Security News > 2022 > February

Malware distributors have turned to an older trick known as Squiblydoo to spread Qbot and Lokibot via Microsoft Office document using regsvr32. A report from the threat research team at security analytics platform Uptycs shows that the use of regsvr32.

The US Federal Trade Commission said that Americans reported record high losses of $547 million to romance scams in 2021, up almost 80% compared to 2020 and over six times compared to losses reported in 2017. Financial losses stemming from romance scams have skyrocketed during recent years, with a total of $1.3 billion lost over the past five years.

The FritzFrog botnet that's been active for more than two years has resurfaced with an alarming infection rate, growing ten times in just a month of hitting healthcare, education, and government systems with an exposed SSH server. Researchers at internet security company Akamai spotted a new version of the FritzFrog malware, which comes with interesting new functions, like using the Tor proxy chain.

Apple Mac users running the Zoom meetings app are reporting that it's keeping their computer's microphone on when they aren't using it. Users began complaining about the issue after Monterrey was released late last year, and on December 27, Zoom Inc put out an update that was meant to address the bug, stating that version 5.9.1 "Resolved an issue regarding the microphone light indicator being triggered when not in a meeting."

Tens of thousands of WordPress sites are at risk from critical vulnerabilities in a widely used plug-in that facilitates the use of PHP code on a site. The plug-in does precisely what its name suggests, allowing WordPress site developers to put PHP code in various components of a site, including pages, posts and sidebars.

Most security schemes facilitate the coercive processes of an attacker because they disclose metadata about the secret data, such as the name and size of encrypted files. Precursor is a device we designed to keep secrets, such as passwords, wallets, authentication tokens, contacts and text messages.

Spanish National Police has arrested eight suspects allegedly part of a crime ring who drained bank accounts in a series of SIM swapping attacks. The first case of fraud attributed to this particular SIM swapping gang is from March 2021, when the police received two complaints about fraudulent transfers not performed by the account holders.

Quantum computing is poised to transform the industry over the next decade. As this technology advances over the next decade, quantum computing is expected to expose vulnerabilities in public-key cryptography encryption algorithms within seconds.

One of the biggest changes to the cybersecurity landscape is that developers are now often expected to implement security directly into the applications they're building as part of the automated development lifecycle, rather than relying on security or ops teams configuring policies for them after they are built. With low code applications, developers can save time otherwise spent on learning security standards and policies in detail and spend more of their time on the core business.

Based on the fingerprint data it automatically collected, Sniper filters through a list of exploits to find the right match. If the target is exploitable, Sniper automatically extracts all the artefacts, capturing them in the output report.