Security News > 2022 > July

The Monetary Authority of Singapore said on Tuesday that its cryptocurrency regulations will add measures to protect consumers, in addition to ongoing work to contain money laundering and terrorist funding. Singapore's anti-crypto rhetoric has increased in recent weeks, after Terraform Labs' "UST" stablecoin collapsed and helped to spark market uncertainty that has sent the price of many crypto assets tumbling.

The U.S. Cybersecurity and Infrastructure Security Agency is warning of a handful of unpatched security vulnerabilities in MiCODUS MV720 Global Positioning System trackers outfitted in over 1.5 million vehicles that could lead to remote disruption of critical operations. CVE-2022-2107 - Use of a hard-coded master password that could enable an unauthenticated attacker to carry out adversary-in-the-middle attacks and seize control of the tracker.

A new ransomware family dubbed Luna can be used to encrypt devices running several operating systems, including Windows, Linux, and ESXi systems.Discovered by Kaspersky security researchers via a dark web ransomware forum ad spotted by the company's Darknet Threat Intelligence active monitoring system, Luna ransomware appears to be specifically tailored to be used only by Russian-speaking threat actors.

One of the biggest culprits? Alert overload. The average security team gets tens of thousands of alerts each day. These surveys found that 70% of security teams feel emotionally overwhelmed by alerts, and more than 55% of security professionals don't feel fully confident that they can prioritize and respond to every alert that really does need attention.

Six vulnerabilities in the MiCODUS MV720 GPS tracker that's used by organizations around the world to manage and protect vehicle fleets could be exploited by attackers to remotely cut fuel to or abruptly stop vehicles. The MiCODUS MV720 is a hardwired GPS tracker through which fleet owners can track vehicles, cut off fuel to them, geofence them so they can't be driven outside specific areas, and generally have remote control over the vehicles.

In some countries up to 90% of governmental websites add third-party tracker cookies without users' consent. This occurs even in countries with strict user privacy laws, according to researchers Matthias Götze, Srdjan Matic, Costas Iordanou, Georgios Smaragdakis and Nikolaos Laoutaris.

Amazon is suing over 10,000 administrators of Facebook groups that offer to post fake reviews on the online souk's website in exchange for products and money. Group admins charged $10 per fake review, according to CNBC. Reviewers were also lured with promises of free products in return for sham assessments of items such as car stereos or camera tripods.

Metasploit is the most used penetration testing framework. In this Help Net Security video, Spencer McIntyre, Lead Security Researcher at Rapid7, talks about how Metasploit enables defenders to always stay one step ahead of the game, and offers a glimpse into the future.

A Software Bill of Materials, often shortened to the acronym SBOM, is a formal, machine-readable inventory of software components and dependencies, information about those components, and their hierarchical relationships. SBOMs aren't the silver bullet they're portrayed as.

Huntress, the managed security platform for SMBs, has acquired Curricula, a story-based security awareness training platform that empowers employees to better defend themselves against hackers. In addition to its core platform, Curricula offers a number of additional features to help businesses build a positively focused security culture - including a gamified phishing simulator, story-based training episodes, custom content creation tools, compliance reporting, and more.