Security News > 2022 > December

Microsoft warns of Russian cyberattacks throughout the winter
2022-12-06 00:44

Microsoft has warned of Russian-sponsored cyberattacks continuing to target Ukrainian infrastructure and NATO allies in Europe throughout the winter. Redmond said in a report published over the weekend that it observed a pattern of targeted attacks on infrastructure in Ukraine by the Russian military intelligence threat group Sandworm in association with missile strikes.

Gunfire at electrical grid kills power for 45,000 in North Carolina
2022-12-05 23:30

Officials in Moore County, North Carolina, declared a state of emergency on Sunday after gunfire damaged an electrical substation and left 45,000 homes and businesses without power in near freezing temperatures. The state of emergency declaration, obtained by North Carolina-based publication The Pilot, says, "Massive Power Outages due to criminal activityhas caused widespread and significant power outages within the County of Moore, North Carolina. It is anticipated to take up to one week for the power to be restored to residents, businesses, churches, schools, and government."

Google warns stolen Android keys used to sign info-stealing malware
2022-12-05 22:30

Compromised Android platform certificate keys from device makers including Samsung, LG and Mediatek are being used to sign malware and deploy spyware, among other software nasties. Googler Łukasz Siewierski found and reported the security issue and it's a doozy that allows malicious applications signed with one of the compromised certificates to gain the same level of privileges as the Android operating system - essentially unfettered access to the victim's device.

CISA orders agencies to patch exploited Google Chrome bug by Dec 26th
2022-12-05 22:06

The flaw was patched as an actively exploited zero-day bug in the Google Chrome web browser on Friday for Windows, Mac, and Linux users. In a security advisory published right before the weekend, Google said it "Is aware of reports that an exploit for CVE-2022-4262 exists in the wild."

Number Nine! Chrome fixes another 2022 zero-day, Edge patched too
2022-12-05 20:58

It's just under two weeks since Google rushed out a Chrome patch for the then-current version 107 to seal off a bug that was already being used in real-life attacks. How might the bug might be triggered? Was merely viewing a booby-trapped web page enough? Could it be abused for remote code execution? Could the crooks end up installing malware without any visible warning? Who was using it? Were they state-sponsored attackers, or some other sort of cybercriminals? What they were after? Were they into data stealing, ransomware attacks, unlawful surveillance, or all of those things?

Ransomware attack forces French hospital to transfer patients
2022-12-05 20:41

The André-Mignot teaching hospital in the suburbs of Paris had to shut down its phone and computer systems because of a ransomware attack that occurred on Saturday evening. Jean-Noël Barrot, the Minister Delegate in charge of Digital Transition and Telecommunications, said the hospital immediately isolated the infected systems to limit the spread of the malware to additional devices and alerted the French National Authority for Security and Defense of Information Systems.

Sneaky hackers reverse defense mitigations when detected
2022-12-05 20:08

A financially motivated threat actor is hacking telecommunication service providers and business process outsourcing firms, actively reversing defensive mitigations applied when the breach is detected. The attacks have been attributed with low confidence to hackers tracked as 'Scattered Spider,' who demonstrate persistence in maintaining access, reversing mitigations, evading detection, and pivoting to other valid targets if thwarted.

Ping of death! FreeBSD fixes crashtastic bug in network tool
2022-12-05 19:59

One of the first low-level network tools that any computer user learns about is the venerable ping utility. As a result, ping it uses a much lower-level protocol than TCP. Indeed, ping doesn't even use TCP's more casual cousin UDP, short for user datagram protocol, which a way of transmitting data chunks that is fast and easy, but is popularly referred to as send-and-hope.

Hackers hijack Linux devices using PRoot isolated filesystems
2022-12-05 17:15

Hackers are abusing the open-source Linux PRoot utility in BYOF attacks to provide a consistent repository of malicious tools that work on many Linux distributions. A Bring Your Own Filesystem attack is when threat actors create a malicious filesystem on their own devices that contain a standard set of tools used to conduct attacks.

Severe AMI MegaRAC flaws impact servers from AMD, ARM, HPE, Dell, others
2022-12-05 15:07

Three vulnerabilities in the American Megatrends MegaRAC Baseboard Management Controller software impact server equipment used in many cloud service and data center providers. The flaws were discovered by Eclypsium in August 2022 and could enable attackers, under certain conditions, to execute code, bypass authentication, and perform user enumeration.