2022, Blog and Information Security - Information Management Today

Microsoft Partch Tuesday for April 2022 fixed 10 critical vulnerabilities

Security Affairs

APRIL 12, 2022

Microsoft Partch Tuesday security updates for April 2022 fixed 128 vulnerabilities, including an actively exploited zero-day reported by NSA. One of these flaws, tracked as CVE-2022-24521 (CVSS score 7.8), is a Windows Common Log File System Driver Elevation of Privilege issue that is actively exploited. Pierluigi Paganini.

Libraries

Libraries Cybersecurity Security IT

CVE-2022-22292 flaw could allow hacking of Samsung Android devices

Security Affairs

APRIL 7, 2022

Experts discovered a vulnerability, tracked as CVE-2022-22292, which can be exploited to compromise Android 9, 10, 11, and 12 devices. Researchers from mobile cybersecurity firm Kryptowire discovered a vulnerability, tracked as CVE-2022-22292 , in Android 9, 10, 11, and 12 devices. To nominate, please visit:?

Cybersecurity

Cybersecurity Security Access Information Security

Pwn2Own Vancouver 2022 D1: MS Teams exploits received $450,000

Security Affairs

MAY 19, 2022

White hat hackers earned a total of $800,000 on the first day of the Pwn2Own Vancouver 2022, $450,000 for exploits targeting Microsoft Teams. Pwn2Own Vancouver 2022 hacking contest has begun, it is the 15th edition of this important event organized by Trend Micro’s Zero Day Initiative (ZDI). The remaining exploits received a $40,000.

Cybersecurity

Cybersecurity Security IT Information Security

Experts disclose technical details of now-patched CVE-2022-37969 Windows Zero-Day

Security Affairs

OCTOBER 14, 2022

Researchers disclosed details of a now-patched flaw, tracked as CVE-2022-37969, in Windows Common Log File System (CLFS). The CVE-2022-37969 (CVSS score: 7.8) Microsoft fixed it with the release of September 2022 Patch Tuesday security updates, the company also states it has been actively exploited in the wild. “An

Metadata

Metadata Security IT Access

PoC exploits for Atlassian CVE-2022-26134 RCE flaw released online

Security Affairs

JUNE 5, 2022

Proof-of-concept exploits for the critical CVE-2022-26134 vulnerability in Atlassian Confluence and Data Center servers are available online. Proof-of-concept exploits for the critical CVE-2022-26134 flaw, affecting Atlassian Confluence and Data Center servers, have been released. 23 unique IPs so far.

Cybersecurity

Cybersecurity IoT Security IT

CVE-2022-40684 flaw in Fortinet products is being exploited in the wild

Security Affairs

OCTOBER 10, 2022

Fortinet has confirmed that the recently disclosed critical authentication bypass issue (CVE-2022-40684) is being exploited in the wild. Last week, Fortinet addressed a critical authentication bypass flaw, tracked as CVE-2022-40684 , that impacted FortiGate firewalls and FortiProxy web proxies. Blog post and POC coming later this week.

Authentication

Authentication Cybersecurity Risk Security

Data Breaches and Cyber Attacks in 2022: 408 Million Breached Records

IT Governance

JANUARY 9, 2023

Welcome to our review of security incidents for 2022, in which we take a closer look at the information gathered in our monthly lists of data breaches and cyber attacks. IT Governance discovered 1,063 security incidents in 2022, which accounted for 480,014,323 breached records. The biggest data breaches of 2022.

Data breaches

Data breaches Ransomware Government Passwords

Let’s give a look at the Dark Web Price Index 2022

Security Affairs

JUNE 15, 2022

PrivacyAffairs released the Dark Web Index 2022, the document provides the prices for illegal services/products available in the black marketplaces. The document updates the information provided in the Dark Web Index 2022 report. The document updates the information provided in the Dark Web Index 2022 report.

Privacy

Privacy Cybersecurity Security IT

CISA adds CVE-2022-1388 flaw in F5 BIG-IP to its Known Exploited Vulnerabilities Catalog

Security Affairs

MAY 11, 2022

US Critical Infrastructure Security Agency (CISA) adds critical CVE-2022-1388 flaw in F5 BIG-IP products to its Known Exploited Vulnerabilities Catalog. Cybersecurity and Infrastructure Security Agency (CISA) has added critical CVE-2022-1388 flaw in F5 BIG-IP products to its Known Exploited Vulnerabilities Catalog.

IT

IT Cybersecurity Access Security

A couple of 10-Year-Old flaws affect Avast and AVG antivirus?

