not all scary and pressing security threats are Microsoft-based. Also on Tuesday, Apple released a bevy of security updates to iOS, iPadOS, macOS, tvOS and Safari, including  a patch for a newly discovered zero-day vulnerability that could lead to remote code execution.

Anyone responsible for maintaining Fortinet or Citrix remote access products probably needs to update, as both are dealing with active attacks on just-patched flaws.

For a closer look at the patches released by Microsoft today (indexed by severity and other metrics) check out the always-useful Patch Tuesday roundup from the SANS Internet Storm Center. And it’s not a bad idea to hold off updating for a few days until Microsoft works out any kinks in the updates: AskWoody.com usually has the lowdown on any patches that may be causing problems for Windows users.

As always, please consider backing up your system or at least your important documents and data before applying system updates. And if you run into any problems with these updates, please drop a note about it here in the comments.

Panorama photo stitcher – Hugin 2022 in Beta Now [Ubuntu PPA]

Hugin, the popular free and open-source panorama photo stitcher application, now is in beta stage for the upcoming 2022 version.

Changes in this release according to the launchpad milestone include:

  • Add simple edge fill option to fill black edges in panorama with homogenous color.
  • Simplified the assistant page with only the necessary GUI controls to make it more clear for beginners and casual users.
  • Several improvements to control points tab (e.g. magnifier displays now warped image for better judgement of wide angle/fisheye images).
  • Improved handling of duplicate control points when running cpfind.
  • Extended command line tools pto_mask (--delete-mask) and pano_modify (allow specifying crop relative to canvas size).

There are as well some bug-fixes in the release, including fulla flatfield extremely dark, and high DPI display support for Windows.

How to install Hugin 2022 in Ubuntu:

For the source tarball as well as Windows msi packages, go the sourceforge download page.

For all current Ubuntu releases, including Ubuntu 18.04, Ubuntu 20.04, Ubuntu 22.04, Ubuntu 22.10, and their based systems, I’ve made the unofficial package into this PPA repository.

I’ll continue updating this PPA when the stable release is out! And sync the package (stable) with may apps ppa.

1. First, press Ctrl+Alt+T on keyboard to open terminal. When it opens, run command to add the PPA:

sudo add-apt-repository ppa:ubuntuhandbook1/hugin

Type user password (no asterisk feedback) when it asks and hit Enter to continue.

2. Update system package cache for Ubuntu 18.04 and Linux Mint, though it’s done automatically while adding PPA in Ubuntu 20.04+:

sudo apt update

3. Finally, either run the command below in terminal to install the panorama photo stitcher:

sudo apt install hugin

Or, upgrade the software (if an old version was installed) via Software Updater (Update Manager) app:

Uninstall hugin:

To remove the software package, simply run command:

sudo apt remove --autoremove hugin hugin-data

And, remove the PPA either by running command in terminal:

sudo add-apt-repository --remove ppa:ubuntuhandbook1/hugin

Or remove the source line from ‘Software & Updates‘ utility under Other Software tab.

Patch Tuesday, November 2022 Election Edition

Let’s face it: Having “2022 election” in the headline above is probably the only reason anyone might read this story today. Still, while most of us here in the United States are anxiously awaiting the results of how well we’ve patched our Democracy, it seems fitting that Microsoft Corp. today released gobs of security patches for its ubiquitous Windows operating systems. November’s patch batch includes fixes for a whopping six zero-day security vulnerabilities that miscreants and malware are already exploiting in the wild.

Probably the scariest of the zero-day flaws is CVE-2022-41128, a “critical” weakness in the Windows scripting languages that could be used to foist malicious software on vulnerable users who do nothing more than browse to a hacked or malicious site that exploits the weakness. Microsoft credits Google with reporting the vulnerability, which earned a CVSS score of 8.8.

CVE-2022-41073 is a zero-day flaw in the Windows Print Spooler, a Windows component that Microsoft has patched mightily over the past year. Kevin Breen, director of cyber threat research at Immersive Labs, noted that the print spooler has been a popular target for vulnerabilities in the last 12 months, with this marking the 9th patch.

The third zero-day Microsoft patched this month is CVE-2022-41125, which is an “elevation of privilege” vulnerability in the Windows Cryptography API: Next Generation (CNG) Key Isolation Service, a service for isolating private keys. Satnam Narang, senior staff research engineer at Tenable, said exploitation of this vulnerability could grant an attacker SYSTEM privileges.

The fourth zero-day, CVE-2022-41091, was previously disclosed and widely reported on in October. It is a Security Feature Bypass of “Windows Mark of the Web” – a mechanism meant to flag files that have come from an untrusted source.

The other two zero-day bugs Microsoft patched this month were for vulnerabilities being exploited in Exchange Server. News that these two Exchange flaws were being exploited in the wild surfaced in late September 2022, and many were surprised when Microsoft let October’s Patch Tuesday sail by without issuing official patches for them (the company instead issued mitigation instructions that it was forced to revise multiple times). Today’s patch batch addresses both issues.

Greg Wiseman, product manager at Rapid7, said the Exchange flaw CVE-2022-41040 is a “critical” elevation of privilege vulnerability, and CVE-2022-41082 is considered Important, allowing Remote Code Execution (RCE) when PowerShell is accessible to the attacker.

“Both vulnerabilities have been exploited in the wild,” Wiseman said. “Four other CVEs affecting Exchange Server have also been addressed this month. Three are rated as Important, and CVE-2022-41080 is another privilege escalation vulnerability considered Critical. Customers are advised to update their Exchange Server systems immediately, regardless of whether any previously recommended mitigation steps have been applied. The mitigation rules are no longer recommended once systems have been patched.”

Adobe usually issues security updates for its products on Patch Tuesday, but it did not this month. For a closer look at the patches released by Microsoft today and indexed by severity and other metrics, check out the always-useful Patch Tuesday roundup from the SANS Internet Storm Center. And it’s not a bad idea to hold off updating for a few days until Microsoft works out any kinks in the updates: AskWoody.com usually has the lowdown on any patches that may be causing problems for Windows users.

As always, please consider backing up your system or at least your important documents and data before applying system updates. And if you run into any problems with these updates, please drop a note about it here in the comments.

Obrela’s 2022 Digital Universe Study – A look at today’s threat landscape  

Obrela Security Industries recently launched their H1 2022 Digital Universe Study, which provides detailed insight into this year’s security and threat landscape. The results provide a ‘funnel’ view of real-time visibility data, and allow organisations to gain a better understanding of how threats are security are developing, and how they can better protect themselves.  

