Security News > 2022 > May

Security researchers are warning F5 BIG-IP admins to immediately install the latest security updates after creating exploits for a recently disclosed critical CVE-2022-1388 remote code execution vulnerability. Last week, F5 disclosed a new critical remote code execution in BIG-IP networking devices tracked as CVE-2022-1388.

A credit card stealing service is growing in popularity, allowing any low-skilled threat actors an easy and automated way to get started in the world of financial fraud. Once a purchase is made, these malicious scripts steal the credit card details and send them back to remote servers to be collected by threat actors.

Google is now blocking Russian users and developers from downloading or updating paid applications from the Google Play Store starting Thursday due to sanctions. "As part of our compliance efforts, Google Play is blocking the downloading of paid apps and updates to paid apps in Russia starting May 5, 2022," the company said in an update on its support website.

TLStorm 2.0: Critical bugs in widely-used Aruba, Avaya network switchesArmis researchers have discovered five critical vulnerabilities in the implementation of TLS communications in multiple models of network switches. Critical F5 BIG-IP flaw allows device takeover, patch ASAP!F5 Networks' BIG-IP multi-purpose networking devices/modules are vulnerable to unauthenticated remote code execution attacks via CVE-2022-1388.

Fake cryptocurrency giveaways are stealing millions of dollars simply by replaying old Elon Musk and Jack Dorsey Ark Invest videos on YouTube. The fraudsters made more than $1.3 million after re-streaming an edited version of an old live panel discussion on cryptocurrency with Elon Musk, Jack Dorsey, and Cathie Wood at Ark Invest's "The Word" conference.

Fake cryptocurrency giveaways are stealing millions of dollars simply by replaying old Elon Musk and Jack Dorsey Ark Invest videos on YouTube. At a quick search, BleepingComputer found that close to 10 YouTube channels have published the discussion, albeit in a smaller format edited to include additional elements that promoted the scam, including the link to the fraudulent crypto giveaway website.

The UK government added 63 Russian entities to its sanction list on Wednesday. Among them are Baikal Electronics and MCST, the two most important chip makers in Russia.

Trend Micro antivirus has fixed a false positive affecting its Apex One endpoint security solution that caused Microsoft Edge updates to be tagged as malware and the Windows registry to be incorrectly modified. As users further revealed, the Trend Micro Apex One flagged the browser updates as Virus/Malware: TROJ FRS.VSNTE222 and Virus/Malware: TSC GENCLEAN. Fix and workaround available.

Trend Micro has fixed a false positive issue affecting its Apex One endpoint security solution leading to Microsoft Edge updates being tagged as malware and Windows registry changes. As users further revealed, the Trend Micro Apex One flagged the browser updates as Virus/Malware: TROJ FRS.VSNTE222 and Virus/Malware: TSC GENCLEAN. Fix and workaround available.

The US Department of State is offering up to $15 million for information that helps identify and locate leadership and co-conspirators of the infamous Conti ransomware gang. Up to $10 million of this reward are offered for info on Conti leaders' identity and location, and an additional $5 million for leading to the arrest and/or convictions of individuals who conspired or attempted to participate in Conti ransomware attacks.