Security News > 2022 > January

Between cloud proliferation, new tech infrastructure and tools and an increasingly distributed workforce, organizations are struggling to implement proper risk management practices. They often ignore one of the most important components of a solid risk management strategy: efficient communication between the "Front and back of the house."

On December 9, 2021, a tweet linking to a 0-day proof of concept exploit for the Log4Shell vulnerability on GitHub set the internet on fire and sent companies scrambling to mitigate, patch and then patch again as additional PoCs appeared. Public vulnerability disclosure - i.e., the act of revealing to the world the existence of a bug in a piece of software, a library, extension, etc.

Sygnia announced that it has released its comprehensive report uncovering an organized financial-theft operation it has termed Elephant Beetle. For the past two years, the Incident Response team has been methodically tracking the Elephant Beetle threat group.

The mobile security software market is expected to witness significant growth in the coming years with the increased adoption of mobile devices. Technavio expects the global mobile security software market to grow by $2.75 billion between 2020 and 2025, expanding at a CAGR of 9.68% during the forecast period.

Researchers have disclosed a novel technique by which malware on iOS can achieve persistence on an infected device by faking its shutdown process, making it impossible to physically determine if an iPhone is off or otherwise. NoReboot works by interfering with the routines used in iOS to shutdown and restart the device, effectively preventing them from ever happening in the first place and allowing a trojan to achieve persistence without persistence as the device is never actually turned off.

The privacy-focused web browser Brave continues to grow rapidly as the company reached 50 million monthly active users for the first time in 2021. What makes Brave browser stand out is that they do not track your searches or share any personal or identifying data with third-party companies like Google or Microsoft.

There have been more than 1.1 million online accounts compromised in a series of credential-stuffing attacks against 17 different companies, according to a New York State investigation. Credential-stuffing attacks, such as last year's attack on Spotify, use automated scripts to try high volumes of usernames and password combinations against online accounts in an effort to take them over.

Honda and Acura cars have been hit with a Year 2022 bug, aka Y2K22, that resets the navigation system's clock to January 1st, 2002, with no way to change it. Starting on January 1st, the date on Acura and Honda navigation system would automatically change to January 1st, 2002, with the time resetting to 12:00, 2:00, 4:00, or other times based on the model or possibly the region the car is located.

56-year-old Allen Giltman and his co-conspirators created fraudulent sites advertising various investment opportunities to solicit money from investors via the internet. In conversations with victims who reached out for investment opportunities, the fraudsters impersonated FINRA broker-dealers claiming to be employed by the financial institutions they spoofed on the scam sites.

A California man confirmed his role in a large-scale and long-running Internet-based fraud scheme that allowed him and other fraudsters to siphon roughly $50 million from dozens of investors over eight years, between 2012 to October 2020. In conversations with victims who reached out for investment opportunities, the fraudsters impersonated FINRA broker-dealers claiming to be employed by the financial institutions they spoofed on the scam sites.