Security News > 2022 > February

The Cybersecurity and Infrastructure Security Agency has ordered federal agencies to patch their systems against an actively exploited Windows vulnerability that enables attackers to gain SYSTEM privileges. Per a binding operational directive issued in November and today's announcement, all Federal Civilian Executive Branch Agencies agencies are now required to patch all systems against this vulnerability, tracked as CVE-2022-21882 within two weeks, until February 18th. While BOD 22-01 only applies to FCEB agencies, CISA strongly urges all private and public sector organizations to reduce their exposure to ongoing cyberattacks by adopting this Directive and prioritizing mitigation of vulnerabilities included in its catalog of actively exploited security flaws.

The U.S. Department of Justice has announced the indictment of several India-based call centers and their directors for targeting Americans with Social Security, IRS, and loan phone call scams. The call centers allegedly placed scam robocalls that were rerouted through an already-indicted VoIP service provider to make it appear as if the calls were coming from U.S.-based entities.

A threat brief published by the US Department of Health and Human Services on Thursday paints a grim picture of how Ireland's health service, the HSE, was overwhelmed and had 80% of its systems encrypted during last year's Conti ransomware attack. "The HSE did not have a single responsible owner for cybersecurity, at senior executive or management level at the time of the incident. There was no dedicated committee that provided direction and oversight of cybersecurity and the activities required to reduce the HSE's cyber risk exposure," the HHS Cybersecurity Program said.

A group of lawmakers led by Sen. Richard Blumenthal and Sen. Lindsey Graham have re-introduced the EARN IT Act, an incredibly unpopular bill from 2020 that was dropped in the face of overwhelming opposition. Let's be clear: the new EARN IT Act would pave the way for a massive new surveillance system, run by private companies, that would roll back some of the most important privacy and security features in technology used by people around the globe.

A vulnerability in Argo CD, used by thousands of orgs for deploying applications to Kubernetes, can be leveraged in attacks to disclose sensitive information such as passwords and API keys. Threat actors can exploit the vulnerability by loading a malicious Kubernetes Helm Chart YAML file onto the target system, allowing the extraction of sensitive information from other applications.

A zero-day vulnerability in open-source Kubernetes development tool Argo lets malicious people steal passwords from git-crypt and other sensitive information by simply uploading a crafted Helm chart. The vuln, tracked as CVE-2022-24438, exists in Argo CD, a widely used open-source continuous delivery tool for Kubernetes.

Those following the tech world have probably heard about the recent hack of blockchain bridging service Wormhole that has amounted to the fourth-largest crypto theft, and second-largest De-Fi theft, ever. In this particular case, the attacker exploited Wormhole in such a way that they were able to trick it into minting 120,000 wrapped ethereum on the Solana blockchain, most of which the attacker then moved to the ethereum blockchain.

Aviation services company Swissport International has disclosed a ransomware attack that has impacted its IT infrastructure and services, causing flights to suffer delays. A tweet from the company today notes that the attack has been largely contained and systems are being restored to bring services back to normal.

The attack discovered sometime this January, reportedly allowed threat actors to access emails and documents of some News Corp employees, including journalists. In a Securities & Exchange Commission filing seen by BleepingComputer today, News Corp shared that one of its systems had been subject to "Persistent cyberattack activity."

Just in time for tax season, Intuit is warning customers of a phishing campaign that threatens to close user accounts if they don't click on a malicious link. The attacks on the accounting-software specialist that many people use for filing U.S. income tax forms comes as phishers overall are ramping up more creative and stealthy ways to trick users into installing malware or giving up personal data.