Security News > 2022 > February

A Windows living-off-the-land binary known as Regsvr32 is seeing a big uptick in abuse of late, researchers are warning, mainly spreading trojans like Lokibot and Qbot. In this case, Regsvr32 is aMicrosoft-signed command line utility in Windows that allows users to register and unregister libraries.

PHP Everywhere is a plugin that allows WordPress admins to insert PHP code in pages, posts, the sidebar, or any Gutenberg block, and use it to display dynamic content based on evaluated PHP expressions. CVE-2022-24663 - Remote code execution flaw exploitable by any subscriber by allowing them to send a request with the 'shortcode' parameter set to PHP Everywhere, and execute arbitrary PHP code on the site.

Get to work on knowing what data you have and where it is ASAP. Important reminder: In addition to full visibility of everything in your environment, it is also vital to have clear hard-copy documentation on the details of your environment, like procedures and configurations-including IP addresses, passwords etc. Just as important, limit admin access and privileges, especially to backups.

Microsoft has drastically reduced Microsoft Teams' power requirements in calls and meetings since June 2020, improving experience consistency and making it more friendly with low-end devices. Robert Aichner, a Principal Group Program Manager at Microsoft, said today that Microsoft Teams now uses up to 50% less power during energy-intensive scenarios like meetings between more than 10 participants where all of them have video toggled on.

Split between thousands of bitcoin addresses in cold wallets, some stored in the cloud. Ultimately, claims the investigation, many of the accounts created and used for shuffling the stolen funds around were traced back to a New York couple who have now been arrested on fraud and money laundering charges: Heather Morgan, 31, and her husband Ilya Lichtenstein, 34.

The U.S. Justice Department on Tuesday announced the arrest of a married couple in connection with conspiring to launder cryptocurrency worth $4.5 billion that was siphoned during the hack of the virtual currency exchange Bitfinex in 2016. Ilya Lichtenstein, 34, and his wife, Heather Morgan, 31, both of New York, are alleged to have "Stolen funds through a labyrinth of cryptocurrency transactions," with the law enforcement getting hold of over $3.6 billion in cryptocurrency by following the money trails, resulting in the "Largest financial seizure ever."

The Russia-linked threat actor known as APT29 targeted European diplomatic missions and Ministries of Foreign Affairs as part of a series of spear-phishing campaigns mounted in October and November 2021. The spear-phishing attacks commenced with a COVID-19-themed phishing email impersonating the Iranian Ministry of Foreign Affairs and containing an HTML attachment that, when opened, prompts the recipients to open or save what appears to be an ISO disk image file.

Analysts have found the source of a mass breach of over 500 e-commerce stores running the Magento 1 platform and involves a single domain loading a credit card skimmer on all of them. Sansec's subsequent investigation unveiled that the attackers abused a known vulnerability in the Quickview plugin to inject rogue Magento admin users that could then run code with the highest privileges.

Tiffany Xingyu Wang, chief strategy and marketing officer at Spectrum Labs, predicts that the harassment and personal attacks that 41% of the U.S. internet users have experienced online will get worse in virtual worlds. Companies that build safe and responsible communities will have a competitive edge in the metaverse.

The US Cybersecurity and Infrastructure Security Agency has warned admins to patch a set of severe security flaws dubbed ICMAD and impacting SAP business apps using Internet Communication Manager. Yesterday, Onapsis Research Labs who found and reported CVE-2022-22536, one of the three ICMAD bugs and the one rated as a maximum severity issue, also cautioned SAP customers to patch them immediately.