Security News > 2022 > February

A French dad faces jail time and a hefty fine after using a signal jammer to prevent his kids from going online and taking the rest of a nearby town down with them. After a mobile carrier reported the issue to the Agence nationale des fréquences, a public agency responsible for managing the radioelectric spectrum in France, it was determined that a signal jammer was being used to block radio frequencies in the town.

Code hosting platform GitHub today launched new machine learning-based code scanning analysis features that will automatically discover more common security vulnerabilities before they end up in production. "Together, these four vulnerability types account for many of the recent vulnerabilities in the JavaScript/TypeScript ecosystem, and improving code scanning's ability to detect such vulnerabilities early in the development process is key in helping developers write more secure code."

The notorious TrickBot malware is targeting customers of 60 financial and technology companies, including cryptocurrency firms, primarily located in the U.S., even as its operators have updated the botnet with new anti-analysis features. "TrickBot is a sophisticated and versatile malware with more than 20 modules that can be downloaded and executed on demand," Check Point researchers Aliaksandr Trafimchuk and Raman Ladutska said in a report published today.

Cybersecurity researchers have unpacked a new Golang-based botnet called Kraken that's under active development and features an array of backdoor capabilities to siphon sensitive information from compromised Windows hosts. The botnet - not to be confused with a 2008 botnet of the same name - is perpetuated using SmokeLoader, which chiefly acts as a loader for next-stage malware, allowing it to quickly scale in size and expand its network.

The politically motivated Moses Staff hacker group has been observed using a custom multi-component toolset with the goal of carrying out espionage against its targets as part of a new campaign that exclusively singles out Israeli organizations. First publicly documented in late 2021, Moses Staff is believed to be sponsored by the Iranian government, with attacks reported against entities in Israel, Italy, India, Germany, Chile, Turkey, the U.A.E., and the U.S. Earlier this month, the hacker collective was observed incorporating a previously undocumented remote access trojan called "StrifeWater" that masquerades as the Windows Calculator app to evade detection.

VMware on Tuesday patched several high-severity vulnerabilities impacting ESXi, Workstation, Fusion, Cloud Foundation, and NSX Data Center for vSphere that could be exploited to execute arbitrary code and cause a denial-of-service condition. CVE-2021-22042 - ESXi settingsd unauthorized access vulnerability.

Google on Wednesday announced plans to bring its Privacy Sandbox initiatives to Android in a bid to expand its privacy-focused, but also less disruptive, advertising technology beyond the desktop web. "The Privacy Sandbox on Android builds on our existing efforts on the web, providing a clear path forward to improve user privacy without putting access to free content and services at risk," Anthony Chavez, vice president of product management for Android security and privacy, said.

Interpol cybercrime director Craig Jones set forward this idea at Acronis's #CyberFit Summit in Singapore on Thursday, dispelling the stereotype of a lone threat actor in a hoodie hunched over a keyboard in favour of an integrated criminal ecosystem. "We are now looking at a business model. Because we've evolved, the criminals have evolved as well in our digital space," said Jones.

Microsoft announced the general availability of hotpatching for Windows Server Azure Edition core virtual machines allowing admins to install Windows security updates on supported VMs without requiring server restarts. The feature works with newly deployed Azure virtual machines running Windows Server 2022 Datacenter: Azure Edition Core Gen2 images and is available in all global Azure regions.

Metaverse companies face 60% more attacks last year, and 5 other online fraud statistics. By its reckoning, 21% of all online traffic was fraud or cyberattack related, one in four new account registrations were fake, 80% of all login attacks were credential stuffing attempts and the travel industry was hit particularly hard, with a 12.5 time increase in attacks as people return to traveling.