Security News > 2022 > December

Microsoft has warned of Russian-sponsored cyberattacks continuing to target Ukrainian infrastructure and NATO allies in Europe throughout the winter. Redmond said in a report published over the weekend that it observed a pattern of targeted attacks on infrastructure in Ukraine by the Russian military intelligence threat group Sandworm in association with missile strikes.

Officials in Moore County, North Carolina, declared a state of emergency on Sunday after gunfire damaged an electrical substation and left 45,000 homes and businesses without power in near freezing temperatures. The state of emergency declaration, obtained by North Carolina-based publication The Pilot, says, "Massive Power Outages due to criminal activityhas caused widespread and significant power outages within the County of Moore, North Carolina. It is anticipated to take up to one week for the power to be restored to residents, businesses, churches, schools, and government."

Compromised Android platform certificate keys from device makers including Samsung, LG and Mediatek are being used to sign malware and deploy spyware, among other software nasties. Googler Łukasz Siewierski found and reported the security issue and it's a doozy that allows malicious applications signed with one of the compromised certificates to gain the same level of privileges as the Android operating system - essentially unfettered access to the victim's device.

The flaw was patched as an actively exploited zero-day bug in the Google Chrome web browser on Friday for Windows, Mac, and Linux users. In a security advisory published right before the weekend, Google said it "Is aware of reports that an exploit for CVE-2022-4262 exists in the wild."

It's just under two weeks since Google rushed out a Chrome patch for the then-current version 107 to seal off a bug that was already being used in real-life attacks. How might the bug might be triggered? Was merely viewing a booby-trapped web page enough? Could it be abused for remote code execution? Could the crooks end up installing malware without any visible warning? Who was using it? Were they state-sponsored attackers, or some other sort of cybercriminals? What they were after? Were they into data stealing, ransomware attacks, unlawful surveillance, or all of those things?

The André-Mignot teaching hospital in the suburbs of Paris had to shut down its phone and computer systems because of a ransomware attack that occurred on Saturday evening. Jean-Noël Barrot, the Minister Delegate in charge of Digital Transition and Telecommunications, said the hospital immediately isolated the infected systems to limit the spread of the malware to additional devices and alerted the French National Authority for Security and Defense of Information Systems.

A financially motivated threat actor is hacking telecommunication service providers and business process outsourcing firms, actively reversing defensive mitigations applied when the breach is detected. The attacks have been attributed with low confidence to hackers tracked as 'Scattered Spider,' who demonstrate persistence in maintaining access, reversing mitigations, evading detection, and pivoting to other valid targets if thwarted.

One of the first low-level network tools that any computer user learns about is the venerable ping utility. As a result, ping it uses a much lower-level protocol than TCP. Indeed, ping doesn't even use TCP's more casual cousin UDP, short for user datagram protocol, which a way of transmitting data chunks that is fast and easy, but is popularly referred to as send-and-hope.

Hackers are abusing the open-source Linux PRoot utility in BYOF attacks to provide a consistent repository of malicious tools that work on many Linux distributions. A Bring Your Own Filesystem attack is when threat actors create a malicious filesystem on their own devices that contain a standard set of tools used to conduct attacks.

Three vulnerabilities in the American Megatrends MegaRAC Baseboard Management Controller software impact server equipment used in many cloud service and data center providers. The flaws were discovered by Eclypsium in August 2022 and could enable attackers, under certain conditions, to execute code, bypass authentication, and perform user enumeration.