Security News > 2022

A court in Moscow has imposed a fine of $358 million on Google LLC for failing to restrict access to information considered prohibited in the country. Last month, the organization fined 68 million rubles Google LLC for the umpteenth time for failure to remove prohibited information.

The FBI has warned today that cybercriminals use fraudulent cryptocurrency investment applications to steal funds from US investors. "The FBI has observed cyber criminals contacting US investors, fraudulently claiming to offer legitimate cryptocurrency investment services, and convincing investors to download fraudulent mobile apps, which the cyber criminals have used with increasing success over time to defraud the investors of their cryptocurrency," the FBI said in an alert published Monday.

Why North Korean cybercriminals are targeting businesses with ransomware. What happens when a hostile nation-state sponsors that same tactic? A new report by the Microsoft Threat Intelligence Center examines a series of ransomware attacks with ties to North Korea.

According to cybersecurity firm Trellix's quarterly Threat Report: Summer 2022, released today, the line between ransomware gangs and nation-states continued to blur between Q4 2021 to Q1 2022. Business services providers and telecoms were the most targeted industries for ransomware attacks.

Researchers from Wordfence have sounded the alarm about a "Sudden" spike in cyber attacks attempting to exploit an unpatched flaw in a WordPress plugin called Kaswara Modern WPBakery Page Builder Addons. Tracked as CVE-2021-24284, the issue is rated 10.0 on the CVSS vulnerability scoring system and relates to an unauthenticated arbitrary file upload that could be abused to gain code execution, permitting attackers to seize control of affected WordPress sites.

Albania's online public services and websites have gone dark following what appears to be a cyberattack. According to a statement from the Albanian National Agency for Information Society, the websites of the Prime Minister's Office and Parliament have both been pulled as has, critically, the e-Albania portal used by residents and foreigners alike to access public services.

Including Facebook, add parameters to the web address for tracking purposes. Mozilla introduced support for URL stripping in Firefox 102, which it launched in June 2022.

Taiwan, South Korea, Japan, the US, and the U.K. the Roaming Mantis operation moved to targeting Android and iOS users in France, likely compromising tens of thousands of devices. Roaming Mantis is believed to be a financially-motivated threat actor that started targeting European users in February.

Admins were also told that they could find more information regarding these ongoing problems in the admin center under EX401976 and OL401977. While Redmond did not reveal the scale of the issue, thousands of reports have been submitted in the past 24 hours on DownDetector by Outlook and Exchange Online users who have either been unable or experienced difficulties when trying to log in or email.

Microsoft recommends configuring the password history to remember the last 24 passwords. Unless an organization enforces a password history requirement, a user could skirt the rules by changing their password and then immediately changing back to their original password.