Security News > 2022 > January

VMWare has shipped updates to Workstation, Fusion, and ESXi products to address an "Important" security vulnerability that could be weaponized by a threat actor to take control of affected systems. The company credited Jaanus Kääp, a security researcher with Clarified Security, for reporting the flaw.

Activision, publisher of the enormously popular gaming franchise Call of Duty, has taken an extraordinary step to try and shut down cheat software by suing the popular site EngineOwning. EO cheats for Call of Duty include "Aimbots" which automatically train the shooter's weapon on the opponent; "Triggerbots" that automatically fire at another player when they become visible on-screen; and a feature the lawsuit calls "ESP and 2D/3D Radar," which allows gamers to see opposing players through walls.

Microsoft has acknowledged an issue triggered by a Windows 10, version 21H2 security update released during the December 2021 Patch Tuesday that leads to search issues in Outlook for Microsoft 365. "After you install update KB5008212, recent emails may not appear in search results," Microsoft explained in a recently published Office support document.

Ransomware merchants know that corrupting your backups means you will have little choice but to pay up. Protecting your backups then is crucial to ensuring you're able to recover from an attack.

According to a Department of Justice press release, 29-year-old Fillippo Bernardini allegedly impersonated agents, editors, and others involved in the publishing industry to steal manuscripts of unpublished books. "Filippo Bernardini allegedly impersonated publishing industry individuals in order to have authors, including a Pulitzer prize winner, send him prepublication manuscripts for his own benefit," said U.S. Attorney Damian Williams.

The FBI is seeing so much activity around malicious Google Voice activity, where victims are associated with fraudulent virtual phone numbers, that it sent out an alert this week. So they tell you they will send you a Google authentication code in the form of a voice call or a text message, and then ask you to repeat the number back to them to prove you're real.

Ravkoo, a US Internet-based pharmacy service, has disclosed a data breach after the company's AWS hosted cloud prescription portal was involved in a security incident that may have led to personal and health information being accessed. "Ravkoo utilizes AWS cloud services for online hosting of its prescription portal. On September 27, 2021, Ravkoo detected that this portal was the target of a cybersecurity attack," the pharmacy said in data breach notification letters sent to 105,000 affected customers on January 3.

A security vulnerability in VMware's Cloud Foundation, ESXi, Fusion and Workstation platforms could pave the way for hypervisor takeover in virtual environments - and a patch is still pending for some users. ESXi is a bare-metal hypervisor that installs on a server and partitions it into multiple virtual machines.

The Swiss army has banned foreign instant-messaging apps such as Signal, Telegram, and WhatsApp and requires army members to use the locally-developed Threema messaging app instead. As Threema is a paid subscription communications service, the Swiss army promised to cover the annual subscription cost for all soldiers, which is roughly $4.40 per user. The Swiss army has also posted recommendations on Facebook, characterizing Threema as a secure ad-free communication tool that features end-to-end encryption and leaves no digital trace.

Attackers are taking advantage of the comment feature in Google Docs to send people emails with malicious links, says Avanan. A new report released Thursday by email security provider Avanan looks at a new phishing campaign that abuses a popular feature in Google Docs to deploy malicious emails.