Security News > 2022 > December

Florida man Nicholas Truglia was sentenced to 18 months in prison on Thursday for his involvement in a fraud scheme that led to the theft of millions from cryptocurrency investor Michael Terpin. The funds were stolen following a January 2018 SIM swap attack that allowed Truglia's co-conspirators to hijack Terpin's phone number and fraudulently transfer roughly $23.8 million in cryptocurrency from his crypto wallet to an online account under Truglia's control.

The North Korean 'Lazarus' hacking group is linked to a new attack spreading fake cryptocurrency apps under the made-up brand, "BloxHolder," to install the AppleJeus malware for initial access to networks and steal crypto assets. A new report by Volexity has identified new, fake crypto programs and AppleJeus activity, with signs of evolution in the malware's infection chain and abilities.

Some of Rackspace's hosted Microsoft Exchange services have been taken down by what the company has described as a "Security incident". "On Friday, Dec 2, 2022, we became aware of an issue impacting our Hosted Exchange environment. We proactively powered down and disconnected the Hosted Exchange environment while we triaged to understand the extent and the severity of the impact. After further analysis, we have determined that this is a security incident."

Search giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser. The high-severity flaw, tracked as CVE-2022-4262, concerns a type confusion bug in the V8 JavaScript engine.

In Palmdale, California on Friday, Northrop Grumman CEO Kathy Warden revealed a US Air Force warplane that had only been shown in artist renderings and is supposed to be seldom seen, the B-21 Raider. "With this aircraft, we're delivering the next generation of stealth technology designed for the US Air Force to meet its most complex missions."

Australian health insurer Medibank's prognosis following an October data breach keeps getting worse as criminals dumped another batch of stolen customer data on the dark web. Medibank said it's still analyzing the leaked data, which includes six "Sipped files in a folder called 'full' containing the raw data that we believed the criminal stole."

November 26th 2022 Ransomware gang targets Belgian municipality, hits police instead. The Ragnar Locker ransomware gang has published stolen data from what they thought was the municipality of Zwijndrecht, but turned out to be stolen from Zwijndrecht police, a local police unit in Antwerp, Belgium. PCrisk found new Dharma ransomware variants that append the.

At a GMC plant. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.

Google has released Chrome 108.0.5359.94/.95 for Windows, Mac, and Linux users to address a single high-severity security flaw, the ninth Chrome zero-day exploited in the wild patched since the start of the year.This update was immediately rolled out to our systems when BleepingComputer checked for new updates from the Chrome menu > Help > About Google Chrome.

American cloud computing services provider Rackspace says an ongoing outage affecting its hosted Microsoft Exchange environments and likely thousands of customers was caused by a security incident. "We are investigating an issue that is affecting our Hosted Exchange environments. More details will be posted as they become available," Rackspace said on Friday night, at 02:49 AM EST, when it acknowledged the outage.