Security News > 2022 > January

"We're awash in supply chain attacks, whether they're caused by active and purposeful hacking into software providers to poison code on purpose, or by an inattentive and casual attitude to sucking software components into our own products and services without even being aware," Ducklin said. "For years, we've batted around the idea that computer software and cloud services ought to have a credible Bill of Materials that would make it easy to figure out which newsworthy bugs might apply to each and every product we use," he continued.

Telegram is increasingly abused by cybercriminals to set up underground channels to sell stolen financial details to pseudonymous users. Finally, because Telegram channels are more volatile and short-lived than dark web markets, they could be safer to use for criminals as they are harder to track and correlate online personas with real identities.

Crypto.com, a Singapore-based cryptocurrency exchange, has denied reports that the firm lost nearly $15m in Ethereum in a possible network intrusion over the weekend. According to blockchain biz PeckShield, Crypto.com lost about $14.3m or 4,600 ETH, based on its analysis of public blockchain addresses.

A Microsoft developer document has leaked the company's plans for third-party widgets coming soon to the Windows 11 Widgets feature. With Windows 11, Microsoft converted the feature into a new app called 'Widgets,' which also pops up from the Windows taskbar.

It's not my intention to be alarmist about the Log4j vulnerability, known as Log4Shell, but this one is pretty bad. First of all, Log4j is a ubiquitous logging library that is very widely used by millions of computers. Second, the director of the U.S. Cybersecurity & Infrastructure Security Agency says this is the most serious vulnerability.

Italian luxury fashion giant Moncler confirmed that they suffered a data breach after files were stolen by the AlphV/BlackCat ransomware operation in December and published today on the dark web. Today, in a statement shared with Bleeping Computer, Moncler confirmed that some data related to its employees, former employees, suppliers, consultants, business partners, and customers was leaked today by the AlphaV ransomware operation.

Organizations running sophisticated virtual networks with VMware's vSphere service are actively being targeted by cryptojackers, who have figured out how to inject the XMRig commercial cryptominer into the environment, undetected.Uptycs' Siddharth Sharma has released research showing threat actors are using malicious shell scripts to make modifications and run the cryptominer on vSphere virtual networks.

Researchers at browser identification company FingerprintJS recently found and disclosed a fascinating data leakage bug in Apple's web browser software. At first telling, the bug sounds both undramatic and unimportant: although it allows private data to leak between separate browser tabs that contain content from unrelated websites, the amount of data that leaks is minuscule.

As more companies focus on digital adoption goals in 2022, finding security tools to detect malicious activity is top-of-mind for executives. As cybercrime is set to cost the world 10.5 trillion dollars annually by 2025, IT executives and their teams will need to make policy changes, step up security training and use cybersecurity tools such as these to manage digital security in 2022 - and beyond.

VirusTotal, the popular online service for analyzing suspicious files, URLs and IP addresses, can be used to collect credentials stolen by malware, researchers at SafeBreach have found. With a €600 VirusTotal license, they have managed to collect more than 1,000,000 credentials just by executing simple searches with a few tools.