Security News > 2022 > January

The Cyberspace Administration of China has shared its spring-cleaning plans with the world - and suggested it's time to make the Middle Kingdom's web sites sparkle with wholesome content. At the top of the list is violent content, which China has never wanted online.

LockBit is the latest ransomware gang whose Linux encryptor has been discovered to be focusing on the encryption of VMware ESXi virtual machines.Due to this, ransomware gangs have evolved their tactics to create Linux encryptors that specifically target the popular VMware vSphere and ESXi virtualization platforms over the past year.

Trojan titan TrickBot has added a striking anti-debugging feature that detects security analysis and crashes researcher browsers before its malicious code can be analyzed. The new anti-debugging feature was discovered by Security Intelligence analysts with IBM, who reported the emergence of a variety of TrickBot tactics aimed at making the job of security researcher more difficult, including server-side injection delivery and secure communications with the command-and-control server to keep code protected.

Tracked as CVE-2022-22587, the vulnerability relates to a memory corruption issue in the IOMobileFrameBuffer component that could be abused by a malicious application to execute arbitrary code with kernel privileges. The iPhone maker said it's "Aware of a report that this issue may have been actively exploited," adding it addressed the issue with improved input validation.

Apple on Wednesday released 13 patches for serious security bugs in macOS and 10 for flaws in iOS/iPadOS. They include fixes for two zero-day bugs, one of which may have been exploited by attackers in the wild. The first zero-day is a memory-corruption issue that could be exploited by a malicious app to execute arbitrary code with kernel privileges.

Let's Encrypt, a non-profit organization that helps people obtain free SSL/TLS certificates for websites, plans to revoke a non-trivial number of its certs on Friday because they were improperly issued. In a post to the Let's Encrypt discussion community forum, site reliability engineer Jillian Tessa explained that on Tuesday, a third party reported "Two irregularities" in the code implementing the "TLS Using ALPN" validation method in Boulder, its Automatic Certificate Management Environment software.

Nearly 500 malicious apps lurking on the Google Play Store have successfully installed Dark Herring malware - a cash-stealer intended to add sneaky charges onto mobile carrier bills - on more than 100 million Android devices across the globe. Dark Herring malware was discovered by a research team with Zimperium, who estimate the amount the campaign has been able to steal totals in the hundreds of millions, in increments of $15 a month per victim.

A previously undocumented cyber-espionage malware aimed at Apple's macOS operating system leveraged a Safari web browser exploit as part of a watering hole attack targeting politically active, pro-democracy individuals in Hong Kong. "The exploit used to gain code execution in the browser is quite complex and had more than 1,000 lines of code once formatted nicely," ESET researchers said.

Google on Tuesday announced that it is abandoning its controversial plans for replacing third-party cookies in favor of a new Privacy Sandbox proposal called Topics, which categorizes users' browsing habits into approximately 350 topics. Subsequently, when a user visits a participating site, the Topics selects three of the interests - one topic from each of the past three weeks - to share with the site and its advertising partners.

A 12-year-old security vulnerability has been disclosed in a system utility called Polkit that grants attackers root privileges on Linux systems, even as a proof-of-concept exploit has emerged in the wild merely hours after technical details of the bug became public. Dubbed "PwnKit" by cybersecurity firm Qualys, the weakness impacts a component in polkit called pkexec, a program that's installed by default on every major Linux distribution such as Ubunti, Debian, Fedora, and CentOS. Polkit is a toolkit for controlling system-wide privileges in Unix-like operating systems, and provides a mechanism for non-privileged processes to communicate with privileged processes.