Security News > 2022

A critical code-execution vulnerability in Microsoft Windows was patched in September. Like EternalBlue, CVE-2022-37958, as the latest vulnerability is tracked, allows attackers to execute malicious code with no authentication required.

Cybersecurity researchers have detailed two security flaws in the JavaScript-based blogging platform known as Ghost, one of which could be abused to elevate privileges via specially crafted HTTP requests. Tracked as CVE-2022-41654, the authentication bypass vulnerability that allows unprivileged users to make unauthorized modifications to newsletter settings.

The Zerobot DDoS botnet has received substantial updates that expand on its ability to target more internet-connected devices and scale its network. "The most recent distribution of Zerobot includes additional capabilities, such as exploiting vulnerabilities in Apache and Apache Spark, and new DDoS attack capabilities," Microsoft researchers said.

Scammers using Google Ads, stolen blog articles, and a "Popunder" ad scheme on adult websites pulled in more than $275,000 a day by generating millions of ad impressions every month. Once on the Txxx iframe page, the user may click on a video or thumbnail, which triggers a real click on a Google Ad on the popunder page underneath, he wrote.

The reports, "Apps at Risk: Apple's Censorship and Compromises in Hong Kong" and "United Apple: Apple's Censorship and Compromises in Russia," were released by the Apple Censorship Project, which is run by free speech advocacy group GreatFire. "Apple's temporary withdrawal from Russia following the start of the war in Ukraine, and Apple's decision to move part of its production out of China, have not provided tangible evidence of any improvement of the situation in the App Store so far. For all we know, Apple is still willing to collaborate with repressive regimes."

A decentralized work environment makes it easier for criminals to target employees through private social channels, as the employee does not feel that they are being watched as closely as they would in a busy office setting. Not every employee affected by a restructuring suddenly becomes a bad guy, but security leaders should work with Human Resources or People Operations and people managers to make them aware of this type of criminal scheme, so that they can take the necessary steps to offer support to employees who could be affected by such organizational or personal matters.

Éireann Leverett, Technology and Risk Entrepreneur, makes audience think about ransomware risks from more that one perspective, and that includes the perspective of the threat actors. He also lays out the many interesting results of an analysis of a decade of known ransomware attacks and paid ransoms.

"Several years ago in cybersecurity, companies realized that the single greatest threat vector was the individual end user. So, the focus shifted from perimeter and end-point security to automatically applying security at the user level," said Jeff Kukowski, CEO of CloudBolt. "I think this new report reveals a similar parallel in cloud security. Macro solutions that don't make cloud security automatic at the individual, cloud-provisioning 'moment of truth' create lots of opportunity for exposure and leave enterprises only 'somewhat, sometimes' secure. I predict 2023 will be the year we see significantly more focus on shoring up these current cloud security shortfalls. It's a very solvable problem when you apply the right approaches," Kukowski continued.

Okta, a company that provides identity and access management services, disclosed on Wednesday that some of its source code repositories were accessed in an unauthorized manner earlier this month. The security event, which was first reported by Bleeping Computer, involved unidentified threat actors gaining access to the Okta Workforce Identity Cloud code repositories hosted on GitHub.

Crooks are using an Android banking Trojan dubbed Godfather to steal from banking and cryptocurrency exchange app users in 16 countries, according to Group-IB security researchers. The security firm first detected Godfather in June 2021 and as of October, the credential-stealing malware has targeted the users of more than 400 applications.