Security News > 2022 > April

5 password managers built for teams We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships. I have a shortlist of password managers that are perfectly at home being used by teams.

Virgil Griffith, a US cryptocurrency expert, was sentenced on Tuesday to 63 months in prison after pleading guilty to assisting the Democratic People's Republic of Korea with technical info on how to evade sanctions. Griffith, who worked as a special projects developer and research scientist for the Ethereum Foundation, was arrested in November 2019 by the FBI following a presentation in North Korea on how the country could use cryptocurrency and blockchain tech to launder money and evade sanctions.

The updates are in addition to 26 other flaws resolved by Microsoft in its Chromium-based Edge browser since the start of the month. The actively exploited flaw relates to an elevation of privilege vulnerability in the Windows Common Log File System.

BlackCat targeting corporate world with new malware. A pair of new incidents from ransomware group BlackCat have come to light, via use of customized malware and attacks on shared cloud hosting services.

Microsoft says Windows admins can now opt into automatic updates for. NET 6.0 to the Automatic Updates channel as a third option on top of Windows Server Update Services and Microsoft Update Catalog.

Microsoft has released patches for 128 security vulnerabilities for its April 2022 monthly scheduled update - ten of them rated critical. It's listed as a "Windows Common Log File System Driver Execution Vulnerability," and was reported to Microsoft by the National Security Agency.

Our only choice was to create and manage our own snapshot repository and snapshots. The initial snapshot for our largest domain took over 1.5 hours to complete and all subsequent daily snapshots took minutes!

On this April 2022 Patch Tuesday, Microsoft has released patches for 128 CVE-numbered vulnerabilities, including one zero-day exploited in the wild and another for which there's already a PoC and a Metasploit module. CVE-2022-24521 is a vulnerability in the Windows Common Log File System Driver that was reported to Microsoft by the National Security Agency and Adam Podlosky and Amir Bazine of Crowdstrike.

Researchers at healthcare cybersecurity company Cynerio just published a report about five cybersecurity holes they found in a hospital robot system called TUG. TUGs are pretty much robot cabinets or platforms on wheels, apparently capable of carrying up to 600kg and rolling along at just under 3km/hr. During what we're assuming was a combined penetration test/security assessment job, the Cynerio researchers were able to sniff out traffic to and from the robots in use, track the network exchanges back to a web portal running on the hospital network, and from there to uncover five non-trivial security flaws in the backend web servers used to control the hospital's robot underlords.

It should be noted that RDDoS attacks are launched by a different type of threat actors than ransomware gangs, who use DDoS to add more pressure on the victim on top of file encryption and the threat to publish stolen data. Cloudflare reports that ransom DDoS attacks have dropped drastically in 2022, with only 17% of its DDoS-targeted clients reporting an extortion in January, 6% in February, and just 3% in March.