Security News > 2022 > July

Dubbed Atlas Intelligence Group, the cybergang has been spotted by security researchers recruiting independent black-hat hackers to execute specific aspects of its own campaigns. The threat group markets services that include data leaks, distributed denial of service, remote desktop protocol hijacking and additional network penetration services, according to a Thursday report by threat intelligence firm Cyberint.

The advanced persistent threat actor tracked as Evilnum is once again exhibiting signs of renewed activity aimed at European financial and investment entities. "Evilnum is a backdoor that can be used for data theft or to load additional payloads," enterprise security firm Proofpoint said in a report shared with The Hacker News.

DataDome - a seven-year-old company whose job it is to protect websites, mobile apps and APIs from online fraud and automated threats - doesn't believe the end of CAPTCHA is nigh. If anomalies indicate a bot is trying to access the site, DataDome's technology may move the session to a CAPTCHA. Even then, the signals will indicate whether it's the legitimate user or something else using DataDome CAPTCHA. "It's not only about if the CAPTCHA is solved," Fabre said.

Phishing emails impersonating LinkedIn continue to make the bulk of all brand phishing attempts; according to Check Point, 45% of all email phishing attempts in Q2 2022 imitated the style of communication of the professional social media platform, with the goal of directing targets to a spoofed LinkedIn login page and collecting their account credentials. To compare: In Q4 2021, LinkedIn-themed phishing attempts were just 8 percent of the total brand phishing attacks flagged by Check Point.

Recent Windows 11 builds come with the Account Lockout Policy policy enabled by default which will automatically lock user accounts after 10 failed sign-in attempts for 10 minutes. "Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute force password vectors," David Weston, Microsoft's VP for Enterprise and OS Security, tweeted Thursday.

The most severe of the issues are CVE-2022-20857, CVE-2022-20858, and CVE-2022-20861, which impact Cisco Nexus Dashboard for data centers and cloud network infrastructures and could enable an "Unauthenticated remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack." CVE-2022-20857 - Cisco Nexus Dashboard arbitrary command execution vulnerability.

Apple on Wednesday rolled out software fixes for iOS, iPadOS, macOS, tvOS, and watchOS to address a number of security flaws affecting its platforms. Chief among them is CVE-2022-2294, a memory corruption flaw in the WebRTC component that Google disclosed earlier this month as having been exploited in real-world attacks aimed at users of the Chrome browser.

Strange things are afoot in the world of Microsoft email with multiple users reporting unusual sign-in notifications for their Outlook accounts. While an unusual sign-in activity email should always be treated with suspicion, the twist here is that the IP address at the root of the issue appears to originate within Microsoft itself.

It has also given the cybercriminal community new routes to break into systems, either by exploiting existing vulnerabilities in the software supply chain or by surreptitiously inserting their own. So just imagine how you'd feel if you found out that a software component or library that you'd developed had a vulnerability that left not just you, but your downstream customers and partners open to attack?

What initially started like a minor Microsoft Teams outage has also taken down multiple Microsoft 365 services with Teams integration, including Exchange Online, Windows 365, and Office Online."We've received reports of users being unable to access Microsoft Teams or leverage any features," the company revealed on its official Microsoft 365 Status Twitter account more than 8 hours ago.