Security News > 2022 > June
BeyondTrust's recent 2022 Microsoft Vulnerabilities Report includes the latest annual breakdown of Microsoft vulnerabilities by category and product, as well as a six-year trend analysis, providing a holistic understanding of the evolving threat landscape. In this video for Help Net Security, Morey Haber, Chief Strategy Officer at Beyond Trust, talks about this report, which analyzes data from security bulletins publicly issued by Microsoft throughout the previous year.
Government agencies are prime targets for attack due to the sheer amount of sensitive information they possess. As today's geopolitical landscape continues to become more dangerous, insight into where their cyber vulnerabilities lie is critical.
The top line report findings discovered an average of 15 externally generated scripts on each site, with an average of 12 scripts specifically on sensitive pages. If a script has been compromised, the shadow code comes with it and goes straight to the browser without organizational defenses able to detect it.
Armorblox released a report which highlights the use of language-based attacks that bypass existing email security controls. It documents both the rise in targeted attacks and the increased sophistication, accuracy, and financial impact of email-based attacks.
When a driverless car is in motion, one faulty decision by its collision-avoidance system can lead to disaster, but researchers at the University of California, Irvine have identified another possible risk: Autonomous vehicles can be tricked into an abrupt halt or other undesired driving behavior by the placement of an ordinary object on the side of the road. "A box, bicycle or traffic cone may be all that is necessary to scare a driverless vehicle into coming to a dangerous stop in the middle of the street or on a freeway off-ramp, creating a hazard for other motorists and pedestrians," said Qi Alfred Chen, UCI professor of computer science and co-author of a paper on the subject presented recently at the Network and Distributed System Security Symposium in San Diego. Chen and his team focused their investigation on security vulnerabilities specific to the planning module, a part of the software code that controls autonomous driving systems.
America's military conducted offensive cyber operations to support Ukraine in its response to Russia's illegal invasion, US Cyber Command chief General Paul Nakasone has said. "The US brings to bear the formidable capabilities of Cyber Command against rogue nation states. Cyberspace is a new domain for warfare."
A new Windows Search zero-day vulnerability can be used to automatically open a search window containing remotely-hosted malware executables simply by launching a Word document. While most Windows searches will look on the local device's index, it is also possible to force Windows Search to query file shares on remote hosts and use a custom title for the search window.
Cybersecurity researchers have disclosed a new ransomware strain called GoodWill that compels victims into donating for social causes and provide financial assistance to people in need. "The ransomware group propagates very unusual demands in exchange for the decryption key," researchers from CloudSEK said in a report published last week.
An analysis of the mobile threat landscape in 2022 shows that Spain and Turkey are the most targeted countries for malware campaigns, even as a mix of new and existing banking trojans are increasingly targeting Android devices to conduct on-device fraud. "Just in the first five months of 2022 there has been an increase of more than 40% in malware families that abuse Android OS to perform fraud using the device itself, making it almost impossible to detect them using traditional fraud scoring engines."
An international law enforcement operation involving 11 countries has culminated in the takedown of a notorious mobile malware threat called FluBot. "This Android malware has been spreading aggressively through SMS, stealing passwords, online banking details and other sensitive information from infected smartphones across the world," Europol said in a statement.