Security News > 2022 > April

Cisco has released a security advisory to warn about a critical vulnerability, tracked as CVE-2022-20695, impacting the Wireless LAN Controller software. According to Cisco's advisory, the products affected by this flaw are those that run Cisco WLC Software 8.10.151.0 or Release 8.10.162.0 and have "Macfilter radius compatibility" configured as "Other."

"Whether Karakurt is an elaborate side hustle by Conti and Diavol operatives or whether this is an enterprise sanctioned by the overall organization remains to be seen," researchers said. Tetra Defense initially discovered the link between Karakurt and Conti at a client who claimed to have been hit with another extortion attempt after already falling victim to Conti and paying the ransom demand.

The Cybersecurity and Infrastructure Security Agency has added nine more security flaws to its list of actively exploited bugs, including a VMware privilege escalation flaw and a Google Chrome zero-day that could be used for remote code execution. A Chrome zero-day was also included in CISA's Known Exploited Vulnerabilities catalog, a bug tracked as CVE-2022-1364 and allowing remote code execution due to a V8 type confusion weakness.

Hackers are increasingly targeting DeFi cryptocurrency platforms, with Q1 2022 data showing that more platforms are being targeted than ever before. The new report comes from Chainalysis, which is seeing a massive rise in successful cyberattacks against cryptocurrency platforms, with attacks primarily focusing on DeFi platforms.

Attackers unleash LockBit ransomware on US government computers. One attack highlighted in the report found that ransomware groups spend at least five months combing through a regional U.S. government agency's files and system before deploying a LockBit attack onto the affected computer.

A new social engineering scam is making the rounds, and this one is particularly insidious: It tricks users into sending money to what they think is their own account to reverse a fraudulent charge. The FBI's Internet Crime Complaint Center issued the warning, which it said involves cybercriminals who have definitely done their homework.

A new study shows that pressing the mute button on popular video conferencing apps may not actually work like you think it should, with apps still listening in on your microphone. Most respondents found it unacceptable for the apps to continue to access the microphone and possibly gather data when the mute mode is active.

After breaching servers managed by the cybercriminals, security researchers found a connection between Conti ransomware and the recently emerged Karakurt data extortion group, showing that the two gangs are part of the same operation. In a recent report, Infinitum IT details that they were able to gain access to Conti's infrastructure when the Conti leaks started, on February 27, after logging into multiple ProtonMail and Mega storage accounts used by one Conti member.

Security flaw in Rarible NFT platform allowed attackers to steal crypto assets. A new report from Check Point Research exposes a security flaw within the Rarible NFT marketplace.

Google is issuing fixes for two vulnerabilities in its Chrome web browser, including one flaw that is already being exploited in the wild. The emergency updates the company issued this week impact the almost 3 billion users of its Chrome browser as well as those using other Chromium-based browsers, such as Microsoft Edge, Brave and Vivaldi.