Security News > 2022

The US Federal Communications Commission is considering imposing stricter rules requiring telecommunications carriers to report data breaches to customers and law enforcement more quickly. Chairwoman Jessica Rosenworcel drafted a document outlining the new proposal to strengthen the FCC's powers for disclosing data breaches and leaks to customers and federal agencies of "Customer proprietary network information." The updated rules, published this week, would keep the FCC in line with other federal and state data breach laws, she said.

Moxie Marlinspike, the founder of the popular encrypted instant messaging service Signal, has announced that he is stepping down as the chief executive of the non-profit in a move that has been underway over the last few months. "In other words, after a decade or more, it's difficult to overstate how important Signal is to me, but I now feel very comfortable replacing myself as CEO based on the team we have, and also believe that it is an important step for expanding on Signal's success," Marlinspike said in a blog post on Monday.

Google has finally rolled out an option on Android allowing users to disable 2G connections, which come with a host of privacy and security problems exploited by cell-site simulators. While Google has given Android users the option not to allow 2G cellular connections on their device, the setting is turned on by default.

The Federal Communications Commission has proposed more rigorous data breach reporting requirements for telecom carriers in response to breaches that recently hit the telecommunications industry. "I look forward to having my colleagues join me in taking a fresh look at our data breach reporting rules to better protect consumers, increase security, and reduce the impact of future breaches."

From basic financial pump-and-dump schemes to straight-up nation-state cybertheft, nascent crypto markets, and their investors - often with dubious understanding of how they really work - have become prime targets for crypto scammers. North Korean-backed cybercrime groups, including APT 38/Lazarus Group, have turned their talents and resources exclusively toward ripping off crypto markets, according to a new report from Chainalysis.

On Thursday, Orca Security published details about Superglue and BreakingFormation, vulnerabilities in AWS Glue and AWS Cloud Formation that allowed attackers to access data for other customers and to access files and make server-side requests to internal web services infrastructure. "During our research, we were able to identify a feature in AWS Glue that could be exploited to obtain credentials to a role within the AWS service's own account, which provided us full access to the internal service API," explained Yanir Tsarimi in a blog post.

The North Korean threat actor group known as 'BlueNoroff' has been spotted targeting cryptocurrency startups with malicious documents and fake MetaMask browser extensions. BlueNoroff uses these real discussions to name laced documents accordingly and send them to the target employee at the right time.

Amazon Web Services has addressed an AWS Glue security issue that allowed attackers to access and alter data linked to other AWS customer accounts. The flaw stemmed from an exploitable AWS Glue feature and an internal service API misconfiguration that allowed Orca Security security researchers to escalate privileges to gain access to all service resources in the region.

Amazon Web Services has addressed an AWS Glue security issue that allowed attackers to access and alter data linked to other AWS customer accounts. The flaw stemmed from an exploitable AWS Glue feature and an internal service API misconfiguration that allowed Orca Security security researchers to escalate privileges to gain access to all service resources in the region.

Microsoft has pulled the January Windows Server cumulative updates after critical bugs caused domain controllers to reboot, Hyper-V to not work, and ReFS volume systems to become unavailable. Tuesday, Microsoft released the January 2022 Patch Tuesday updates for Windows Server that includes numerous security updates and bug fixes.