Security News > 2022 > August

Microsoft is warning that users may see a 0x800f0922 error when trying to install Windows KB5012170 Secure Boot security update on currently supported operating systems for consumers and the enterprise-class Server version. Error 0x800f0922 is related strictly to KB5012170, a security update for the Secure Boot DBX, a repository that holds revoked signatures for Unified Extensible Firmware Interface bootloaders.

Hackers are increasingly moving towards hybrid forms of phishing attacks that combine email and voice social engineering calls as a way to breach corporate networks for ransomware and data extortion attacks. According to Agari's Q2 2022 cyber-intelligence report, phishing volumes have only increased by 6% compared to Q1 2022.

Scammers were able to convince YouTube that other peoples' music was their own. No one knows how common this scam is, and how much money total is being stolen in this way.

There was nothing typical this year at BSides LV, Black Hat USA and DEF CON - also known collectively as Hacker Summer Camp. Video conferencing darling Zoom was highlighted at DEF CON by Patrick Wardle, founder of the Objective-See Foundation, for a hacking technique that allowed him, using the macOS version of Zoom, to elevated privileges and gain access to the entire macOS operating system.

A now-removed rogue package pushed to the official third-party software repository for Python has been found to deploy cryptominers on Linux systems. The module, named "Secretslib" and downloaded 93 times prior to its deletion, was released to the Python Package Index on August 6, 2022 and is described as "Secrets matching and verification made easy."

Russia's Shuckworm cyber group launching ongoing attacks on Ukraine. The Russia-linked cyber group Shuckworm is continuing to target Ukrainian organizations with infostealing malware.

India's military has celebrated the nation's Independence Day by announcing it will adopt locally developed quantum key distributiontechnology that can operate across distances of 150km. While the likes of Toshiba offer a commercial service, current implementations such as a network in London span just 32km. India's military announced it has trialled tech that operates over 150km, and now plans to buy it and put it to work.

Every business needs to deliver on several core foundations to be successful. Bringing cybersecurity in line with business metrics.

As last week's hacker summer camps would down it's clear that attendee numbers are still well down on the pre-COVID days, although things are recovering. Risk management is a key tenet of security and there was much discussion in the weeks and months before the shows about whether flying into Las Vegas and spending a week in crowded hotels was worth the risk.

In this Help Net Security video, Erik Costlow, Senior Director of Product Management at Azul, talks about Java centric vulnerabilities and the headache they have become for developers everywhere. He touches on the need for putting security back into DevOps and how developers can better navigate vulnerabilities that are taking up all of their efforts and keeping them from being able to focus on the task at hand.