To put together this report, Obrela collected and analysed 1 PBs of logs as well as 100,000 devices. In this time, they detected 7,369 cyber incidents with an average response time of 7 seconds.  

Using this, Obrela’s security team was able to find out what attack vectors were most prominent and what type of methods threat actors tended to execute when attempting to gain unauthorised access. Some of the more significant shifts within the threat landscape included: 

  • A 16% increase in data breaches, as well as attacks that targeted end users as opposed to corporations.  
  • A 6% upswing in zero-day attacks, particularly exploiting vulnerabilities.  
  • A 12% surge in attacks related to internal threats, such as policy violations, privileged user activity and inadvertent actions.

Looking at particular attack methods, Obrela found that those most utilised were typically malware infection, reconnaissance, data exfiltration and phishing attacks, along with the exploitation of malicious insiders.  

The study also looks into which sectors are most vulnerable to cyber criminals, with banking & financial services, and government/corporate being at the top of the list. This is mostly down to the monetary value that threat actors can extract from exploiting weaknesses in security, as well as the personal and confidential data they store on their servers. In addition, banking, finance, government and corporate sectors play an important role in global economic activity, making them an incredibly attractive target for a criminal looking to exfiltrate information and extort.   

What can companies do to protect themselves?  

To decrease risk and make sure their security posture is up to scratch, organisations must remember to do the ‘basics’. This means, following best practices such as implementing security training, user authentication and access, and protecting their endpoints and brand. In order to boost security and improve security, organisations should extend their best practices to also include network management, as well as network segmentation and Zero trust. These should be deployed across the whole company and its network. Another option is for organisations to partner with an MSSP, who can monitor their IT and cloud infrastructure, removing the pressure from their own IT teams and allowing them to focus on internal issues and tasks; this could make the difference between a secure corporate nature and becoming another breach statistic. 

Emerging use cases 

After analysing the data and devices, Obrela found new incident cases, including:  

Domain impersonation: this is often associated with phishing campaigns, where employees of an organisation or end-users are targeted by cyber criminals pretending to be from their bank. Victims are taken to an impersonation site, via a phishing link, which will prompt them to enter personal information, including bank details or passwords. By the time the victim notices it is often too late, and malicious actors will already have access to their accounts or network.  

Internal Directory Busting: This vector is similar to a brute force web attack, which targets public facing websites. In using this method, threat actors can then exfiltrate personal and confidential data to use for malicious purposes.  

Unfortunately, cyber criminals are becoming increasingly sophisticated and are adaptable to the evolving threat landscape. Organisations must ensure they have the basic cybersecurity infrastructure, but they should also implement an extra layer of protection around their end users and networks. A network or system breach can not only impair their business operation, but it can also significantly affect their reputation, damaging their brand image and often leading to loss of customer trust.  

In partnering with an MSSP who understands the fluid nature of the security market, organisations can better secure their environments and keep their employees and customers protected from numerous cyber threats.  

 The Digital Universe study can help organisations understand what these types of threats are and how to protect against them.

You can find the full report here: https://www.obrela.com/digital-universe-report-h1-2022/  

The post Obrela’s 2022 Digital Universe Study – A look at today’s threat landscape   appeared first on IT Security Guru.

Most Inspiring Women in Cyber Awards 2022

The nominations for the Most Inspiring Women in Cyber awards are out! It’s always wonderful to read about the incredible women in our industry, who are making fantastic contributions and paving the way for others.

In no particular order, here is PART I of the 2022 shortlist along with snippets of what their nominators had to say about them! (To see Part II, see HERE)

Dr. Kiri Addison, senior product manager, Mimecast

Kiri has vast experience in the cybersecurity space, and has helped develop everything from creating systems to detect and prevent cyber-attacks and fraud to currently developing innovative products that utilize AI and ML to keep companies safe from cyberattacks.

“Kiri really is an unsung hero… Her fierce intelligence, combined with her openness and kindness make her a great mentor, colleague and friend. I also really like the fact that she is open about her struggles, this makes her relatable and brave. She is now using the skills she learnt to share her knowledge to mentor other women in the tech sector.”

Sophia Adhami, director of cyber security engagement, Sage

Sophia delivers incredible outreach and engagement to underrepresented groups. She is continually looking to improve gender and race diversity in the industry and doesn’t let anyone stand in her way when it comes to delivering knock out engagement that empowers women and unrepresented groups. 

“This lady lets nothing stop her. She joined a global security during the pandemic with two young children at home. Her passion, commitment to doing the right thing and delivery are incredible. Everyone needs a colleague like Sophia.”

Anah Ahee, assistant manager, cybersecurity, KPMG

Anah’s personal investment in time, passion and know-how has been inspiring to all those she has encountered.  Despite the challenges of Covid, KPMG delivered over 50 cyber awareness sessions to approximately 4,000 young adults, with consistently positive feedback.  Key to this was Anah’s meticulous planning and execution, and impactful delivery of education. At such an early stage of her career, Anah demonstrates excellent leadership in delivering the corporate cyber community’s messages around awareness, safety and inclusivity.

“The objectives of Anah’s pursuits shape the agenda she follows to drive a KPMG-backed cyber message through a lens of diversity into our communities with great success.  In an increasingly pernicious digital environment, early education of children is critical.  Moreover, it embeds the message into communities we might not otherwise reach.”

Beverley Alderson, senior cyber broker, Aon

Beverley is a senior cyber broker at Aon where she has been for over 20 years. Throughout her career she has mentored and sponsored many women who have gone on to have successful careers in the cyber market after Bev’s custodianship and is a pioneer of early adoption of cyber insurance and cyber security principles. 

“Beverley’s ability to distil difficult issues down to basic principles and to resolve them without aggression is inspiring; she does this with strong communication skills, transparency and trust.”

Sarah Armstrong-Smith, chief security advisor, Microsoft

Sarah is an inspiring lady who reach high level security positions with the government and Microsoft without any formal cyber qualifications and tells her story frequently to increase cyber security awareness as a career path. 

“With Sarah’s determination, perseverance and good speaking abilities, she is an inspiration to all who get to hear her story.”

Sakina Asadova, offensive security expert, Canon

Sakina is newer to industry; she’s a junior penetration tester at Canon. Whilst still breaking into the industry, Sakina is dedicated to providing quality work and providing great insights on all projects she is a part of.         

