Security News > 2022

The U.S. Federal Bureau of Investigation has warned of cyber criminals building rogue cryptocurrency-themed apps to defraud investors in the virtual assets space. "The FBI has observed cyber criminals contacting U.S. investors, fraudulently claiming to offer legitimate cryptocurrency investment services, and convincing investors to download fraudulent mobile apps, which the cyber criminals have used with increasing success over time to defraud the investors of their cryptocurrency," the agency said [PDF].

There are critical blind spots in most security solutions today that make it nearly impossible to detect and prevent lateral movement attacks. It's important to realize that lateral movement is an almost never-ending process, where the tactic is constantly repeated on different machines until the attacker reaches the desired target.

A Panaseer survey of global insurers across the UK and US found that 82% are expecting the rise in premiums to continue, with 74% of insurers agreeing that their inability to accurately understand a customer's security posture is impacting price increases. To help combat the ransomware crisis, researchers found that 87% of insurers want a consistent approach to analysing cyber risk, and 89% want direct access to customer security metrics and measures proving the status of security controls.

Two Florida residents will spend years behind bars and pay more than half a million dollars for wire fraud and identity theft, among other illicit deeds, for running COVID-19 scams. US District Judge William Jung on Friday sentenced Randy Xavier Jones, a 34-year-old man of Sarasota, Florida, to five years and one month in federal prison for wire fraud and aggravated identity theft.

With speculative execution attacks remaining a stubbornly persistent vulnerability ailing modern processors, new research has highlighted an "Industry failure" to adopting mitigations released by AMD and Intel, posing a firmware supply chain threat. "The impact of such attacks is focused on disclosing the content from privileged memory to obtain sensitive data from processes running on the same processor," the firmware protection firm said in a report shared with The Hacker News.

Industrial engineers and operators are the target of a new campaign that leverages password cracking software to seize control of Programmable Logic Controllers and co-opt the machines to a botnet. The software "Exploited a vulnerability in the firmware which allowed it to retrieve the password on command," Dragos security researcher Sam Hanson said.

Juniper Networks has pushed security updates to address several vulnerabilities affecting multiple products, some of which could be exploited to seize control of affected systems. The most critical of the flaws affect Junos Space and Contrail Networking, with the tech company urging customers to release versions 22.1R1 and 21.4.0, respectively.

Cybercriminals posing as legitimate investment firms and cryptocurrency exchanges have stolen tens of millions of dollars from more than 200 people by convincing them to download mobile apps and deposit cryptocurrency into wallets owned by the perpetrators. According to an alert [PDF] sent out on Monday by the FBI, the cyber-thieves are contacting US investors, fraudulently claiming to be legitimate organizations offering cryptocurrency services and mobile apps.

All you have to do is purchase the tool, run it on a Windows PC connected to the industrial controller via serial cable, click a button, and the password for the equipment is revealed. Under the hood, the software exploits a vulnerability - tracked as CVE-2022-2003 - in the device's Automation Direct firmware to retrieve the password in plain-text on command.

Unless you had read the manual really carefully, and taken additional precautions yourself by adding a layer of your own security on top of Log4j, your software could come unstuck. INPUT OUTCOME ----------------- ---------------------- CURRENT=$ /$ -> CURRENT=Java version 17.0.1/Windows 10 10.0 Server account is: $ -> Server account is: root $ -> SECRETDATAINTENDEDTOBEINMEMORYONLY. Clearly, if you're accepting logging text from a trusted source, where it's reasonable to allow the loggee to control the logger by telling it to substitute plain text with chosen internal data, this sort of text rewriting is useful.