Security News > 2022

56-year-old Allen Giltman and his co-conspirators created fraudulent sites advertising various investment opportunities to solicit money from investors via the internet. In conversations with victims who reached out for investment opportunities, the fraudsters impersonated FINRA broker-dealers claiming to be employed by the financial institutions they spoofed on the scam sites.

A California man confirmed his role in a large-scale and long-running Internet-based fraud scheme that allowed him and other fraudsters to siphon roughly $50 million from dozens of investors over eight years, between 2012 to October 2020. In conversations with victims who reached out for investment opportunities, the fraudsters impersonated FINRA broker-dealers claiming to be employed by the financial institutions they spoofed on the scam sites.

The FTC is advising companies to consult the US Cybersecurity and Infrastructure Security Agency's guidance on dealing with the Log4j flaws. If companies fail to fix their code and lose customer data, the FTC says it may just see what a judge thinks about that.

Researchers have identified a threat group that's been quietly siphoning off millions of dollars from financial- and commerce-sector companies, spending months patiently studying their targets' financial systems and slipping in fraudulent transactions amongst regular activity. The Sygnia Incident Response team has been tracking the group, which it named Elephant Beetle, aka TG2003, for two years.

Google has rolled out the first round of updates to its Chrome web browser for 2022 to fix 37 security issues, one of which is rated Critical in severity and could be exploited to pass arbitrary code and gain control over a victim's system. Security researcher Yangkang of Qihoo 360 ATA, who has previously disclosed zero-day vulnerabilities in Apple's WebKit, has been credited with discovering and reporting the flaw on November 30, 2021.

This week's announcement by Florida's Broward Health System that the most intimate medical data of 1,357,879 of its patients was breached in the fall should serve as a warning that the healthcare software supply chain will be a juicy target for cybercriminals as we head into 2022, researchers warn. As startling as the number of impacted Broward patients may seem, Ron Bradley, vice president of Shared Assessments calls this breach, "Just a drop in the proverbial bucket related to healthcare losses in 2021.".

Microsoft says zero-touch onboarding for Microsoft Defender for Endpoint on iOS is now available in public preview, allowing enterprise admins to silently install Defender for Endpoint automatically on enrolled devices. "With this new capability, enterprises can now deploy Microsoft Defender for Endpoint on iOS devices that are enrolled with Microsoft Endpoint Manager automatically, without needing end-users to interact with the app," Microsoft explained.

The easy-to-find bug has been hanging around for years, ready to take Uber's customers for a ride of a very different sort. According to Seekurity security researcher and bug-hunter Seif Elsallamy, the HTML-injection issue made it possible to tap into an internet-facing internal Uber API endpoint in order to send out email directly from Uber's email system; since the emails would be coming from an authentic sender, they wouldn't trigger normal email security filters like DMARC or DKIM. Obviously, the bug opened a gaping opportunity for cyberattackers to send out social-engineering emails to the ride-sharing giant's nearly 100 million users - perhaps a message asking them to "Verify" their account info or "Update" their credit-card information.

Trojanized installers of the Telegram messaging application are being used to distribute the Windows-based Purple Fox backdoor on compromised systems. First discovered in 2018, Purple Fox comes with rootkit capabilities that allow the malware to be planted beyond the reach of security solutions and evade detection.

An ongoing ZLoader malware campaign has been uncovered exploiting remote monitoring tools and Microsoft's digital signature verification to siphon user credentials and sensitive information. "The malware then exploits Microsoft's digital signature verification method to inject its payload into a signed system DLL to further evade the system's defenses."