Security News > 2022 > April

Lazarus - also known as APT38, BlueNoroff, and Stardust Chollima - is casting a wide net with this campaign, with targets including cryptocurrency exchanges, decentralized finance protocols, pay-to-earn cryptocurrency video games, and crypto-coin trading companies. The TraderTraitor apps come with a range of names, such as DAFOM, which purports to be a cryptocurrency portfolio app; TokenAIS and CryptAIS, for building AI-based trading portfolios for cryptocurrencies; and Esilet, for live cryptocurrency prices.

Google's bug hunters say they spotted 58 zero-day vulnerabilities being exploited in the wild last year, which is the most-ever recorded since its Project Zero team started analyzing these in mid-2014. "With this record number of in-the-wild zero-days to analyze we saw that attacker methodology hasn't actually had to change much from previous years," wrote Google security researcher Maddie Stone in Project Zero's third annual review of exploited programming blunders.

Amazon Web Services has fixed four security issues in its hot patch from December that addressed the critical Log4Shell vulnerability affecting cloud or on-premise environments running Java applications with a vulnerable version of the Log4j logging library or containers. The hot patch packages from Amazon are not exclusive to AWS resources and allowed escaping a container in the environment and taking control of the host.

A Zerto study - conducted by ESG - shows that ransomware attacks remain a major concern for organizations. Nearly three-quarters of organizations experiencing ransomware attacks in the past 12 months were negatively impacted.

A security flaw in the Windows Print Spooler component that was patched by Microsoft in February is being actively exploited in the wild, the U.S. Cybersecurity and Infrastructure Security Agency has warned. To that end, the agency has added the shortcoming to its Known Exploited Vulnerabilities Catalog, requiring Federal Civilian Executive Branch agencies to address the issues by May 10, 2022.

Details have emerged about a now-patched security vulnerability in the Snort intrusion detection and prevention system that could trigger a denial-of-service condition and render it powerless against malicious traffic. Tracked as CVE-2022-20685, the vulnerability is rated 7.5 for severity and resides in the Modbus preprocessor of the Snort detection engine.

In this video for Help Net Security, Jeff Hoskins, vCISO at BARR Advisory, explains the concept of a vCISO, which stands for virtual chief information security officer, and describes the services that a vCISO might provide. A vCISO is an outside consultant that comes in when a company needs help.

In this video for Help Net Security, Michael Aminov, Chief Architect at Perception Point, talks about a recent Binance impersonation attack and, more broadly, the ongoing threat landscape impacting the cryptocurrency industry. Cryptocurrencies aren't new, but they have become more mainstream: their use has increased significantly thanks to DeFi, gaming, NFTs, etc.

Long gone are the days when organizations could rely entirely on defensive measures within their own environments for protection: effective threat intelligence and threat hunting programs can take the fight from behind the firewall directly to the adversaries themselves - with lawyers playing a crucial role on the front lines. The use of threat intelligence and threat hunting are quickly becoming cornerstones of effective cybersecurity programs, and this was a central theme discussed at the ACC Foundation's recent Cybersecurity Summit.

A human-centric, easy-to-use Enterprise Password Management platform bolsters security by reducing the chance of human error. Keeper protects your passwords and secrets with ultimate security, visibility and control from the data center to the front office, Keeper delivers the ultimate in enterprise security and cyberthreat prevention.