Security Affairs

MAY 5, 2022

Researcher discovered a couple of high-severity security flaws that affect a driver used by Avast and AVG antivirus solutions. SentinelOne researcher Kasif Dekel discovered two high-severity security vulnerabilities, tracked as CVE-2022-26522 and CVE-2022-26523, that affect a driver used by Avast and AVG antivirus solutions.

Security

Security Cybersecurity Information Security IT

Leaked source code of Babuk ransomware used by 10 different ransomware families targeting VMware ESXi

Security Affairs

MAY 12, 2023

SentinelLabs researchers have identified 10 ransomware families using VMware ESXi lockers based on the source code of the Babuk ransomware that was leaked in 2021. The leak of the source code of the Babuk ransomware allowed 9 ransomware gangs to create their own ransomware targeting VMware ESXi systems.

Ransomware

Ransomware Encryption Cloud Cybersecurity

Apr 10 – Apr 16 Ukraine – Russia the silent cyber conflict

Security Affairs

APRIL 18, 2022

April 10 – NB65 group targets Russia with a modified version of Conti’s ransomware. April 10 – Facebook blocked Russia and Belarus threat actors’ activity against Ukrainian entities. The post Apr 10 – Apr 16 Ukraine – Russia the silent cyber conflict appeared first on Security Affairs. Pierluigi Paganini.

Ransomware

Ransomware Phishing Cybersecurity Government

LinkedIn Adds Verified Emails, Profile Creation Dates

Krebs on Security

NOVEMBER 4, 2022

. “We may warn you about messages that ask you to take the conversation to another platform because that can be a sign of a scam,” the company said in a blog post. For example, on October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc.

Artificial Intelligence

Artificial Intelligence Information Security Cybersecurity Risk

Hackers are taking advantage of the interest in generative AI to install Malware

Security Affairs

MAY 3, 2023

In March, security experts at Meta found multiple malware posing as ChatGPT or similar AI tools. “Since March alone, our security analysts have found around 10 malware families posing as ChatGPT and similar tools to compromise accounts across the internet. ” reads the Meta’s Q1 2023 Security Reports.

Education

Education Information Security Cybersecurity Security

Hikvision fixed a critical flaw in Hybrid SAN and cluster storage products?

Security Affairs

APRIL 13, 2023

The vulnerability was reported in December 2022 by Souvik Kandar, Arko Dhar of the Redinent Innovations team in India. On April 10, Hikvision released version 2.3.8-8 The attacker can exploit the vulnerability by sending crafted messages to the affected devices.” ” reads the advisory published by the company.

Education

Education Access Cybersecurity Security

CISA adds Windows Print Spooler to its Known Exploited Vulnerabilities Catalog

Security Affairs

APRIL 20, 2022

US Critical Infrastructure Security Agency (CISA) adds a Windows Print Spooler vulnerability to its Known Exploited Vulnerabilities Catalog. The Cybersecurity and Infrastructure Security Agency (CISA) added the Windows Print Spooler, tracked as CVE-2022-22718 , to its Known Exploited Vulnerabilities Catalog.

IT

IT Cybersecurity Risk Security

Vice Society gang is using a custom PowerShell tool for data exfiltration

Security Affairs

APRIL 17, 2023

The script finds all files within each directory that matches the include list, it exfiltrates files that do not have extensions found on the exclude list and that are larger than 10 KB. The script ignores files that are under 10 KB in size and that do not have a file extension. ” concludes the report.

Ransomware

Ransomware Education Cybersecurity Security

Block discloses data breach involving Cash App potentially impacting 8.2 million US customers

Security Affairs

APRIL 6, 2022

“On April 4, 2022, Block, Inc. the “Company”) announced that it recently determined that a former employee downloaded certain reports of its subsidiary Cash App Investing LLC (“Cash App Investing”) on December 10, 2021 that contained some U.S. customer information. Securities and Exchange Commission (SEC).

Data breaches

Data breaches Passwords Access Security

Hackers stole +80M from DeFi platforms Rari Capital and Fei Protocol

Security Affairs

MAY 1, 2022

defiprime [link] — BlockSec (@BlockSecTeam) April 30, 2022. Rari Capital paused borrowing globally in response to the hack and ensured that all other funds are secure. — Jack Longarzo (@JackLongarzo) April 30, 2022. — Fei Protocol (@feiprotocol) April 30, 2022. peckshield) April 30, 2022.

