Security News > 2022 > February

An advanced persistent threat group with ties to Iran has refreshed its malware toolset to include a new backdoor dubbed Marlin as part of a long-running espionage campaign that started in April 2018. Slovak cybersecurity company ESET attributed the attacks - code named Out to Sea - to a threat actor called OilRig, while also conclusively connecting its activities to a second Iranian group tracked under the name Lyceum.

A team of UTSA researchers is exploring how a new automated approach could prevent software security vulnerabilities. The team sought to develop a deep learning model that could teach software how to extract security policies automatically.

The digital signature market estimates a market value of $7.1 billion from 2020 to 2025. The market will progress at a CAGR of 30% as per the latest market forecast report by Technavio.

Google's Chrome is the dominant browser on Earth, which means it works with pretty much everything. Want the compatibility of Chrome with maximum integration into Windows and Microsoft 365? The new Microsoft Edge is built on the Chromium engine so it's as compatible as Chrome itself, but with that Microsoft spin.

Microsoft for its February Patch Tuesday gave Windows admins just 51 fixes to apply, the smallest number of patches since the meager ration of 44 in August 2021. Perhaps more noteworthy is that there's not a single critical CVE listed in the February patch list.

An advanced persistent threat hacking group operating with motives that likely align with Palestine has embarked on a new campaign that leverages a previously undocumented implant called NimbleMamba. "NimbleMamba uses guardrails to ensure that all infected victims are within TA402's target region," the researchers said, adding the malware "Uses the Dropbox API for both command-and-control as well as exfiltration," suggesting its use in "Highly targeted intelligence collection campaigns."

5 password manager deals you don't want to miss. There are many great password managers on the market, but unless you happen to be lucky and are shopping at the right time, you might wind up paying a pretty penny for some of the best options.

Microsoft on Tuesday rolled out its monthly security updates with fixes for 51 vulnerabilities across its software line-up consisting of Windows, Office, Teams, Azure Data Explorer, Visual Studio Code, and other components such as Kernel and Win32k. Among the 51 defects closed, 50 are rated Important and one is rated Moderate in severity, making it one of the rare Patch Tuesday updates without any fixes for Critical-rated vulnerabilities.

Google has released the February 2022 Android security updates, addressing two critical vulnerabilities, one being a remote escalation of privilege that requires no user interaction. The vulnerability is tracked as CVE-2021-39675, carrying a "Critical" severity rating, and affects only Android 12, the latest version of the popular OS. These flaws are typically leveraged by sophisticated spyware vendors that independently discover and privately use zero-days in mobile operating systems.

Two New York-based "Tech entrepreneurs" were arrested on Tuesday for allegedly conspiring to launder $4.5bn in stolen cryptocurrency, the US Department of Justice said, adding it's so far recovered $3.6bn in purloined digicah - based on current prices. At the time the funds were stolen in August 2016, a single BTC traded for about $540, making 119,754 BTC worth about $65m. Today, one BTC sells for roughly $43,170, making the total haul worth about $5.2bn; it was valued at around $4.5bn at the time the feds filed their court documents.