“Having started in another country, Sakina has navigated the university system and started a career in another country. She not only changed from her native language, to learn both Dutch and English, she often works in situations that call on a variety of languages to ensure the messages get across”

Andrea Babbs, director of sales UK & Ireland, VIPRE Security

Andrea Babbs has worked in the IT Industry for over 20 years. During that time she has worked for IT Security Vendors and Resellers dealing with email, endpoint and web security. Andrea is currently Country Manager and Head of Sales for VIPRE Security Limited, where she manages the UK and Irish business. Andrea’s length of experience in the industry means she has seen the threat landscape change from simple viruses and spam to the sophisticated, zero-day, polymorphic threats of today. However, she recognises that in attacks of all types, humans are the last line of defence, meaning they need awareness and effective tools to help them prevent little mistakes with big consequences

“Andrea understands that her team needs to be able to trust her to do the right thing by them and the business needs to understand that not everything can happen right now, so a little bit of patience and trust go a long way to making the impossible possible in the best timescales for everyone.”

Rae Baker, OSINT Analyst at Operation: Safe Escape

Rae has taken the industry by storm – starting out just three years ago. She has moved from graphic design, into OSINT investigations, specialising in Maritime. Rae volunteers her time to support organisations such as Operation Safe Escape. A not-for-profit supporting survivors of domestic abuse and violence. She also is currently writing a book on OSINT, volunteers to support survivors and persons targeted, and works heavily within the OSINT community to spread knowledge. Rae has a YouTube channel where she provides introductions to OSINT, specifically maritime, for people to learn from. She speaks at conferences, and is always happy to give back to the community. Whilst it’s been only three years, she has quickly become one of the authorities on OSINT.

“Nominating Rae because of her continuous efforts to provide support to the OSINT community, support vulnerable persons, and educate. She works hard to ensure information is readily available to everyone who needs it.”

Kristina Balaam, senior security intelligence engineer, Lookout

Kristina is a key figure in Lookout’s threat research division particularly as a Senior Security Intelligence Engineer at Lookout where she reverse engineers mobile malware. She regularly uncovers mobile-related threats that help protects millions.

“Kristina is always doing her best to inspire the next generation of women in cyber and regularly participates in the Day of Security.”

Katie Beecroft, associate director, Fidelity International

Katie and her team have worked tirelessly to build awareness of cyber security threats to the firm. Thanks to her efforts, employees appreciate that they are part of the solution. More than that, Katie has looked beyond the bricks and mortar, coordinating webinars and training to educate individuals as to the risks of cyber threats in their personal lives. These programs have been very well received by employees and have resulted in a positive impact on the company’s cyber health.

“Katie knows how to engage people. She goes beyond facts and figures to ensure her audience comes away feeling they are part of the solution and fully invested in protecting themselves, their families and by extension our firm.”

Andra Catincescu, associate director, Fidelity International

An associate director at Fidelity International, Andra is subject matter expert and a passionate supporter of diversity and inclusion within the cybersecurity field. Knowledgeable when it comes to the assessment of risks and threats, Andra is a confident leader and speaker who can effectively explain even the most complex of situations. 

“[Andra has an] ability to keep calm and level headed, [even] in a range of situations.”

Hope Chauland, GTM Manager, Microsoft

By investing her time in researching the trends of the United Kingdom’s security and identity markets, Hope is actively involved in the process of product launching and marketing. Going above and beyond her position as a GTM Manager at Microsoft, Hope is also the co-leader of UK Women in Security at Microsoft, where she strives to promote topics valuable to women working in security. Whether through presenting, creating content, or the designing of new programs, Hope always ascertains that her products are always top of mind within the company. 

“Hope’s role is incredibly demanding and she seems to work non-stop! Yet, she always has time to lend a hand to a project or provide input. She is a very positive role model and is the personification of success!  Hope’s commitment to the work she does as well as to diversity in cyber makes her a phenomenal asset to the cyber community and a true inspiration!” 

Camellia Chan, CEO & Founder, FLEXXON

Bridging together her love for technology and business, Camellia has built FLEXXON from the ground up, forming an international team spanning from Asia, North America and the EMEA regions. Yet despite the team’s size, Camellia cares deeply about each and every one of her employees, making it her mission to make FLEXXON a safe space that allows for them to thrive—taking their career trajectories, senses of well-being, and personal growth into account. As a result of her leadership, FLEXXON was awarded both a prize and funding at the Cyber Security Agency of Singapore’s 2018 Cybersecurity Industry Call for Innovation, later developing the world’s first AI-embedded data security solution, the X-PHY Cyber Secure SSD. 

“Camellia represents a spirit of never giving up, striving for your goals even when the path ahead is challenging and being able to balance championing the human spirit through it all.”

Nathalie Cole, Cyber Security Consultant, NCC Group

Having transitioned from working as a veterinary surgeon to her role as a Cyber Security Consultant for NCC Group, Nathalie is now also serving as the chapter administrator for the Ladies of Cheltenham Hacking Society—in which she advocates for the promotion of diversity for women, people from ethnic minorities, and the neurodivergent community. In an effort to further disseminate diversity and inclusion throughout the cybersecurity industry, Nathalie is an avid supporter of CyNam and the Cheltenham Science Festival. 

“Being a career changer, Nathalie demonstrates a non-traditional route into cybersecurity. She is also HUGELY passionate about championing diversity, which is an attribute that is truly inspirational.”

Anna Collard, SVP Content Strategy & Evangelist, KnowBe4

With only five employees and no physical office, Anna was able to found Popcorn Training, one of the first global companies to educate individuals about online safety with story-based and engaging video and gaming content as an educational medium. Since then, Popcorn Training has been acquired by KnowBe4, and has won multiple international awards. Working at KnowBe4 herself as an SVP Content Strategist, Anna is also an evangelist for cybersecurity, Anna has a way of painting cyber awareness in a light that makes it exciting and engaging, even to the average, non-technical individual. In her free time, Anna is very involved with her local community, advocating for equal rights in South African townships, and personally assisting senior citizens with yoga. Regardless of the subject at hand, Anna has mentored a number of women to push ahead and excel.  

“Anna persevered to build a company from the ground up. She has also offered her time and expertise to help others, particularly young women, join the industry. For example, she was involved in the Gov-X initiative, which is an innovation challenge aimed towards inspiring the youth to assist the government in solving African national security challenges.”

Alice Conibere, Junior Security Researcher, Secure Impact

An expert when it comes to networking and outreach, Alice has a way of sharing her knowledge in an engaging manner—ranging from how she helped people succeed in a UK Government cybersecurity training programme to the talks she arranged as Communications Officer on behalf of her university’s cybersecurity society. Her colleagues at Secure Impact think very highly of her, as she always contributes the best work possible. Not yet even 22 years old, Alice is a recent graduate in cybersecurity at the Bournemouth University Computing and Security Society, where she held informative sessions to encourage her fellow students to venture into the field of cybersecurity. 

