Security News > 2022 > July

A newly observed phishing campaign is leveraging the recently disclosed Follina security vulnerability to distribute a previously undocumented backdoor on Windows systems. "Rozena is a backdoor malware that is capable of injecting a remote shell connection back to the attacker's machine," Fortinet FortiGuard Labs researcher Cara Lin said in a report this week.

The $540 million hack of Axie Infinity's Ronin Bridge in late March 2022 was the consequence of one of its former employees getting tricked by a fraudulent job offer on LinkedIn, it has emerged. According to a report from The Block published last week citing two people familiar with the matter, a senior engineer at the company was duped into applying for a job at a non-existent company, causing the individual to download a fake offer document disguised as a PDF. "After what one source described as multiple rounds of interviews, a Sky Mavis engineer was offered a job with an extremely generous compensation package," the Block reported.

GitHub Actions and Azure virtual machines are being leveraged for cloud-based cryptocurrency mining, indicating sustained attempts on the part of malicious actors to target cloud resources for illicit purposes. "Attackers can abuse the runners or servers provided by GitHub to run an organization's pipelines and automation by maliciously downloading and installing their own cryptocurrency miners to gain profit easily," Trend Micro researcher Magno Logan said in a report last week.

Axie Infinity, a popular destination for 3 million traders of in-game collectible non-fungible tokens, reportedly lost $540M in cryptocurrency in a recruiting-themed spear phishing attack. Ronin is supported by nine validators so, by controlling five, the attacker possessed majority control over the network.

Two ransomware gangs and a data extortion group have adopted a new strategy to force victim companies to pay threat actors to not leak stolen data. At least two ransomware operations and a data extortion gang have adopted the strategy recently and more threat actors are likely to do the same.

It's demanding a return to the freewheeling days of the last millennium, when Office macro viruses didn't face the trials and tribulations that they do today. Worst of all, perhaps, an infected document could implant macros into the global template, thus infecting the computer, and the same macros could copy themselves back out again.

Federal district judge William Shubb last week approved [PDF] the out-of-court deal struck by the biz and Markus, who joined the defense contractor in 2014 as senior director of cybersecurity, compliance, and controls. In his 2017 complaint, Markus alleged the company's computer systems failed to meet minimum cybersecurity standards that the federal government requires for contracts funded by NASA and the Department of Defense.

Microsoft says that Windows Autopatch, an enterprise service that automatically keeps Windows and Microsoft 365 software up to date, is generally available starting today.Windows Autopatch was first announced in April when Microsoft said it would be available for free to Microsoft customers with a Windows 10/11 Enterprise E3 license or greater starting July 2022.

Microsoft says last week's decision to roll back VBA macro auto-blocking in downloaded Office documents is only a temporary change. Redmond announced in February that Microsoft Office would automatically block VBA macros in all documents downloaded from the Internet after a rollout stage between April and June.

A new ransomware family is being delivered as a bogus Google Software Update, using Microsoft functionality as part of its attack. Researchers with Trend Micro say they uncovered the latest threat, dubbed "HavanaCrypt", a ransomware package that presents itself as a Google Software Update though it is a.NET-compiled application.