Security News > 2022

The Kennedy Space Center kick-started Andee Harston's career in cybersecurity. Here's how she worked her way up to overseeing the cybersecurity curriculum for Infosec.

Norton antivirus's inbuilt cryptominer has re-entered the public consciousness after a random Twitter bod expressed annoyance at how difficult it is to uninstall. Exe, Norton 360's signed cryptocurrency-mining binary, to installations of Norton antivirus isn't new - but it seems to have taken the non-techie world a few months to realise what's going on.

Historically, when malware infects an iOS device, it can be removed simply by restarting the device, which clears the malware from memory. When an iPhone is shut off, its screen naturally goes dark, the camera is turned off, 3D touch feedback does not respond to long presses, sounds from calls and notifications are muted, and all vibrations are absent.

Threat actors are exploiting Microsoft's digital signature verification to steal user credentials and other sensitive information by delivering the ZLoader malware, which previously has been used to distribute Ryuk and Conti ransomware, researchers have found. Researchers at Check Point Research discovered the cybercriminal group Malsmoke delivering the campaign, which they traced back to November 2021, according to a report posted online Wednesday.

The actors inject fraudulent transactions into the network and steal small amounts over long periods, leading to an overall theft of millions of dollars. The actors need to conduct long-term surveillance and research, so the next primary goal is to remain undetected for several months.

Both Russia and Ukraine are preparing for military operations in cyberspace.

The RPG Greetings, traveller, and welcome back to The Register Plays Games, our monthly gaming column. In terms of quality at the point of release, Halo Infinite has stepped out as the clear winner.

A new Zloader campaign exploits Microsoft's digital signature verification to deploy malware payloads and steal user credentials from thousands of victims from 111 countries. Zloader is a banking malware first spotted back in 2015 that can steal account credentials and various types of sensitive private information from infiltrated systems.

There is an alternative way for procuring security expertise: by retaining the services of managed security service providers and managed detection and response providers. MSSPs usually assist organizations' IT departments in managing the IT infrastructure and keeping it secure by managing security equipment/systems, monitoring security logs, supervising patch management, and similar preventative security measures.

Cybercriminal groups started deploying post-intrusion ransomware in 2015, which involved human attackers gaining initial access to the system and moving laterally through the organization until it found the appropriate target. Attack groups have repeatedly upped the ante, evolving with JavaScript-based ransomware and fileless attacks.