“Her diligent work, community efforts, and open attitude places her as a monumental figure within the cyber security community. Her frequent community engagement, presence at numerous events, and constant willingness to provide advice makes her an inspirational figure within the cybersecurity community, proving that there is room for all in this stereotypically male-dominated field.”

Adenike Cosgrove, VP Marketing, EMEA, Proofpoint

A driving force for increasing cybersecurity awareness in terms of how, why, and when an organization and its people are being targeted, Adenike has been elected as the Vice Chair of the DMARC.org ‘authindicators’ working group—which was entrusted with the duty of developing a way to consistently show end user recipients that their messages have been authenticated. In addition, Adenike has collaborated with a major private healthcare organization in the UK, educating healthcare providers on the interplay of cybersecurity and threat actors with the healthcare industry—and how to best protect and defend their staff, suppliers, and patients. By taking on a novel and innovative method of risk assessment and cyberattack observation, Adenike’s work has successfully allowed numerous companies to see where their people-centric security is lacking, and where to take appropriate action, before a potential attack strikes. 

“[Adenike] is an advocate for addressing the diversity challenge in cybersecurity and regularly discusses the topic in industry events, in blogs and in columns. She puts forward the view that by continuing to look in the same place for cybersecurity professionals, we will continue to put the same set of eyes on a rapidly evolving set of problems. Diversity challenges traditional assumptions and thought processes, bringing a fresh perspective to problems and new challenges, and Adenike is passionate about inspiring a new and diverse generation of cybersecurity professionals.”

Camilla Currin, Senior Partner Manager, Trend Micro

A senior partner manager at Trend Micro, Camilla is an inspiration to everyone—rising to any challenge whilst bringing forwards an empathetic and emotionally-intelligent attitude. A mentor and experienced industry veteran, Camilla equally devotes her time to her colleagues regardless of their position—extending from C-level executives to junior team members. 

“She’s genuinely passionate about people and their backgrounds. She continuously mentors younger team members inside the company as well as in her social circle, across the industry and in partner organizations. She looks for the best in people—always.”

Adelina Deaconu, XDR Team Lead, Heimdal Security

With Adelina overseeing the XDR team for Heimdal Security, the group was able to become a fully fledged cybersecurity tactical squad—not to mention that, with Adelina’s guidance, the XDR team facilitated the product usage process for its customers. Furthermore, Adelina strove to ensure that Heimdal’s clients were always one step ahead of the latest threat actors—surveying infiltration efforts and responding to threats in order to keep the clients’ infrastructure safe. 

“What… [is] most inspirational about Adelina as a woman in cybersecurity is the fact that she made this technical lead role her own with great skills, impeccable problem-solving, and hands-on management. Seeing a woman as a leader in her field, especially on the technical side, is something that… [is inspirational] every day.”

Katie Diacon, Director, TMT Cyber Security

A leader who puts a huge amount of trust into people and also strives to keep learning and improving, Katie has taken the KPMG resilience team to new lengths. She has facilitated several difficult Women in Cyber panel discussions and been exceptional at it, taken our Resilience team to new levels and growth, and motivated several young women (like myself) but also men. She’s also brought several new clients and empowered everyone in her team to want to play a part in the growth of the team.

“[Katie] champions women in cyberspace through sponsorship, mentorship and by providing great working opportunities. [Additionally, she] provides usable advice and guidance, leads by example, and promotes good work life balance in the workplace.”

Dasha Diaz, Founder & CEO, itrainsec

Having worked in the communications department of one of the top cybersecurity vendors, Dasha has gone on to organize top class IT security conferences—and has also founded her own company, “itrainsec”, which provides custom b2b cybersecurity trainings and organizes events worldwide involving top cybersecurity vendors. 

“Dasha has a real passion towards what she does and really understands the importance of cybersecurity. Dasha is a real professional, strong and communicative… [and she] sets the goal and meets the goal whatever it takes.”

Lauren Eickhorst, Co-Founder and COO, Aristotle Metadata

As a leader in knowledge transfer, Lauren has put forward work in the development, operationalisation and growth of Aristotle Metadata that has had an outstanding impact on the data cybersecurity landscape. Her contributions to cybersecurity include the development of data skills training videos viewed by over 300,000 global viewers, development of training to upskill data security knowledge within complex organizations, and user experience design to revolutionize the uptake of data security solutions within larger enterprise groups. Not only that, but she is also a regional President for the Data Management Association, having broadened the audience to include a younger and more diverse practitioner demographic—in turn increasing the development of the data and cybersecurity community.

“Lauren has shown herself to continuously dedicate herself to self-improvement and growth. She is current Chief Operating Officer for an increasingly international startup, President of a regional data committee, and completing her Master of Business Administration to improve her skills. Lauren is an exceptional and outstanding representative of global cybersecurity and [is] an inspiration for women seeking to join the profession.”

Carole Embling, information security manager – compliance, Metro Bank

Carole started her career in IT security at the Royal Mail Group. Having begun as a Post Office Counter Clerk, she started on the path into Information Security by being trained as a junior business consultant back in 1990. She quickly learned the ropes of Information Security as part of a special training initiative and then became part of an integral team providing security consultancy at the Royal Mail Group. She later became an Information Security Manager at RMG and after being part of multiple organisations in the capacity of Information Security Advisor/Manager, she took on her current role as the Information Security Manager – Compliance at Metro Bank.  

“Carole has fought adversity since the 1990s to champion women in cybersecurity.”

Kate Emery-James, sales director, major accounts UK&I, Trend Micro

Kate has held various executive positions in cyber and has worked hard to put D&I at the top of the agenda in each of the organisations she worked in. She’s passionate about creating a truly inclusive work environment, in which everyone feels welcome. At Trend Micro, Kate is working hard to ensure the company has a diverse pipeline of talent joining the various teams. 

“Kate [has] juggle[d] many unexpected situations, from balancing a career and small children to working with difficult customer situations – career challenges have come with lots of different guises along the way for Kate. She tends to look at situations and frame them as ‘plot twists’ which are there to ‘learn and move on’. This has and continues to inspire many around her.”

