Security News > 2022 > August

Microsoft is showing ads for Microsoft 365 Family subscriptions to its Office 2021 customers, offering them discounts of over $28 to get a 3-month Family plan subscription. Several users have reported seeing these ads this week, starting on August 10, with Lee Holmes, a Principal Security Architect at Microsoft Azure Security, also sharing today a screenshot showing the ad displayed as an alert bar under the Office menu.

A security researcher has shown how to, with physical access at least, fully take over a Starlink satellite terminal using a homemade modchip. Lennert Wouters, a researcher at the KU Leuven University in Belgium, walked through his methodology during a talk at Black Hat in Las Vegas this week.

SQUID consists of five steps: Stop, Question, Understand, Imagine, and Decide. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Versions of a cross-platform instant messenger application focused on the Chinese market known as 'MiMi' have been trojanized to deliver a new backdoor that can be used to steal data from Linux and macOS systems. SEKOIA's Threat & Detection Research Team says that the app's macOS 2.3.0 version has been backdoored for almost four months, since May 26, 2022.

The security community is so focused on attacks relying on software that it often forgets that physical attacks are possible. Physical attacks are also often seen as an attacker having the capability to physically access the targeted computer and then use some hardware to compromise the computer.

"A simple way to send a piece of shit in a box around the world," ShitExpress describes what is a prank web service where customers can purchase and deliver real animal feces to friends or frenemies located anywhere in the world. Co hacking forum and a well-known hacker who has previously stolen private data from companies like QuestionPro and Mangatoon.

The US government is putting a face on a claimed member of the infamous Conti ransomware group as part of a $10 million reward for information about five of the gang's crew. "The reward notice included the aliases of the alleged attackers -"Tramp," "Dandis," "Professor,"Reshaev," and "Target" - and came with a photo of a man and a message underneath it that said, "Is this the Conti associate known as 'Target'?".

Some signed third-party bootloaders for the Unified Extensible Firmware Interface could allow attackers to execute unauthorized code in an early stage of the boot process, before the operating system loads. Eclypsium security researchers Mickey Shkatov and Jesse Michael discovered vulnerabilities affecting UEFI bootloaders from third-party vendors that could be exploited to bypass the Secure Boot feature on Windows machines.

Almost 2,000 data breaches reported for the first half of 2022. In a new report entitled State of Data Breach Intelligence: 2022 Midyear Edition, security firm Flashpoint looks at the number and types of data breaches reported for the first half of 2022.

Zeppelin ransomware is back and employing new compromise and encryption tactics in its recent campaigns against various vertical industries-particularly healthcare-as well as critical infrastructure organizations, the feds are warning. Zeppelin also appears to have a new multi-encryption tactics, executing the malware more than once within a victim's network and creating different IDs and file extensions for multiple instances attack, according to the CISA. "This results in the victim needing several unique decryption keys," according to the advisory.