Security News > 2022 > April

Three days have passed since Microsoft's latest Patch Tuesday, and CVE-2022-26809 has emerged as the vulnerability with the most exploitation potential. CVE-2022-26809 is a remote code execution vulnerability in Microsoft Remote Procedure Call runtime and affects a wide variety of Windows and Windows Server versions.

A report released by CyberArk indicates that 79% of senior security professionals state that cybersecurity has taken a back seat in the last year in favor of accelerating other digital business initiatives. And from this backseat position new cybersecurity concerns are developing; namely, growing cybersecurity debts: the accumulation of vulnerabilities in software that make it harder to protect your data and systems as time goes on.

As many as five security vulnerabilities have been addressed in Aethon Tug hospital robots that could enable remote attackers to seize control of the devices and interfere with the timely distribution of medication and lab samples. Aethon TUG smart autonomous mobile robots are used in hospitals around the world to deliver medication, transport clinical supplies, and independently navigate around to perform different tasks such as cleaning floors and collecting meal trays.

The evolving role of the CTO is also leading to greater pressure. As more businesses undertake digital transformation strategies, CTOs are expected to turn to leadership within the business and suggest solutions that will make an immediate difference.

A global report released by CyberArk shows that 79% of senior security professionals state that cybersecurity has taken a back seat in the last year in favor of accelerating other digital business initiatives. The report identifies how the rise of human and machine identities - often running into the hundreds of thousands per organization - has driven a buildup of identity-related cybersecurity debt, exposing organizations to greater cybersecurity risk.

Readers will be introduced to their own virtual hacking lab and will learn about different flavors of Kali Linux installed onto different platforms. This book is suitable for those who are passionate about securing things in an offensive way and can be useful for aspiring red teamers.

A crimeware-related threat actor known as Haskers Gang has released an information-stealing malware called ZingoStealer for free on, allowing other criminal groups to leverage the tool for nefarious purposes. Besides harvesting sensitive information such as credentials, stealing cryptocurrency wallet information, and mining cryptocurrency on victims' systems, the malware leverages Telegram as both an exfiltration channel as well as a platform to distribute updates.

84% of organizations are extremely concerned about dark data. This is data that organizations are unaware of, but typically comprise over half of all data in existence and can be highly sensitive or critical.

In his blog post for Government Technology, he pointed out the significant rise of criminal copycats that deliver malware through software updates, the increase in mobile malware attacks, the packaging of malware with other threats that target specific organizations, and the weaponization of malicious software. Malware weaponization is particularly alarming in light of the geopolitical conflict the world is facing right now.

North Korea's Lazarus cybercrime gang is now breaking into chemical sector companies' networks to spy on them, according to Symantec's threat intel team. Fresh evidence has been found linking a recent espionage campaign against South Korean targets to file hashes, file names, and tools previously used by Lazarus, according to Symantec.