Ana Ferreira, information security & health researcher, CINTESIS

Ana Ferreira has been a cybersecurity specialist and researcher for more than 20 years now, before even cybersecurity was named as such or the realization that the inclusiveness and diversity of this field would, one day, be so relevant to its advancement. Ana was one of the pioneers in cybersecurity in Europe and she has built herself into one of the role models that can inspire all generations of women to do so too, at both a national and European level, and even worldwide, where she has recently been recognized for her work and as a barrier breaker in the area.

“Ana supports any girl that contacts her through social media, she is always encouraging us to take risks… Last but not least, she has been awarded for many scientific papers while having won the “Barrier Breaker” category of the Cybersecurity Woman of the Year Awards 2022.”

Didar Gelici, senior technology manager, risk & compliance, JustEat

Didar is an experienced information security and risk manager, enthusiastic about transitioning into AppSec and DevSecOps. She is skilled in risk and control assessments, third party due diligence and team management. Didar has BA degree focused in Management and Organization from Marmara Üniversitesi.

“Didar takes an active role in multiple communities mostly helping women in tech. She is caring and a good leader with a big smile on her face always.”

Phoebe Goddard, assistant manager, cyber security, KPMG

Phoebe has worked extensively on cyber benchmarking in her role at KMPG, having recently been promoted to assistant manager for cyber security at KPMG. She has a hard-working attitude with a solutions-oriented mindset which allows her to always get the job done.

Phoebe has a spark that is rare, I can see her reaching higher heights, she’s one to watch out for.”

Stefani Goerlich, sex, relationships & mental health therapist, Bound Together Counselling

Stefani co-hosts a podcast called Securing Sexuality, where she and her husband demystify security concerns for the non-technical and targeted communities. Stefani reaches out to security persons to ensure the advice she gives clients, i.e. applications of interest or sites, is secure. She is a voice in the confusing world of therapy and ensures legitimate help is given to persons who need it, and companies that aim to mistreat or trick people are not allowed to continue. Stefani speaks at both therapy and security conferences.

“Stefani continues to not only achieve but expand her knowledge. She is taking security training, investing time to learn more to help others. She also had a medical emergency a few years ago, which she barely survived, and yet didn’t let that slow her down.”

Tamzin Greenfield, cyber security apprentice, University of Gloucestershire + Cyber Security Associates

Tamzin has been honoured to speak at multiple events regarding diversity and entry pathways, hosted by groups such as Women in Cyber Security, CyNam, the UK Cyber Security Council, and the NCSC. She has also mentored students and sees the distinctly bold cohort that lead the future of STEM.

“Tamzin is a hugely inspirational young woman who is exceptionally dedicated to the cyber community.”

Nicola Hartland, senior VP, Falanx Cyber

Nicola leads the Innovation and Growth team within Falanx Cyber, part of Falanx Group who are listed on London’s AIM stock exchange. Falanx Cyber puts enterprise-class cyber security services within reach of every organisation. She identifies areas of cyber risk threatening the integrity of businesses and helps  provide complete end-to-end managed cyber security services to alleviate those risks.

Nicola has a unique capability to align solutions to cyber challenges.”

Charlotte Hooper, helpline manager, the Cyber Helpline

Charlotte has been instrumental in the Cyber Helpline from non-profit to registered charity and leads to build a team of responders to help the people of the UK. These responders come from all walks of life and want to help people; Charlotte makes sure The Cyber Helpline gets the right people and then trains and nurtures them so that they can make a real difference in people’s lives.

“Charlotte’s  drive and energy to always find a way and to get round blockers to make a difference is inspirational.”

Samantha Humphries, head of EMEA marketing & security strategy, Exabeam

Samantha Humphries is the Head of Security Strategy EMEA at Exabeam, a global cybersecurity leader that adds intelligence to every IT and security stack. She is responsible for ensuring Exabeam’s global markets receive relevant solutions messaging, collateral, and information.Samantha has over 21 years of experience in cyber security, and during this time has held a plethora of roles. She has defined strategy for multiple security products and technologies, helped hundreds of organisations of all shapes, sizes, and geographies recover and learn from cyberattacks, and trained many people on security concepts and solutions. In her current role she has responsibility for EMEA, Data Lake, compliance, and all things related to cloud.

Samantha’s dedication to diversity and inclusion has made her a leading figure in the cybersecurity industry. Since her early days moving from receptionist to Global Threat Response Manager at McAfee, Samantha has become one of the industry’s most impassioned advocates.” 

Nadia Kadhim, CEO & co-founder, Naq Cyber

Nadia has driven Naq to be a five million euro business serving customers all over the world. Nadia also has a passion for helping disadvantaged communities, demonstrated by her company Naq being 50% female and BAME.

Even through adversity and, frankly, when the chips were stacked against her, Nadia has demonstrated that through perseverance, she can overcome numerous obstacles to create a dynamic, fast-growing, multi-million euro business, meaning that she is a role model to young women everywhere.”

Hadis Karimipour, associate professor-chair in secure and reliable networked engineering systems, University of Calgary

Dr. Hadis Karimipour is the Canada Research Chair (Tier II) in Secure and Resilient Cyber-Physical Systems, a position awarded to exceptional emerging researchers, acknowledged as leaders by their peers. Named one of the Top 20 Women in Cyber Security in 2021 by IT World Canada, Dr. Karimipour is breaking new ground in using Artificial Intelligence (AI) for the security analysis of Critical Infrastructure (CI)—the essential systems that sustain our lives and our economy, including power grids and transportation systems. In April 2022, she received the Association of Professional Engineers and Geoscientists of Alberta Early Accomplishment Award.

Hadis always provided a healthy, unbiased, and comfortable environment with equal opportunities for all trainees in my team. She ensured that the lab setup and equipment met the needs of diverse people with different genders, races, ages, and mental or physical disabilities. She has extended her training to include skills such as social responsibility, leadership, critical thinking, and humanity alongside science and technology.”  

Seònaid Lafferty, cyber ecosystem project manager, University of Manchester

Seònaid’s foresight is converting the process of supporting SMEs through transformations that will help them grow securely on-line into a sustainable community of interest for the future. Seònaid has progressed now to managing the equally innovative North West Partnership for Security and Trust, and the University’s part in the Manchester city centre Digital Security Hub (The DiSH) which will be a home for local meetups of the communities in the regional cyber ecosystem and the start-ups and scale-ups so important to steering us all safely through the cyber threat landscape.

“Sustainability, morals and ethics, and a positive attitude just flow from Seònaid even when those about her might trample over them for glory and an easy life. Follow Seònaid and you will be sure of treading a worthwhile path through the many complementary disciplines of cybersecurity.”

The post Most Inspiring Women in Cyber Awards 2022 appeared first on IT Security Guru.

