Security News > 2022 > June

Three defendants who allegedly sold over $88 million worth of software licenses belonging to Avaya Holdings Corporation have been charged in Oklahoma, U.S., facing 14 counts of wire fraud and money laundering. The defendants are accused of stealing software licenses from ADI and selling them to thousands of companies worldwide that used them to unlock features of "Avaya IP Office" telephone systems.

This bug allows a malicious website to create a popup window and then resize it to overwrite the browser's own address bar. This address bar spoofing bug only applies to Firefox on Linux; on other operating systems, the bug apparently can't be triggered.

A new information-stealing malware named YTStealer is targeting YouTube content creators and attempting to steal their authentication tokens and hijack their channels. Since the YTStealer malware targets YouTube creators, most of its distribution uses lures impersonating software that edits videos or acts as content for new videos.

The Cybersecurity and Infrastructure Security Agency has added a high-severity Linux vulnerability known as PwnKit to its list of bugs exploited in the wild. PwnKit is a memory corruption bug that unprivileged users can exploit to gain full root privileges on Linux systems with default configurations.

Mozilla has announced the release of Thunderbird 102, highlighting it as a 'serious upgrade,' bringing new features that the community has been requesting for a while now, like refreshed GUI, viewing options, data portability enhancements, and performance upgrades. As with every point release, Thunderbird 102 also introduces several security fixes for high-impact flaws that could be exploited for spoofing attacks, DoS, and arbitrary code execution.

The Ukrainian cyberpolice force arrested nine members of a criminal group that operated over 400 phishing websites crafted to appear like legitimate EU portals offering financial assistance to Ukrainians. The threat actors used forms on the site to steal visitors' payment card data and online banking account credentials and perform fraudulent, unauthorized transactions like moving funds to accounts under their control.

One of the common techniques used by these threat actors to try to add a strong layer of anonymity consists of using The Onion Router network to hide the location of their servers. It is important to note that servers hosted on the Tor network are just typical servers hosted on the Internet - users are merely accessing them via a special network.

CISA has urged government agencies and private sector organizations using Microsoft's Exchange cloud email platform to expedite the switch from Basic Authentication legacy authentication methods without multifactor authentication support to Modern Authentication alternatives. Basic Auth is an HTTP-based auth scheme used by apps to send credentials in plain text to servers, endpoints, or online services.

Eighty-two percent of attacks on organizations in Q1 2022 were caused by the external exposure of a known vulnerabilities in the victim's external-facing perimeter or attack surface. "These behaviors are considered 'risky' because the mitigation relies on an organization's continued security vigilance and willingness to enforce consistent standards over long periods of time," said Tetra Defense in the report.

Google Workspace has been updated to notify admins of highly sensitive changes to configurations, including those made to single sign-on profiles and admin accounts. These newly added alerts are available to all Google Workspace customers, including legacy G Suite Basic and Business customers.