Security News > 2022

The Magniber ransomware has been spotted using Windows application package files signed with valid certificates to drop malware pretending to be Chrome and Edge web browser updates. APPX files are Windows application package files created for streamlined distribution and installation, and have been abused by various threats in the past for malware distribution.

Organizations need to be vigilant for such attacks and make sure they have the means to prevent or combat them. "The advisory doesn't mention the current Russian-Ukraine tensions, but if the conflict escalates, you can expect Russian cyber threats to increase their operations," said Rick Holland, chief information security officer at Digital Shadows.

TellYouThePass ransomware has re-emerged as a Golang-compiled malware, making it easier to target more operating systems, macOS and Linux, in particular. The return of this malware strain was noticed last month, when threat actors used it in conjunction with the Log4Shell exploit to target vulnerable machines.

Windows 10 users and administrators report problems making L2TP VPN connections after installing the recent Windows 10 KB5009543 and Windows 11 KB5009566 cumulative updates. These updates include KB5009566 for Windows 11 and KB5009543 for Windows 10 2004, 20H1, and 21H1. After installing yesterday's updates, Windows users find their L2TP VPN connections broken when attempting to connect using the Windows VPN client.

The OceanLotus group of state-sponsored hackers are now using the web archive file format to deploy backdoors to compromised systems. A report from Netskope Threat Labs shared with Bleeping Computer in advance notes that OceanLotus' campaign using web archive files is still active, although the targeting scope is narrow and despite the command and control server being disrupted.

After a number of top traders of FIFA's Ultimate Team game last week reported that their accounts had been taken over and cleared of points and thousands of dollars in game currency, EA launched an investigation. The company discovered that phishers managed to "Exploit human error" among EA's customer support staff to compromise less than 50 top trader accounts, the company wrote in a post on its website Tuesday.

A novel multi-platform backdoor dubbed SysJoker has been successfully evading security solutions since mid-2021. "In the Linux and macOS versions, it masquerades as a system update. In the Windows version, it masquerades as Intel drivers. The update names are somewhat generic: In the macOS version, the file is relocated and named 'updateMacOs' and in the Linux version it is named 'updateSystem'," Avigayil Mechtinger, security researcher at Intezer, has shared with Help Net Security.

The campaign was first detected in October and is using services like AWS and Azure to hide its tracks and evade detection. Talos, Cisco's cybersecurity research arm, reports it has detected a new malware campaign that is using public cloud infrastructure to host and deliver variants of three remote access trojans while maintaining enough agility to avoid detection.

We'll dissect the iOS system and show how it's possible to alter a shutdown event, tricking a user that got infected into thinking that the phone has been powered off, but in fact, it's still running. The "NoReboot" approach simulates a real shutdown.

An infosec pro fed up of having to follow tedious Twitter accounts to stay on top of cybersecurity developments has set up a website that phones you if there's a new vuln you really need to know about. Keeping up with fast-developing situations, such as the Log4j vuln and its iterations, is "Extraordinarily overwhelming," he told The Register - and he reckons relying on CVE number assignations is just too slow in this day and age.