Security News > 2022 > September

I'm devastated to report that Peter Eckersley [], one of the original founders of Let's Encrypt, died earlier this evening [2022-09-02] at CPMC Davies Hospital in San Francisco. Peter was the leader of EFF's contributions to Let's Encrypt and ACME over the course of several years during which these technologies turned from a wild idea into an important part of Internet infrastructure.

A bad Microsoft Defender signature update mistakenly detects Google Chrome, Microsoft Edge, Discord, and other Electron apps as 'Win32/Hive. The issue started Sunday morning when Microsoft pushed out Defender signature update 1.373.1508.0 to include two new threat detections, including Behavior:Win32/Hive.

A new and upgraded version of the SharkBot malware has returned to Google's Play Store, targeting banking logins of Android users through apps that have tens of thousands of installations. Malware analysts at Cleafy, an Italian online fraud management and prevention company, discovered SharkBot in October 2021.

US-based CISOs get nearly $1 million per yearThe role of the Chief Information Security Officer is a relatively new senior-level executive position within most organizations, and is still evolving. Patch critical flaw in Atlassian Bitbucket Server and Data Center!A critical vulnerability in Atlassian Bitbucket Server and Data Center could be exploited by unauthorized attackers to execute malicious code on vulnerable instances.

The new Microsoft Edge 105 is not starting for many Windows users due to a deprecated group policy used to disable reporting of usage and crash-related data to Microsoft. On Thursday, Microsoft Edge 105 was released with numerous enhancements, including enhanced security mode improvements and new group policies.

On Friday, the IRS disclosed that in addition to sharing Form 990-T data for charities, they also accidentally included data for taxpayers' IRAs that was not meant to be public. "The IRS recently discovered that some machine-readable Form 990-T data made available for bulk download section on the Tax Exempt Organization Search should not have been made public," the IRS disclosed on Friday.

The source code of a remote access trojan dubbed 'CodeRAT' has been leaked on GitHub after malware analysts confronted the developer about attacks that used the tool. More specifically, CodeRAT supports about 50 commands and comes with extensive monitoring capabilities targeting webmail, Microsoft Office documents, databases, social network platforms, integrated development environment for Windows Android, and even individual websites like PayPal.

South Korean chaebol Samsung on Friday said it experienced a cybersecurity incident that resulted in the unauthorized access of some customer information, the second time this year it has reported such a breach. "In late July 2022, an unauthorized third-party acquired information from some of Samsung's U.S. systems," the company disclosed in a notice.

Google on Friday shipped emergency fixes to address a security vulnerability in the Chrome web browser that it said is being actively exploited in the wild. The issue, assigned the identifier...

Google has released Chrome 105.0.5195.102 for Windows, Mac, and Linux users to address a single high-severity security flaw, the sixth Chrome zero-day exploited in attacks patched this year. This new version is rolling out in the Stable Desktop channel, with Google saying that it will reach the entire user base within a matter of days or weeks.