Security News > 2022

ZDI doesn't just deal in competitive bug hunting in its twice-a-year contests, so it also regularly puts out vulnerability notices for zero-days that were disclosed in more conventional ways, like this one, entitled Linux Kernel ksmbd Use-After-Free Remote Code Execution Vulnerability. Even though this bug has had some dramatic coverage over the holiday weekend, given that it was a remote code execution hole in the Linux kernel itself, and came with a so-called CVSS score of 10/10, considered Critical.

FIN7 is a threat actor that mostly focuses on stealing financial information, but it also sells sensitive information stolen from companies. FIN7 started using ransomware in 2020, being affiliates of a few of the most active ransomware groups: Sodinokibi, REvil, LockBit and DarkSide.

BlueNoroff, a subcluster of the notorious Lazarus Group, has been observed adopting new techniques into its playbook that enable it to bypass Windows Mark of the Web protections. "BlueNoroff created numerous fake domains impersonating venture capital companies and banks," security researcher Seongsu Park said, adding the new attack procedure was flagged in its telemetry in September 2022.

"Holding software 'engineers' to the same standards as civil or electrical engineers is fine, so long as you are happy to pay the same for each computer as a bridge." Hmmm "Software -v- civil/electrical" is not comparing apples with apples.

Meta Platforms, the parent company of Facebook, Instagram, and WhatsApp, has agreed to pay $725 million to settle a long-running class-action lawsuit filed in 2018. The legal dispute sprang up in response to revelations that the social media giant allowed third-party apps such as those used by Cambridge Analytica to access users' personal information without their consent for political advertising.

A threat actor claims to be selling public and private data of 400 million Twitter users scraped in 2021 using a now-fixed API vulnerability. The alleged data dump is being sold by a threat actor named 'Ryushi' on the Breached hacking forum, a site commonly used to sell user data stolen in data breaches.

Cybersecurity researchers have exposed a wide variety of techniques adopted by an advanced malware downloader called GuLoader to evade security software. In November 2021, a JavaScript malware strain dubbed RATDispenser emerged as a conduit for dropping GuLoader by means of a Base64-encoded VBScript dropper.

As we are nearing the end of 2022, looking at the most concerning threats of this turbulent year in terms of testing numbers offers a threat-based perspective on what triggers cybersecurity teams to check how vulnerable they are to specific threats. These are the threats that were most tested to validate resilience with the Cymulate security posture management platform between January 1st and December 1st, 2022.

The pay-per-install malware downloader service known as PrivateLoader is being used to distribute a previously documented information-stealing malware dubbed RisePro. Flashpoint spotted the newly identified stealer on December 13, 2022, after it discovered "Several sets of logs" exfiltrated using the malware on an illicit cybercrime marketplace called Russian Market.

The threat actor was also able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data. As a reminder, the master password is never known to LastPass and is not stored or maintained by LastPass.