Blockchain

Blockchain Cybersecurity Security Risk

Anonymous hacked Russian PSCB Commercial Bank and companies in the energy sector

Security Affairs

APRIL 29, 2022

Approximately 75% of ALET’s business comes from oil products, 10% from oil, and 9% from hydrocarbon products. JUST IN: The #Anonymous collective has now hacked & released nearly 10 million Russian files and emails (not including databases) since declaring 'cyber war' on Kremlin's criminal regime.

ECM

ECM Archiving Government Cybersecurity

Anonymous hacked Russia’s Ministry of Culture and leaked 446 GB

Security Affairs

APRIL 11, 2022

— Anonymous (@LatestAnonPress) April 11, 2022. from 2019 through 2022. pic.twitter.com/B9ivUfG3op — Anonymous TV (@YourAnonTV) April 10, 2022. BREAKING: Over 700GB of Russian government data leaked. This data includes more than 200,000 emails from the Ministry of Culture of the Russian Federation.

Archiving

Archiving Cybersecurity Government Security

The Black Basta ransomware gang hit multinational company ABB

Security Affairs

MAY 12, 2023

billion in revenue for 2022. Black Basta has been active since April 2022, like other ransomware operations, it implements a double-extortion attack model. In November 2022, Sentinel Labs researchers reported having found evidence that links the Black Basta ransomware gang to the financially motivated hacking group FIN7.

Ransomware

Ransomware Phishing Access Cybersecurity

SpecTor operation: 288 individuals arrested in the seizure of marketplace Monopoly Market

Security Affairs

MAY 2, 2023

According to the press release published by the Europol, the seized drugs include over 258 kg of amphetamines, 43 kg of cocaine, 43 kg of MDMA, and over 10 kg of LSD and ecstasy pills. Other arrested individuals were from the Netherlands (10), Austria (9), France (5), Switzerland (2), Poland (1) and Brazil (1). million (USD 53.4

Marketing

Marketing Sales Education Cybersecurity

Apple released emergency updates to fix recently disclosed zero-day bugs on older devices

Security Affairs

APRIL 11, 2023

Both vulnerabilities were reported by Clément Lecigne of Google’s Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab. On April 10, 2023, US Cybersecurity and Infrastructure Security Agency (CISA) added the two vulnerabilities to its Known Exploited Vulnerabilities catalog. iPadOS 16.4.1,

Education

Education Cybersecurity Security IT

GitHub: Nearly 100,000 NPM Users’ credentials stolen in the April OAuth token attack

Security Affairs

MAY 28, 2022

A series of CSVs containing an archive of all names and version numbers (semVer) of published versions of all npm private packages as of April 10, 2022. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Private packages from two organizations.

Metadata

Metadata Passwords Archiving Access

Auth bypass flaw in Cisco Wireless LAN Controller Software allows device takeover

Security Affairs

APRIL 15, 2022

Cisco has released security patches to fix a critical vulnerability (CVSS score 10), tracked as CVE-2022-20695 , in Cisco Wireless LAN Controller (WLC). Cisco fixed a critical flaw in Cisco Wireless LAN Controller (WLC) that could allow an unauthenticated, remote attacker to take control affected devices. or Release 8.10.162.0

Authentication

Authentication Passwords Cloud Cybersecurity

May 01 – May 07 Ukraine – Russia the silent cyber conflict

Security Affairs

MAY 8, 2022

government offers up to $10 million for info that allows to identify or locate six Russian GRU hackers who are members of the Sandworm APT group. Apr 10 – Apr 16 Ukraine – Russia the silent cyber conflict. The post May 01 – May 07 Ukraine – Russia the silent cyber conflict appeared first on Security Affairs.

Cybersecurity

Cybersecurity Government Security IT

Security Affairs newsletter Round 361 by Pierluigi Paganini

Security Affairs

APRIL 17, 2022

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.

Security

Security Ransomware Data breaches Cybersecurity

May 08 – May 14 Ukraine – Russia the silent cyber conflict

Security Affairs

MAY 15, 2022

May 10 – Hacktivists hacked Russian TV schedules during Victory Day and displayed anti-war messages. government offers up to $10 million for info that allows to identify or locate six Russian GRU hackers who are members of the Sandworm APT group. Apr 10 – Apr 16 Ukraine – Russia the silent cyber conflict.

Government

Government Cybersecurity Security Information Security

Authorities dismantled the card-checking platform Try2Check

Security Affairs

MAY 3, 2023

The authorities dismantled the defendant’s criminal network and the State Department also announced a $10 million reward for information leading to the capture of Kulkov, who is currently residing in Russia. .” The indictment is the result of a law enforcement operation conducted by the U.S.

