Security News > 2022 > June

A critical security flaw has been uncovered in UNISOC's smartphone chipset that could be potentially weaponized to disrupt a smartphone's radio communications through a malformed packet. "Left unpatched, a hacker or a military unit can leverage such a vulnerability to neutralize communications in a specific location," Israeli cybersecurity company Check Point said in a report shared with The Hacker News.

Microsoft on Thursday said it took steps to disable malicious activity stemming from abuse of OneDrive by a previously undocumented threat actor it tracks under the chemical element-themed moniker Polonium. In addition to removing the offending accounts created by the Lebanon-based activity group, the tech giant's Threat Intelligence Center said it suspended over 20 malicious OneDrive applications created and that it notified affected organizations.

The Russian-based Evil Corp is jumping from one malware strain to another in hopes of evading sanctions placed on it by the US government in 2019. Evil Corp - which made its bones targeting the financial sector with the Dridex malware it developed - is now using off-the-shelf ransomware, most recently the LockBit ransomware-as-a-service, to cover its tracks and make it easier to get the ransoms they demand from victims paid, according to a report this week out of Mandiant.

Octopus and squid genes are weird. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.

Finally, we saw increased attacks this month, with the Clop gang revealing new victims, Foxconn confirming our report of a LockBit ransomware attack in May 2021, and Costa Rica now being targeted by the Hive ransomware. June 1st 2022 Ransomware attacks need less than four days to encrypt systems.

Cybersecurity company Illumio as part of their "Zero Trust Impact Report" found that leaders that employ zero trust architecture thwart five major cyberattacks per year, saving their organizations an average of $20 million annually. "Catastrophic breaches keep happening despite another year of record cybersecurity spending," said PJ Kirner, Illumio co-founder and CTO. "I'm shocked that nearly half of those surveyed in The Zero Trust Impact Report do not think a breach is inevitable, which is the guiding principle for Zero Trust, but I am encouraged by the hard business returns Zero Trust and Segmentation deliver."

Pharmaceutical giant Novartis says no sensitive data was compromised in a recent cyberattack by the Industrial Spy data-extortion gang. Yesterday, the hacking group began selling data allegedly stolen from Novartis on their Tor extortion marketplace for $500,000 in bitcoins.

Back in November 2020, in the middle of the COVID-19 pandemic, I gave a virtual talk at the International Symposium on Technology and Society: “The Story of the Internet and How it Broke Bad: A...

There's no alert about the bug visible on the company's main web page, which features the company's best-known tools JIRA and Trello, but you'll find Confluence Security Advisory 2022-06-02 on the Confluence sub-site. Webshells are a nasty way of opening up a backdoor into a network using an attack that sometimes requires attackers to do little more than write one tiny file into part of a web server where content is stored.

Check Point found attackers could transmit a specially designed radio packet to a nearby device to crash the firmware, ending that equipment's cellular connectivity, at least, presumably until it's rebooted. UNISOC is a 21-year-old chip designer based in China that spent the first 17 years of life known as Spreadtrum Communications, and that by 2011 was supplying chips for more than half of the mobile phones in the country.