Security News > 2022 > July

Website owners are being targeted with fake copyright infringement complaints that utilize Yandex Forms to distribute the IcedID banking malware. These reports allegedly contain proof of DDoS attacks or copyrighted material used without permission but instead infect a target's device with various malware, including BazarLoader, BumbleBee, and IcedID. Switching to Yandex forms.

A newly discovered Linux malware is being used to stealthily steal information from backdoored Linux systems and infect all running processes on the machine. Dubbed OrBit by Intezer Labs security researchers who first spotted it, this malware hijacks shared libraries to intercept function calls by modifying the LD PRELOAD environment variable on compromised devices.

China suffers massive cybersecurity breach affecting over 1 billion people. Residents of China are reeling today from the news that a cybersecurity breach led to over a billion people's personal information being made available to hackers.

Five suspects were indicted in a federal court in Brooklyn, New York on Wednesday for alleged crimes related to a campaign to silence dissidents in the US who opposed the government of the People's Republic of China. Three of the individuals - Fan "Frank" Liu, Matthew Ziburis, and Qiang "Jason" Sun - were charged, along with two others, in March with stalking, harassing, and spying on Chinese dissidents in the US who spoke out against the Chinese government.

Report by Georgetown's Center on Privacy and Technology published a comprehensive report on the surprising amount of mass surveillance conducted by Immigration and Customs Enforcement. Our two-year investigation, including hundreds of Freedom of Information Act requests and a comprehensive review of ICE's contracting and procurement records, reveals that ICE now operates as a domestic surveillance agency.

Train for some of today's top cybersecurity credentials for $39 We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships. There's significant demand for ethical hackers and cybersecurity expertise across industries.

A burst of almost 1,300 JavaScript packages automatically created on NPM via more than 1,000 user accounts could be the initial step in a major crypto-mining campaign, according to researchers at Checkmarx. Microsoft GitHub-owned NPM hosts hundreds of thousands of JavaScript packages for developers.

Professional Finance Company Inc., a full-service accounts receivables management company, says that a ransomware attack in late February led to a data breach affecting over 600 healthcare organizations. While PFC did not share the exact number of affected healthcare providers, it linked to a PDF file listing all the impacted orgs containing the names of 657 healthcare entities.

Agents sit on devices to perform security scanning and reporting, system restarts/reboots, software patching, configuration and general system monitoring. Agentless security tools do much the same, just without the agents, making them a better bet for security vulnerability scanning on remote machines where its harder to install an agent - like the cloud.

Microsoft has followed Google's lead and issued an update for its Edge browser following the arrival of a WebRTC zero-day. Microsoft remained tight-lipped on the matter, merely saying that since Edge "Ingests" Chromium, the vulnerabilities had been addressed.