Security News > 2022

Critical “10-out-of-10” Linux kernel SMB hole – should you worry?
2022-12-27 19:35

ZDI doesn't just deal in competitive bug hunting in its twice-a-year contests, so it also regularly puts out vulnerability notices for zero-days that were disclosed in more conventional ways, like this one, entitled Linux Kernel ksmbd Use-After-Free Remote Code Execution Vulnerability. Even though this bug has had some dramatic coverage over the holiday weekend, given that it was a remote code execution hole in the Linux kernel itself, and came with a so-called CVSS score of 10/10, considered Critical.

FIN7 threat actor updated its ransomware activity
2022-12-27 17:53

FIN7 is a threat actor that mostly focuses on stealing financial information, but it also sells sensitive information stolen from companies. FIN7 started using ransomware in 2020, being affiliates of a few of the most active ransomware groups: Sodinokibi, REvil, LockBit and DarkSide.

BlueNoroff APT Hackers Using New Ways to Bypass Windows MotW Protection
2022-12-27 14:57

BlueNoroff, a subcluster of the notorious Lazarus Group, has been observed adopting new techniques into its playbook that enable it to bypass Windows Mark of the Web protections. "BlueNoroff created numerous fake domains impersonating venture capital companies and banks," security researcher Seongsu Park said, adding the new attack procedure was flagged in its telemetry in September 2022.

Arresting IT Administrators
2022-12-27 12:01

"Holding software 'engineers' to the same standards as civil or electrical engineers is fine, so long as you are happy to pay the same for each computer as a bridge." Hmmm "Software -v- civil/electrical" is not comparing apples with apples.

Facebook to Pay $725 Million to settle Lawsuit Over Cambridge Analytica Data Leak
2022-12-27 06:18

Meta Platforms, the parent company of Facebook, Instagram, and WhatsApp, has agreed to pay $725 million to settle a long-running class-action lawsuit filed in 2018. The legal dispute sprang up in response to revelations that the social media giant allowed third-party apps such as those used by Cambridge Analytica to access users' personal information without their consent for political advertising.

Hacker claims to be selling Twitter data of 400 million users
2022-12-26 20:44

A threat actor claims to be selling public and private data of 400 million Twitter users scraped in 2021 using a now-fixed API vulnerability. The alleged data dump is being sold by a threat actor named 'Ryushi' on the Breached hacking forum, a site commonly used to sell user data stolen in data breaches.

GuLoader Malware Utilizing New Techniques to Evade Security Software
2022-12-26 12:27

Cybersecurity researchers have exposed a wide variety of techniques adopted by an advanced malware downloader called GuLoader to evade security software. In November 2021, a JavaScript malware strain dubbed RATDispenser emerged as a conduit for dropping GuLoader by means of a Base64-encoded VBScript dropper.

2022 Top Five Immediate Threats in Geopolitical Context
2022-12-26 12:20

As we are nearing the end of 2022, looking at the most concerning threats of this turbulent year in terms of testing numbers offers a threat-based perspective on what triggers cybersecurity teams to check how vulnerable they are to specific threats. These are the threats that were most tested to validate resilience with the Cymulate security posture management platform between January 1st and December 1st, 2022.

PrivateLoader PPI Service Found Distributing Info-Stealing RisePro Malware
2022-12-26 12:12

The pay-per-install malware downloader service known as PrivateLoader is being used to distribute a previously documented information-stealing malware dubbed RisePro. Flashpoint spotted the newly identified stealer on December 13, 2022, after it discovered "Several sets of logs" exfiltrated using the malware on an illicit cybercrime marketplace called Russian Market.

LastPass Breach
2022-12-26 12:06

The threat actor was also able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data. As a reminder, the master password is never known to LastPass and is not stored or maintained by LastPass.