Education

Education Cybersecurity Government Security

Microsoft aims at stopping cybercriminals from using cracked copies of Cobalt Strike

Security Affairs

APRIL 7, 2023

In November 2022, Google Cloud researchers announced the discovery of 34 different Cobalt Strike hacked release versions with a total of 275 unique JAR files across these versions. While this action will impact the criminals’ immediate operations, we fully anticipate they will attempt to revive their efforts. ” concludes the report.

Ransomware

Ransomware Cloud Education Phishing

FIN8 Group spotted delivering the BlackCat Ransomware

Security Affairs

JULY 18, 2023

In the past few years, the group has been observed using a number of ransomware threats, including the Ragnar Locker ransomware (June 2021), the White Rabbit ransomware (January 2022). On December 2022, Symantec observed the group attempting to deploy the ALPHV/BlackCat ransomware. ” reads the post published by Symantec.

Ransomware

Ransomware Sales IT Security

Researchers found the first Linux variant of the RTM locker

Security Affairs

APRIL 27, 2023

The affiliates are obliged to remain active, or their account will be removed after 10 days without notifying them upfront. The group also avoids targeting morgues, hospitals, COVID-19 vaccine-related organizations, critical infrastructure, law enforcement, and other prominent companies to attract as little attention as possible.

Encryption

Encryption Ransomware Education Access

Anubis Networks is back with new C2 server

Security Affairs

JULY 11, 2022

A large-scale phishing campaign leveraging the Anubis Network is targeting Brazil and Portugal since March 2022. A large-scale phishing campaign is targeting Internet-end users in Brazil and Portugal since March 2022. Figure 10: Login page of Anubis Network C2 server. About the author: Pedro Tavarez.

Phishing

Phishing Access Information Security Encryption

New Android malicious library Goldoson found in 60 apps +100M downloads

Security Affairs

APRIL 15, 2023

McAfee discovered that even in recent Android versions, Goldoson was able to gather sensitive data in 10% of the apps. App developers should be upfront about libraries used and take precautions to protect users’ information.” The level of data collection depends on the permissions granted to the app using the malicious library.

Libraries

Libraries Data collection Education Security

New Emotet variant uses a module to steal data from Google Chrome

Security Affairs

JUNE 9, 2022

pic.twitter.com/zy92TyYKzs — Threat Insight (@threatinsight) June 7, 2022. The campaign was observed between April 4, 2022, and April 19, 2022. Researchers from Kaspersky reported that malicious spam campaigns spreading Qbot and Emotet malware and targeting organizations grew 10-fold between February and March.

Archiving

Archiving Passwords Security Ransomware

Apr 24 – Apr 30 Ukraine – Russia the silent cyber conflict

Security Affairs

MAY 1, 2022

government offers up to $10 million for info that allows to identify or locate six Russian GRU hackers who are members of the Sandworm APT group. Apr 10 – Apr 16 Ukraine – Russia the silent cyber conflict. The post Apr 24 – Apr 30 Ukraine – Russia the silent cyber conflict appeared first on Security Affairs.

Government

Government Cybersecurity Security Information Security

Google researchers found multiple security issues in Intel TDX

Security Affairs

APRIL 25, 2023

The issues inspected by the researchers included arbitrary code execution in a privileged security context, cryptographic weaknesses and oracles, temporary and permanent denial of service, and weaknesses in debug or deployment facilities. ” reads the report released by Google.

Security

Security Cloud Education Cybersecurity

Newly Proposed SEC Cybersecurity Risk Management and Governance Rules and Amendments for Public Companies

Data Matters

MARCH 11, 2022

On March 9, 2022, the U.S. Securities and Exchange Commission (SEC) proposed new cybersecurity rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies. The text of the proposed rules is available here.

Cybersecurity

Cybersecurity Risk Government e-Discovery

Security Affairs newsletter Round 362 by Pierluigi Paganini

Security Affairs

APRIL 24, 2022

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.

Security

Security Phishing Ransomware Insurance

Colibri Loader employs clever persistence mechanism

Security Affairs

APRIL 7, 2022

The loader drops its own copy to the location “%APPDATA%LocalMicrosoftWindowsApps” and names it “ Get-Variable.exe ” for Windows 10 and above, while for lower versions it drops it in %DOCUMENTS%/WindowsPowerShell named as dllhost.exe. . “The document contacts a remote server at (securetunnel[.]co)

Cybersecurity

Cybersecurity IT Security Information Security

US DoS offers a reward of up to $15M for info on Conti ransomware gang

Security Affairs

MAY 8, 2022

The US Department of State offers up to $15 million for information that helps identify and locate leadership and co-conspirators of the Conti ransomware gang. The FBI estimates that as of January 2022, the gang obtained $150,000,000 in ransom payments from over 1,000 victims. ” wrote State Department spokesman Ned Price.

