Security News > 2022 > July

Threat actors are generating revenue by using adware bundles, malware, or even hacking into Microsoft SQL servers, to convert devices into proxies rented through online proxy services. To steal a device's bandwidth, the threat actors install software called 'proxyware' that allocates a device's available internet bandwidth as a proxy server that remote users can use for various tasks, like testing, intelligence collection, content distribution, or market research.

Threat actors have been adopting a less common method to generate revenue and are leveraging payloads to install proxyware services on target systems. Proxyware is a program that allows allocating available internet bandwidth over a proxy to users that need it for various tasks, like testing, intelligence collection, content distribution, or market research.

Threat actors are finding their way around Microsoft's default blocking of macros in its Office suite, using alternative files to host malicious payloads now that a primary channel for threat delivery is being cut off, researchers have found. The beginning of the decrease coincided with Microsoft's plan to start blocking XL4 macros by default for Excel users, followed up with the blocking of VBA macros by default across the Office suite this year.

Microsoft is investigating an ongoing incident impacting administrators in North America who report seeing blank pages and 404 errors when trying to access the Microsoft 365 admin center.This outage could affect any admin in North America, as the company revealed on the Microsoft 365 Service health status page.

The LibreOffice suite has been updated to address several security vulnerabilities related to the execution of macros and the protection of passwords for web connections. LibreOffice features a check to determine if a macro was created and signed by someone the user trusts so it wouldn't execute the macro code in case of a mismatch.

Google delays removal of third-party cookies in Chrome through 2024. Google is pushing back its plan to get rid of third-party cookies in Chrome to the latter half of 2024, according to a company blog published Wednesday.

Google on Wednesday said it's once again delaying its plans to turn off third-party cookies in the Chrome web browser from late 2023 to the second half of 2024. "The most consistent feedback we've received is the need for more time to evaluate and test the new Privacy Sandbox technologies before deprecating third-party cookies in Chrome," Anthony Chavez, vice president of Privacy Sandbox, said.

A North Korean-backed threat group tracked as Kimsuky is stealing emails from Google Chrome or Microsoft Edge users browsing their webmail accounts using a malicious browser extension. The extension, dubbed SHARPEXT by Volexity researchers who spotted this campaign in September, supports three Chromium-based web browsers and can steal mail from Gmail and AOL accounts.

The largest distributed denial-of-service attack that Europe has ever seen occurred earlier this month and hit an organization in Eastern Europe. DDoS incidents have become more frequent since the start of the year as attackers try to deny access to the victim's digital services by flooding them with requests and traffic to overwhelm resources and render them unavailable.

Multiple npm packages are being used in an ongoing malicious campaign dubbed LofyLife to infect Discord users with malware that steals their payment card information. "All these packages contained highly obfuscated malicious Python and JavaScript code. We dubbed this malicious campaign 'LofyLife'."