Security News > 2022 > January

The FBI, CISA, and the NSA have warned critical infrastructure network defenders to be ready to detect and block incoming attacks targeting organizations from US critical infrastructure sectors, orchestrated by Russian-backed hacking groups. "In some cases, Russian state-sponsored cyber operations against critical infrastructure organizations have specifically targeted operational technology/industrial control systems networks with destructive malware."

How might this renewed focus on security start to play out in 2022? Ping Identity CEO and founder Andre Durand offers his take with nine cybersecurity predictions for the new year. With greater investments in security needed to protect society, cybersecurity will become the fourth responsibility of ESG for corporations, according to Durand.

Some European cellphone carriers, and now T-Mobile, are blocking Apple’s Private Relay anonymous browsing feature. This could be an interesting battle to watch.

A new multi-platform backdoor malware named 'SysJoker' has emerged in the wild, targeting Windows, Linux, and macOS with the ability to evade detection on all three operating systems. The discovery of the new malware comes from researchers at Intezer who first saw signs of its activity in December 2021 after investigating an attack on a Linux-based web server.

A new multi-platform backdoor malware named 'SysJocker' has emerged in the wild, targeting Windows, Linux, and macOS with the ability to evade detection on all three operating systems. The discovery of the new malware comes from researchers at Intezer who first saw signs of its activity in December 2021 after investigating an attack on a Linux-based web server.

Dubbed SysJoker by Intezer, the backdoor is used for establishing initial access on a target machine. A possible attack vector for SysJoker is an infected npm package, according to Intezer's analysis - an increasingly popular vector for dropping malware on targets.

Rapid7 has offered up more details on a SonicWall critical flaw that allows for unauthenticated remote code execution on affected devices, noting that it arises from tweaks that the vendor made to the Apache httpd server. CVE-2021-20038 is the most critical of the flaws, with a rating of 9.8 on the Common Vulnerability Scoring System.

With the last month of 2021 dominated by the log4J vulnerabilities discovery, publication, and patches popping up in rapid succession, odds are you have patched your system against Log4J exploitation attempts. 3 - The odds of missing at least one instance of Log4J are high: All version of Log4J from the September 2013 V2.0-beta9 onwards carry those vulnerabilities.

Millions of popular end-user routers are at risk of remote code execution due to a high-severity flaw in the KCodes NetUSB kernel module. The module enables connection to USB devices over IP, enabling remote devices to interact with USB devices connected to a router as if they were directly plugged into your computer via USB. For example, the module enables users to access printers, speakers or webcams as though they were plugged directly into a computer via USB: access that's enabled by a computer driver that communicates with the router through the kernel module.

A high-severity remote code execution flaw tracked as CVE-2021-45388 has been discovered in the KCodes NetUSB kernel module, used by millions of router devices from various vendors. NetUSB is a kernel module connectivity solution developed by KCodes, allowing remote devices in a network to interact with the USB devices directly plugged into a router.