Security News > 2022 > June

Someone hacked the Ecuadorian embassy in Moscow and found a document related to Ecuador's 2013 efforts to bring Edward Snowden there. If you remember, Snowden was traveling from Hong Kong to somewhere when the US revoked his passport, stranding him in Russia.

Amazon Photos is an image and video storage application that enables users to seamlessly share their snaps with up to five family members, offering powerful management and organization features. Exploiting this bug could have enabled a malicious app installed on the same device to snatch Amazon access tokens used for Amazon APIs authentication.

Microsoft has fixed a container escape bug dubbed FabricScape in the Service Fabric application hosting platform that let threat actors escalate privileges to root, gain control of the host node, and compromise the entire SF Linux cluster. Additional details on how CVE-2022-30137 can be exploited to execute code and take over SF Linux clusters are available in Unit 42's report.

Microsoft has fixed a container escape vulnerability in the Service Fabric application hosting platform that would allow threat actors to escalate privileges to root, gain control of the host node, and compromise the entire SF Linux cluster. Additional details on how CVE-2022-30137 can be exploited to execute code and take over SF Linux clusters are available in Unit 42's report.

Cyber Week is a large annual international cybersecurity event, hosted each year at Tel Aviv University in Israel. Our Editor-in-Chief Zeljka Zorz is at the conference this week, and here's a closer look at the event with a collection of photos.

Microsoft has indefinitely postponed the date on which its Cloud Solution Providers will be required to sell software and services licences on new terms. Paying month-to-month is more expensive than signing up for longer-term deals under NCE, which also packs substantial price rises for many Microsoft products.

Qualcomm knows that if it wants developers to build and optimize AI applications across its portfolio of silicon, the Snapdragon giant needs to make the experience simpler and, ideally, better than what its rivals have been cooking up in the software stack department. That's why on Wednesday the fabless chip designer introduced what it's calling the Qualcomm AI Stack, which aims to, among other things, let developers take AI models they've developed for one device type, let's say smartphones, and easily adapt them for another, like PCs. This stack is only for devices powered by Qualcomm's system-on-chips, be they in laptops, cellphones, car entertainment, or something else.

Gen Zers might seem like digital pros but, they often aren't armed with enough resources to keep themselves safe online. The FBI reported that, in 2020 alone, there were 23,200 internet crime complaints filed by victims under 20 years old, which resulted in a $71 million loss for their families.

The threat of firmware attacks is a growing concern for IT leaders now that hybrid workers are connecting from home networks more frequently: With hybrid or remote work now the norm for many employees there is a greater risk of working on potentially unsecure home networks meaning that the level of threat posed by firmware attacks has risen. More than eight-in-ten IT leaders say firmware attacks against laptops and PCs now pose a significant threat, while 76% of ITDMs said firmware attacks against printers pose a significant threat.

Three people accused of selling pirate software licenses worth more than $88 million have been charged with fraud. To add phones and enable features such as voicemail, customers buy the necessary software licenses from an Avaya reseller or distributor.