Winners of the Security Serious Unsung Heroes Awards 2022 Revealed

The seventh annual Security Serious Unsung Heroes Awards  winners were announced last night during a celebration at Balfour St Bart’s in London. The annual awards celebrate the people, not products, of the cyber security industry. From the best ethical hackers, rising stars and educators to the best security awareness campaign, security team and the coveted Godparent of security, the categories recognised individuals and teams working hard to protect Britain from cybercrime and raise awareness of security issues. This year also saw two new categories added to recognise those leading the way in diversity and wellbeing in cybersecurity.

 

The event was organised by Eskenzi PR and sponsored by Beazley, KnowBe4, KPMG, Qualys and the Zensory and offered attendees a chance to catch up with familiar faces and meet new ones while enjoying a short awards ceremony compered by Clive Room, director of Pulse Conferences who brought his unique flair to the evening. The winners were branded with titles such as Security Avengers, Data Guardian and Security Leader/Mentor as well as awarded substantial trophies they can display proudly at home or at work.

 

“The Security Serious Unsung Heroes Awards offer such an authentic peer review…what a privilege to be counted! And what an inspiration to gather with such humanity,” Professor Danny Dresner from the University of Manchester said of his win in the Best Educator category.

 

Winner of the Best Security Awareness Campaign prize, Helen Williams, Information Security Awareness and Culture Manager at Bupa said: “Bupa’s Information Security Awareness Team are honoured to receive the award for best awareness campaign! It’s wonderful that our hard work has been recognised by the panel of expert judges who were inspired by what we mean by approaching awareness differently.

 

“It was a great night and lovely to meet so many other security heroes who do extraordinary things every day to protect our information and keep us safe.”

 

Winner of the new category of Diversity Champion, Holly Foxcroft, Head of Neurodiversity in Cyber Research and Consulting at Stott and May Consulting said: “Driving for change to be neuroinclusive and supporting the neurominority community really is my passion. Winning the award for me is shining a light that mine and other neuroinclusive supporters’ work, is really being recognised in the field of diversity and cyber. It was an honour to be in the company of so many inspirational cyber professionals – the room was buzzing! We are such a passionate industry; the event really focusses on the individual efforts of our community – the unsung heroes!”

 

Ed Tucker, senior director of cybersecurity at The Workshop, took home the coveted prize of Godparent of Security. A humble winner, he said he owes his success to the people surrounding him: “I’ve been a long-time admirer of the Unsung Heroes Awards and the thoroughly deserved peer recognition it champions! To even be considered for such an accolade is frankly humbling, but to receive the award is amazing. Any personal accolade is more a reflection on the fabulous people I’ve worked with along the way, who have enabled me to achieve any success. To them especially I owe a huge debt of thanks.”

 

The Security Serious Unsung Heroes Awards, started by Eskenzi PR, Smile on Fridays and the IT Security Guru, are supported by sponsors KnowBe4, Beazley, KPMG, Qualys and the Zensory who all made it possible to hold this totally free event. The judges included Oliver Pickup, award-winning writer; Shan Lee, CISO of DocPlanner; the People Hacker, Jenny Radcliffe and Yvonne Eskenzi, director at Eskenzi PR.

 

The full list of winners includes:

 

Security Leader / Mentor:

Winner: Alan Jenkins, Decipher Cyber Consulting Partners

Highly commended: Mo Amin, The Workshop

 

CISO Supremo:

Winner: Christian Toon, Pinsent Masons

 

Godparent of Security:

Winner: Ed Tucker, The Workshop

 

Security Avengers:

Winner: FullFact.org

 

Best Ethical Hacker/Pentester:

Winner:   Glenn Pegden, Sky Betting & Gaming

 

Best Security Awareness Campaign:

Winner: Bupa

 

Best Educator:

Winner: Professor Danny Dresner, University of Manchester

 

Apprentice / Rising Star:

Winner: Ewa Kapica, The Connection at St Martin’s

Highly commended: Lemuel Valdez, KPMG

 

Diversity Champion:

Winner: Holly Foxcroft, Stott and May Consulting

 

Cybersecurity Wellbeing Advocate:

Winner: Christine Gordon Bennett, Nedbank

Highly commended: Eoin Hinchy, Tines

 

Cyber Writer:

Winner: James Coker, Infosecurity Magazine

 

Data Guardian:

Bev Allen, Quilter

 

 

“Cybersecurity is often one of those thankless tasks that goes largely unnoticed when it’s going well and then it’s all anyone can talk about when it goes wrong,” said lead organiser of Security Serious Week and co-founder of Eskenzi PR, Yvonne Eskenzi. “By hosting this event, we are bringing recognition to those doing a wonderful job with openness and transparency, working hard behind the scenes to protect organisations from the threat of cybercrime. Thanks to our incredible sponsors, we can put on this free event to acknowledge all the amazingly talented people who make this industry so fantastic!”

 

 

For more information, images from the evening, to speak to any of the winners or to register your interest for next year, please contact: beth@eskenzipr.com

 

 

The post Winners of the Security Serious Unsung Heroes Awards 2022 Revealed appeared first on IT Security Guru.

Microsoft Patch Tuesday, October 2022 Edition

Microsoft today released updates to fix at least 85 security holes in its Windows operating systems and related software, including a new zero-day vulnerability in all supported versions of Windows that is being actively exploited. However, noticeably absent from this month’s Patch Tuesday are any updates to address a pair of zero-day flaws being exploited this past month in Microsoft Exchange Server.

The new zero-day flaw– CVE-2022-41033 — is an “elevation of privilege” bug in the Windows COM+ event service, which provides system notifications when users logon or logoff. Microsoft says the flaw is being actively exploited, and that it was reported by an anonymous individual.

“Despite its relatively low score in comparison to other vulnerabilities patched today, this one should be at the top of everyone’s list to quickly patch,” said Kevin Breen, director of cyber threat research at Immersive Labs. “This specific vulnerability is a local privilege escalation, which means that an attacker would already need to have code execution on a host to use this exploit. Privilege escalation vulnerabilities are a common occurrence in almost every security compromise. Attackers will seek to gain SYSTEM or domain-level access in order to disable security tools, grab credentials with tools like Mimkatz and move laterally across the network.

Indeed, Satnam Narang, senior staff research engineer at Tenable, notes that almost half of the security flaws Microsoft patched this week are elevation of privilege bugs.

Some privilege escalation bugs can be particularly scary. One example is CVE-2022-37968, which affects organizations running Kubernetes clusters on Azure and earned a CVSS score of 10.0 — the most severe score possible.

