Security News > 2022 > May

Clop ransomware gang is back, hits 21 victims in a single month
2022-05-28 15:10

After effectively shutting down their entire operation for several months, between November and February, the Clop ransomware is now back, according to NCC Group researchers. This surge in activity was noticed after the ransomware group added 21 new victims to their data leak site within a single month, in April.

New Windows Subsystem for Linux malware steals browser auth cookies
2022-05-28 14:01

Hackers are showing an increased interest in the Windows Subsystem for Linux as an attack surface as they build new malware, the more advanced samples being suitable for espionage and downloading additional malicious modules. WSL-based malware samples discovered recently rely on open-source code that routes communication through the Telegram messaging service and gives the threat actor remote access to the compromised system.

Microsoft Finds Critical Bugs in Pre-Installed Apps on Millions of Android Devices
2022-05-28 01:37

Four high severity vulnerabilities have been disclosed in a framework used by pre-installed Android System apps with millions of downloads. "As it is with many of pre-installed or default applications that most Android devices come with these days, some of the affected apps cannot be fully uninstalled or disabled without gaining root access to the device," the Microsoft 365 Defender Research Team said in a report published Friday.

Experts Detail New RCE Vulnerability Affecting Google Chrome Dev Channel
2022-05-28 01:19

Details have emerged about a recently patched critical remote code execution vulnerability in the V8 JavaScript and WebAssembly engine used in Google Chrome and Chromium-based browsers. The flaw, which was identified in the Dev channel version of Chrome 101, was reported to Google by Weibo Wang, a security researcher at Singapore cybersecurity company Numen Cyber Labs and has since been quietly fixed by the company.

Stolen university credentials up for sale by Russian crooks, FBI warns
2022-05-27 22:34

Russian crooks are selling network credentials and virtual private network access for a "Multitude" of US universities and colleges on criminal marketplaces, according to the FBI. According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves. "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

Friday Squid Blogging: Squid Bites Diver
2022-05-27 20:57

I agree; the diver deserved it. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.

FBI warns of hackers selling credentials for U.S. college networks
2022-05-27 20:26

Cybercriminals are offering to sell for thousands of U.S. dollars network access credentials for higher education institutions based in the United States. The sensitive information consists of network credentials and virtual private network access "To a multitude" of higher education organizations in the U.S. In some cases, the seller posted a screenshot proving that the credentials provide the advertised access.

DevSecOps glossary: 24 terms security professionals need to know
2022-05-27 19:21

Today, organizations are drifting away from perimeter-based security and toward access-based security. SIEM is a security management approach that combines the functions of security information management and security event management.

Cloud security unicorn cuts 20% of staff after raising $1.3b
2022-05-27 19:19

Cloud security company Lacework has laid off 20 percent of its employees, just months after two record-breaking funding rounds pushed its valuation to $8.3 billion. A spokesperson wouldn't confirm the total number of employees affected, though told The Register that the "Widely speculated number on Twitter is a significant overestimate."

GitHub: Attackers stole login details of 100K npm user accounts
2022-05-27 18:40

GitHub revealed today that an attacker stole the login details of roughly 100,000 npm accounts during a mid-April security breach with the help of stolen OAuth app tokens issued to Heroku and Travis-CI. The threat actor successfully breached and exfiltrated data from private repositories belonging to dozens of organizations. Approximately 100k npm usernames, password hashes, and email addresses from a 2015 archive of user information.