Ransomware

Ransomware Cybersecurity Government Security

North Korea-linked APT spreads tainted versions of PuTTY via WhatsApp

Security Affairs

SEPTEMBER 16, 2022

In July 2022, Mandiant identified a novel spear phish methodology that was employed by North Korea-linked threat actor UNC4034. ISO and IMG archives have become attractive to threat actors because, from Windows 10 onwards, double-clicking these files automatically mounts them as a virtual disk drive and makes their content easily accessible.”

Archiving

Archiving Communications Phishing Access

The global food distribution giant Sysco discloses a data breach

Security Affairs

MAY 9, 2023

” reads a 10-Q quarterly report filed with the U.S. Please vote for Security Affairs ( [link] ) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini Please nominate Security Affairs as your favorite blog.

Data breaches

Data breaches Cybersecurity Personal data Marketing

Microsoft Partch Tuesday for April 2022 fixed 10 critical vulnerabilities

CVE-2022-22292 flaw could allow hacking of Samsung Android devices

Trending Sources

Pwn2Own Vancouver 2022 D1: MS Teams exploits received $450,000

Experts disclose technical details of now-patched CVE-2022-37969 Windows Zero-Day

PoC exploits for Atlassian CVE-2022-26134 RCE flaw released online

CVE-2022-40684 flaw in Fortinet products is being exploited in the wild

Data Breaches and Cyber Attacks in 2022: 408 Million Breached Records

Let’s give a look at the Dark Web Price Index 2022

CISA adds CVE-2022-1388 flaw in F5 BIG-IP to its Known Exploited Vulnerabilities Catalog

A couple of 10-Year-Old flaws affect Avast and AVG antivirus?

Leaked source code of Babuk ransomware used by 10 different ransomware families targeting VMware ESXi

Apr 10 – Apr 16 Ukraine – Russia the silent cyber conflict

LinkedIn Adds Verified Emails, Profile Creation Dates

Hackers are taking advantage of the interest in generative AI to install Malware

Hikvision fixed a critical flaw in Hybrid SAN and cluster storage products?

CISA adds Windows Print Spooler to its Known Exploited Vulnerabilities Catalog

Vice Society gang is using a custom PowerShell tool for data exfiltration

Block discloses data breach involving Cash App potentially impacting 8.2 million US customers

Hackers stole +80M from DeFi platforms Rari Capital and Fei Protocol

Anonymous hacked Russian PSCB Commercial Bank and companies in the energy sector

Anonymous hacked Russia’s Ministry of Culture and leaked 446 GB

The Black Basta ransomware gang hit multinational company ABB

SpecTor operation: 288 individuals arrested in the seizure of marketplace Monopoly Market

Apple released emergency updates to fix recently disclosed zero-day bugs on older devices

GitHub: Nearly 100,000 NPM Users’ credentials stolen in the April OAuth token attack

Auth bypass flaw in Cisco Wireless LAN Controller Software allows device takeover

May 01 – May 07 Ukraine – Russia the silent cyber conflict

Security Affairs newsletter Round 361 by Pierluigi Paganini

May 08 – May 14 Ukraine – Russia the silent cyber conflict

Authorities dismantled the card-checking platform Try2Check

Microsoft aims at stopping cybercriminals from using cracked copies of Cobalt Strike

FIN8 Group spotted delivering the BlackCat Ransomware

Researchers found the first Linux variant of the RTM locker

Anubis Networks is back with new C2 server

New Android malicious library Goldoson found in 60 apps +100M downloads

New Emotet variant uses a module to steal data from Google Chrome

Apr 24 – Apr 30 Ukraine – Russia the silent cyber conflict

Google researchers found multiple security issues in Intel TDX

Newly Proposed SEC Cybersecurity Risk Management and Governance Rules and Amendments for Public Companies

Security Affairs newsletter Round 362 by Pierluigi Paganini

Colibri Loader employs clever persistence mechanism

US DoS offers a reward of up to $15M for info on Conti ransomware gang

North Korea-linked APT spreads tainted versions of PuTTY via WhatsApp

The global food distribution giant Sysco discloses a data breach

Stay Connected