Microsoft says that to exploit this vulnerability an attacker would need to know the randomly generated DNS endpoint for an Azure Arc-enabled Kubernetes cluster. But that may not be such a tall order, says Breen, who notes that a number of free and commercial DNS discovery services now make it easy to find this information on potential targets.

Late last month, Microsoft acknowledged that attackers were exploiting two previously unknown vulnerabilities in Exchange Server. Paired together, the two flaws are known as “ProxyNotShell” and they can be chained to allow remote code execution on Exchange Server systems.

Microsoft said it was expediting work on official patches for the Exchange bugs, and it urged affected customers to enable certain settings to mitigate the threat from the attacks. However, those mitigation steps were soon shown to be ineffective, and Microsoft has been adjusting them on a daily basis nearly each since then.

The lack of Exchange patches leaves a lot of Microsoft customers exposed. Security firm Rapid7 said that as of early September 2022 the company observed more than 190,000 potentially vulnerable instances of Exchange Server exposed to the Internet.

“While Microsoft confirmed the zero-days and issued guidance faster than they have in the past, there are still no patches nearly two weeks out from initial disclosure,” said Caitlin Condon, senior manager of vulnerability research at Rapid7. “Despite high hopes that today’s Patch Tuesday release would contain fixes for the vulnerabilities, Exchange Server is conspicuously missing from the initial list of October 2022 security updates. Microsoft’s recommended rule for blocking known attack patterns has been bypassed multiple times, emphasizing the necessity of a true fix.”

Adobe also released security updates to fix 29 vulnerabilities across a variety of products, including Acrobat and Reader, ColdFusion, Commerce and Magento. Adobe said it is not aware of active attacks against any of these flaws.

For a closer look at the patches released by Microsoft today and indexed by severity and other metrics, check out the always-useful Patch Tuesday roundup from the SANS Internet Storm Center. And it’s not a bad idea to hold off updating for a few days until Microsoft works out any kinks in the updates: AskWoody.com usually has the lowdown on any patches that may be causing problems for Windows users.

As always, please consider backing up your system or at least your important documents and data before applying system updates. And if you run into any problems with these updates, please drop a note about it here in the comments.

Best 15-inch Laptops For 2022

Best 15-inch Laptops For 2022 If you are looking for a portable and handy Laptop then you are in the right place. In this laptop buying guide, we will show you some of the best 15-inch laptops in 2022.

Best 15-inch Laptops For 2022

Let’s start our list with Lenovo:

1. Lenovo ThinkPad X1 Extreme Gen 5

Lenovo ThinkPad X1 Extreme Gen 5 Technical Specs:

  • Processor: 12th Generation Intel® Core™ i7-12700H Processor (E-cores up to 3.50 GHz P-cores up to 4.70 GHz)
  • Memory : 8 GB DDR5-4800MHz (SODIMM)
  • Storage : 256 GB SSD M.2 2280 PCIe TLC Opal
  • Display : 16″ WUXGA (1920 x 1200), IPS, Anti-Glare, Non-Touch, 100%sRGB, 300 nits, 60Hz
  • Camera : IR & 1080p FHD hybrid
  • Fingerprint Reader: Fingerprint Reader
  • Keyboard: Backlit, Black with Fingerprint Reader – English
  • WLAN : Intel® Wi-Fi 6E AX211 2×2 AX vPro® & Bluetooth® 5.1 or above
  • AC Adapter: 170W
  • Warranty: 1 Year Courier or Carry-in
  • Operating System: Windows 11 Home Lenovo recommends Windows 11 Pro for business.

Lenovo ThinkPad X1 Extreme Gen 5 Price The price of the Lenovo ThinkPad X1 Extreme Gen 5 starts from $1,605.45. You can buy it from here.

2. Microsoft Surface Laptop 4

Microsoft is trying its best to jump into the laptop segment with the Microsft Surface laptop. Microsoft Surface Laptop 4 can be considered one of the promising 15-inch laptops. Microsoft Surface Laptop 4 Full technical specifications:

  • Processor: Quad Core 11th Intel® Core™ i7-1185G7 processor, AMD Ryzen™ 7 4980U Mobile Processor with Radeon™ Graphics Microsoft Surface® Edition (8 cores)
  • Memory : 8GB, 16GB or 32GB LPDDR4x RAM
  • Storage :Removable solid-state drive (SSD)5 options:3 256GB, 512GB, or 1TB
  • Display : Screen: 15” PixelSense™ Display Resolution: 2496 x 1664 (201 PPI) Aspect ratio: 3:2 Surface Pen* enabled Touch: 10-point multi-touch
  • Camera : 720p HD f2.0 camera (front-facing)
  • Fingerprint Reader: N/A
  • Keyboard: Backlit – English
  • WLAN :Surface Laptop 4 13.5” & 15”: Wi-Fi 6: 802.11ax compatible,Bluetooth® Wireless 5.0 technology
  • Warranty:1-year limited hardware warranty
  • Operating System: Windows 10 Home, Microsoft 365 Family 30-day trial

Microsoft Surface Laptop 4 Price Microsoft Surface Laptop 4 price starts from $799.99. You can easily buy it from the Microsoft store.

3. Dell XPS 15 9520

Dell never disappoints us with its series of laptops. In this list of 15-inch laptops, we have Dell XPS 15 9520. Dell XPS 15 9520 Full Technical Specifications:

  • Processor: 12th Generation Intel® Core™ i9-12900HK (24MB Cache, up to 5.0 GHz, 14 cores)
  • Memory : 16 GB, 2 x 8 GB, DDR5, 4800 MHz, dual-channel
  • Storage : 512 GB, M.2, PCIe NVMe, SSD
  • Graphics: NVIDIA® GeForce RTX™ 3050 Ti 4GB GDDR6 [40W]
  • Display : 15.6″, FHD+ 1920×1200, 60Hz, Non-Touch, Anti-Glare, 500 nit, InfinityEdge
  • Camera : 720p at 30 fps, HD camera
  • Fingerprint Reader: Fingerprint Reader
  • Keyboard: Backlit Black English Keyboard w/ Fingerprint Reader
  • WLAN : Intel® Killer™ Wi-Fi 6 1675 (AX211) 2×2 + Bluetooth 5.2 Wireless Card
  • Ports: 1 USB 3.2 Gen 2 Type-C™ (with DisplayPort and PowerDelivery) 2 Thunderbolt™ 4 (USB Type-C™) with DisplayPort and PowerDelivery 1 3.5mm headphone/microphone combo jack
  • Warranty: 1 Year Courier or Carry-in
  • Operating System: (Dell Technologies recommends Windows 11 Pro for business) Windows 11 Pro, English

4. Razer Blade 15

Razer Balde 15 is a glamorous and sharp-looking laptop.

