Security News > 2022 > April

GitHub can now block and alert you of pull requests that introduce new dependencies impacted by known supply chain vulnerabilities. "The GitHub Action automates finding and blocking vulnerabilities that are currently only displayed in the rich diff of a pull request," said Courtney Claessens, a Senior Product Manager at GitHub.

How can you be sure your enterprise code doesn't have flaws that a sophisticated, or merely competent and determined, hacker could uncover and exploit? Our own Tim Phillips will be joined by Contrast Security's Larry Maccherone, formerly head of DevSecOps at Comcast; as well as CM.com CISO Sandor Incze; security architect at Floor and Décor Darius Radford; and Joe Zanchi, lead cyber security policy and standards at Humana.

While most people would not think of the insurance sector as a focus for cyberattacks, new findings show that the industry may have a serious security problem. The recently released Cyber Insurance Risk in 2022 report from Black Kite shows that 82% of the largest insurance carriers are the focus of ransomware attacks from cyber criminals.

Researchers have found the info-stealing Android malware Sharkbot lurking unsuspected in the depths of the Google Play store under the cover of anti-virus solutions. While analyzing suspicious applications on the store, the Check Point Research team found what purported to be genuine AV solutions downloading and installing the malware, which steals credentials and banking info from Android devices but also has a range of other unique features.

The Mirai malware is now leveraging the Spring4Shell exploit to infect vulnerable web servers and recruit them for DDoS attacks. Spring4Shell is a critical remote code execution vulnerability tracked as CVE-2022-22965, affecting Spring Framework, a widely used enterprise-level Java app development platform.

Today, the U.S. has announced exemptions on previously imposed sanctions on Russia related to telecommunications and internet-based communications, likely to prevent Russians from being isolated from Western news sources. The revised sanctions released today and signed by Deputy Director of the Office of Foreign Assets Control, Bradley Smith, re-opens the possibility for US companies to license, export, sell, or supply services for software, hardware, and IT technology related to communications.

AWS secures the underlying Lambda execution environment, yet it is up to the customer to secure the functions. Cado Labs has exposed the first publicly known case of malware specifically designed to run in an AWS Lambda environment.

An update to Raspberry Pi OS Bullseye has removed the default 'pi' user to make it harder for attackers to find and compromise Internet-exposed Raspberry Pi devices using default credentials. You can no longer skip this step since the setup wizard will be launched when first booting the device.

FIN7 hacking group returns with new methods and members, what should you look out for? A report from Mandiant details the resurfacing of the FIN7 hacking group and the collective's use of new hacking tools along with an expanding roster of attackers.

Ever since Apple introduced AirTags, security people have warned that they could be used for stalking. Motherboard requested records mentioning AirTags in a recent eight month period from dozens of the country's largest police departments.