Security News > 2022

As more companies focus on digital adoption goals in 2022, finding security tools to detect malicious activity is top-of-mind for executives. As cybercrime is set to cost the world 10.5 trillion dollars annually by 2025, IT executives and their teams will need to make policy changes, step up security training and use cybersecurity tools such as these to manage digital security in 2022 - and beyond.

VirusTotal, the popular online service for analyzing suspicious files, URLs and IP addresses, can be used to collect credentials stolen by malware, researchers at SafeBreach have found. With a €600 VirusTotal license, they have managed to collect more than 1,000,000 credentials just by executing simple searches with a few tools.

A new ransomware family, White Rabbit, chewed through a local U.S. bank last month - and it may be connected to the financially motivated advanced persistent threat group known as FIN8, researchers said. It looks like the operators behind the White Rabbit ransomware have taken a page from the more established ransomware family known as Egregor when it comes to hiding their malicious activity, researchers said.

Some 15 server infrastructures used by crims to prepare ransomware attacks were seized by cops yesterday as part of an international sting to take down VPNLab.net. The VPN provider's service gave users "Shielded communications and internet access" that was used in "Support of serious criminals acts such as ransomware deployment and other cybercrime activities," Europol said today.

A new ransomware family called 'White Rabbit' appeared in the wild recently, and according to recent research findings, could be a side-operation of the FIN8 hacking group. The first public mention of the White Rabbit ransomware was in a tweet by ransomware expert Michael Gillespie, seeking a sample of the malware.

A critical security vulnerability in the Zoho ManageEngine Desktop Central and Desktop Central MSP platforms could allow authentication bypass, the company has warned. Zoho's ManageEngine Desktop Central is a unified endpoint management solution that lets IT admins manage servers, laptops, desktops, smartphones and tablets from a central location.

The official app for Beijing 2022 Winter Olympics, 'My 2022,' was found to be insecure when it comes to protecting the sensitive data of its users. Finally, the app violates China's own laws regarding privacy protection.

SJD Accountancy and Nixon Williams - both contractor-focused beancounting firms owned by the same corporate parent as cyber-attack-struck UK umbrella company Parasol - have been hit by online attackers. The three firms are all nested under UK corporate parent Optionis Group, which describes itself as a "Family" of "Award-winning tax, umbrella and accountancy solutions" aimed at contractors.

For the final quarter of 2021, DHL surpassed Microsoft as the brand most spoofed in phishing campaigns, says Check Point Research. For the final quarter of 2021, DHL took over the top spot from Microsoft as the most impersonated brand by cybercriminals using phishing tactics.

After a banner year for vulnerabilities and cyberattacks in 2021, organizations believe they are fighting a "Losing battle" against security vulnerabilities and threats, "Despite the billions of dollars spent collectively on cybersecurity technology," according to an annual security report from Bugcrowd. The 2022 report-which compiles data from the company's activity over the year-highlights some of the top trends in terms of vulnerabilities that organizations reported in 2021 as well as the types of attacks that occurred most prevalently.