Razer Balde 15 Full Technical Specifications:

  • Processor: 10th Gen Intel Core i7-10750H processor, 6 Core CPU (2.6GHz/5.0GHz)
  • Memory : 16GB Dual-Channel (8GB x 2) DDR4-2933MHz
  • Storage : 256GB PCIe SSD
  • Graphics: NVIDIA GeForce GTX 1660Ti (6GB GDDR6 VRAM)
  • Display : 15.6-inch Full-HD (1920 x 1080 pixels) display; 120Hz refresh rate; factory-calibrated display with 100% sRGB color coverage, 4.9 mm bezel
  • Camera : N/A
  • Glass touchpad (Microsoft Precision Touchpad)
  • Keyboard: Single-zone RGB powered by Razer Chroma
  • WLAN : Intel Wireless-AX201 (802.11a/b/g/n/ac/ax), Bluetooth® 5.1, Gigabit Ethernet
  • Cooling: Advanced Heat pipe
  • Operating System: Windows 10 Home – Free Upgrade to Windows 11*

Best 144Hz Gaming Laptops In 2022

Best 144Hz Laptops in 2022

If you are looking for gaming laptops then this is the list of the best portable laptops with 144Hz displays. A laptop with higher refresh rates is considered the best device for gaming.

In this article, you will see the list of the best 144Hz laptops in 2022. This is the list of best gaming laptops with 144hz display rates.

Best 144Hz Gaming Laptops In 2022

We are starting our list with:

1. Lenovo Legion Laptop

Except for the 720p camera, Lenovo Legion Laptop is the perfect gaming laptop. Powered by NVIDIA GeForce GTX 1650 GPU and AMD Ryzen 5th generation processor, Lenovo is one of the best gaming laptops with 144hz display rates.

Lenovo Legion Laptop Specs:

  • Display: 17.3″ 1920 x 1080 IPS Display
  • Dimensions L x W x H (inches): 22 x 4 x 14
  • Processor: AMD Ryzen 5 5600H 4.2GHz 6-Core Processor
  • Graphics: GeForce GTX 1650
  • Memory: 32GB DDR4 SDRAM
  • Hard Drive: 1TB Solid State Drive
  • Operating system: Windows 11 Home 64-bit
  • Built-in HD Webcam: 720P Camera
  • Battery: 5.72 h
  • Weight: 6.5 lbs
  • Audio: Nahimic 3D audio
  • Ports:3 x USB 3.2 Gen 1
    1 x USB 3.2 Gen 1
    1 x USB-C 3.2 Gen 2
    1 x HDMI 2.1
    1 x Ethernet (RJ-45)
    1 x Headphone / Mic Combo Jack
    1 x Power connector

Lenovo Legion Laptop Price

Lenovo Legion Laptop will cost you on Amazon.

Asus ROG Strix G17 G712LW-ES74

Asus ROG Strix G17 G712LW-ES74 is powered by an Intel Core i7-10750H, and an 8GB Nvidia GeForce RTX 2070. It has a 17.3-inch 1080p display and is loaded with16GB RAM and a 512GB SSD.

Asus ROG Strix G17 G712LW-ES74 Laptop Specs:

  • Display: ‎17.3 Inches
  • Dimensions ‎15.7 x 11.6 x 1 inches
  • Processor: ‎5 GHz corei7_10750h
  • Graphics: ‎NVIDIA GeForce RTX 2070
  • Memory: ‎16 GB DDR4 ‎3200 MHz
  • Hard Drive: ‎512 GB SSD
  • Operating system: Microsoft® Windows 10 Home (64bit
  • Ports:
    3x USB 3.2 Type A (Gen 1)
    1x USB 3.2 Type C (Gen 2) w/ Display Port
    1x HDMI 2.0b
    1x 3.5mm combo audio jack
    1x RJ45 LAN Jack for LAN insert

Razer Blade 15

Razer Blade 15 features NVIDIA GeForce RTX 3080 Ti GPU and 12th Generation Intel Core i9 CPU and it comes up with the 4K UHD display with a 144Hz refresh rate.

Razer Blade 15 Specs:

  • Processor: 11th Gen Intel® Core™ i7-11800H 8 Core (2.3GHz / 4.6GHz)
  • GPU: NVIDIA® GeForce RTX 3070 (8GB GDDR6 VRAM)
  • Display: 15.6″ QHD 165Hz, 100% sRGB, 4.9 mm bezel, factory calibrated
  • Memory: 16GB dual-channel DDR4-3200MHz (8GB x 2)
  • Harddisk: 512GB SSD (M.2 NVMe PCIe 4.0 x4) + Open M.2 PCIe 4.0 x4 Slot
  • Operating System: Windows 10 Home – Free Upgrade to Windows 11*

Acer Predator Helios 300

You will find this device powered by an Intel Core i7-11800H CPU (Tiger Lake) processor. It comes up with NVIDIA GeForce RTX 3060 (105W), 6GB GDDR6 VRAM to fulfill your demand for gaming.

  • Processor: Intel Core i7-11800H CPU (Tiger Lake), 8C/16T, 4.6GHz Max Turbo Frequency, 24MB L3 Cache, 10nm process, 45W TDP
  • Graphics: NVIDIA GeForce RTX 3060 (105W), 6GB GDDR6 VRAM
  • RAM: 8GB DDR4-3200MHz (1x 8GB), Up to 32GB (2x SO-DIMM slots total)
  • Storage: 1TB M.2 PCIe 4.0 NVMe SSD (2x M.2 slots total), 1x 2.5″ SATA slot
  • Display: 15.6″ anti-glare IPS panel, 165Hz refresh rate, 100% DCI-P3, 300 nits brightness, 3ms overdrive
  • Resolution: QHD (2560×1440) resolution, 16:9 aspect ratio
  • Webcam: 720p HD camera
  • Connectivity: WiFi 802.11 6 (AX200), Bluetooth 5.1
  • I/O Ports: 1x USB 3.2 Gen 2 Type-A, 1x USB 3.2 Gen 2 Type-C (Thunderbolt 4, DisplayPort, Power Delivery), 2x USB 3.2 Gen 1 Type-A, 1x HDMI 2.1, 1x Mini DisplayPort 1.4, 1x 3.5mm headphone jack, 1x RJ45 (LAN)