Security News > 2022 > July

A massive Rogers outage is causing widespread disruption in Canada due to lack of mobile service, inability to process payment card transactions, and impacting 911 emergency services. According to DownDetector, the outage started at around 5 AM EST, with customers suddenly unable to make phone calls or connect to the Internet.

A sneaky malware for Linux is backdooring devices to steal data and can affect all the processes running on a particular machine, researchers have found. Orbit can either achieve persistence on a machine or be installed as volatile implant, Intezer's Nicole Fishbein explained in a blog post on Orbit published this week.

Apple has introduced lockdown mode for high-risk users who are concerned about nation-state attacks. It trades reduced functionality for increased security in a very interesting way.

Hackers can stop all eCommerce activity in its tracks when they target web servers and services, freezing revenue and causing huge disruption to the organization and its customers. A SYN flood is a type of volumetric DDoS attack designed to make any online network or system inaccessible by flooding servers with TCP traffic which results in users being blocked from entering or using the network.

Cybersecurity researchers are drawing attention to an ongoing wave of attacks linked to a threat cluster tracked as Raspberry Robin that's behind a Windows malware with worm-like capabilities. The infections involve a worm that propagates over removable USB devices containing malicious a.LNK file and leverages compromised QNAP network-attached storage devices for command-and-control.

A malicious browser extension with 350 variants is masquerading as a Google Translate add-on as part of an adware campaign targeting Russian users of Google Chrome, Opera, and Mozilla Firefox browsers. Mobile security firm Zimperium dubbed the malware family ABCsoup, stating the "Extensions are installed onto a victim's machine via a Windows-based executable, bypassing most endpoint security solutions, along with the security controls found in the official extension stores."

Several federal agencies are warning healthcare organizations that they are under threat of attacks from North Korean state-sponsored actors employing a unique ransomware that targets files with surgical precision, according to U.S. federal authorities. Another characteristic of Maui that diverges from other ransomware is that it appears to be designed for manual execution by a threat actor, allowing its operators to "Specify which files to encrypt when executing it and then exfiltrate the resulting runtime artifacts," Cutler wrote.

New Zealand-based cybersecurity firm Emsisoft has released a free decryption tool to help AstraLocker and Yashma ransomware victims recover their files without paying a ransom. "The AstraLocker decryptor is for the Babuk-based one using.Astra or.babyk extension, and they released a total of 8 keys," Emsisoft added.

QNAP Systems is warning about Checkmate, a new piece of ransomware targeting users of its network-attached storage appliances. "Preliminary investigation indicates that Checkmate attacks via SMB services exposed to the internet, and employs a dictionary attack to break accounts with weak passwords," the company says.

With those major updates now in place, could we see a summertime lull in the July 2022 Patch Tuesday updates? We saw a rare SQL server update last Patch Tuesday and I don't anticipate another this month.