Security News > 2022 > November

Microsoft turned around and released a series of non-security updates that fixed some discovered connections issues - forcing many to conduct another unplanned patch cycle. The initial concern was that CVE-2022-3602 could lead to another Heartbleed situation which did result in widespread exploitation in 2014 of CVE-2014-0160 in OpenSSL. The good news is these recent CVEs are much harder to exploit, but you should update to the latest version of OpenSSL in your environment during your next patch cycle to protect yourself from the sure-to-come attacks.

A French-speaking criminal group codenamed OPERA1ER has pulled off more than 30 cyber-heists against telecom organizations and banks across Africa, Asia, and Latin America, stealing upwards of $30 million over four years, according to security researchers. In one robbery, "a network of more than 400 mule subscriber accounts were used to quickly cash out stolen funds mostly done overnight via ATMs," the researchers wrote in a report this month.

As phishing attacks soar in frequency and sophistication and are delivered by an entirely new breed of cybercriminals, it's time we utilize the latest technology to anticipate threats before they advance. Smartphones have become increasingly targeted by hacking attempts - especially since the pandemic, with total phishing attacks in the second quarter of 2022 rising to over 1 million.

In this Help Net Security video, Rebecca Herold, IEEE member and CEO of Privacy & Security Brainiacs, discusses data, privacy, surveillance, and compliance challenges facing businesses in the wake of the US Supreme Court's repeal of the Roe v. Wade decision, which stated that a clause of the Fourteenth Amendment to the US Constitution provides a "Right to privacy" and, through it, a pregnant woman's right to an abortion. In this day and age, when information about individuals is widely collected and/or inferred via online tracking and ubiquitous real-world surveillance technology, what should businesses do when asked to hand over data about their users and employees.

Bishop Fox collected and analyzed publicly disclosed reports from January to July 2022 to better understand the most frequently reported vulnerability types, the highest-disclosed bounties, and more. In this Help Net Security video, Carlos Yanez, Security Consultant at Bishop Fox, talks about the most frequently reported vulnerability types and severities.

Over the years, there has been a long-standing narrative that foreign state-sponsored threat actors present the most significant cyber threat to the election process. The threat actors also targeted devices belonging to the state boards of elections, state secretaries of state, and organizations that supported election infrastructure to steal voter data.

You will also receive a complimentary subscription to TechRepublic's News and Special Offers newsletter and the Top Story of the Day newsletter. You may unsubscribe from these newsletters at any time.

Microsoft is rolling out a fix for a known issue affecting Outlook for Microsoft 365 users and preventing them from scheduling Teams meetings because the option is no longer available on the app's ribbon menu. The Teams Meeting add-in can be found in the Calendar view, and it helps Outlook users to create Teams meetings from Outlook.

Microsoft has significantly reduced latency for Windows and Mac users of the Teams desktop client in some critical scenarios when interacting with the application. Jeff Chen, a Microsoft Principal Group Program Manager for Microsoft Teams, said today that the app is now more than 30% faster when switching between chat and channel threads.

"It's a huge threat because it bypasses the security measures put in place by an organization, including one of the most effective, which is MFA," Sami Elhini, biometrics specialist at Cerberus Sentinel, told The Register. The attacks on MFA come as businesses, with the COVID-19 pandemic lifting, are adopting cloud-first and zero-trust models, which often rely on MFA to protect data and applications, Stephanie Aceves, senior director of products management at Tanium, told The Register.