December 2022 - Page 3 of 4 - Cyber Security Minute

Analyzing Australia’s cyberthreat landscape, and what it means for the rest of the world

Issued by: Help Net Security

Australia has been the victim of damaging cyberattacks in the latter half of this year, with high-profile incidents impacting businesses across critical sectors such as telecoms, healthcare, and government. The impacts of some of these attacks have been rolling on for months, with new details and further information about data breached from the incidents suffered…

Vulnerabilities

Patch Tuesday: Microsoft Plugs Windows Hole Exploited in Ransomware Attacks

Issued by: Security Week

The operating system update, released as part of Microsoft’s scheduled Patch Tuesday, addresses a flaw that lets malicious attackers use rigged files to evade MOTW (Mart of the Web) defenses. “An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability…

Vulnerabilities

Citrix ADC, Gateway Users Race Against Hackers to Patch Critical Flaw

Issued by: Dark Reading

Citrix has issued a patch for a critical flaw affecting Citrix ADC and Citrix Gateway, adding that the company is aware of attacks against the vulnerability in the wild. The vulnerability, tracked under CVE-2022-27518, affects Citrix ADC and Citrix Gateway versions 12.1 (including FIPS and NDcPP) and 13.0 before 13.0-58.32. “Both must be configured with…

Malware & Threats

Users Warned of New Aerst, ScareCrow, and Vohuk Ransomware Families

Issued by: Security Week

Targeting Windows computers, these are typical ransomware families that encrypt victim files and demand a ransom payment in exchange for a decryption key. This new ransomware has been used in an increasing number of attacks. Aerst was seen appending to encrypted files the ‘.aerst’ extension and displaying a popup window containing the attacker’s email address,…

Network Security

The Potential and Pitfalls of a Federal Privacy Law

Issued by: Security Week

Congress is considering a US federal privacy law. It’s been brewing for the last ten years and is getting closer. On July 20, 2022, the House Energy and Commerce Committee overwhelmingly voted (53-2) to advance the American Data Privacy and Protection Act (ADPPA), H.R. 8152, to the full House of Representatives. But there are still…

Vulnerabilities

What is Log4Shell and why is it still dangerous a year later?

Issued by: Kaspersky Blog

A year ago, in December 2021, the Log4Shell vulnerability (CVE-2021-44228) in the Apache Log4j library caused a sensation. Although by the spring it was no longer on the front pages of IT media outlets, in November 2022 it reemerged when it was reported that cybercriminals had exploited the vulnerability to attack a US federal agency…

Malware & Threats

Rackspace confirms it suffered a ransomware attack

Issued by: Malwarebytes

It’s not been a great week for cloud computing service provider Rackspace. On December 2, customers began experiencing problems connecting and logging into their Exchange environments. Rackspace started investigating and discovered an issue that affected its Hosted Exchange environments. Now Rackspace has announced it was actually a ransomware incident that caused the service disruptions. While…

Software Security

Apple’s AirTag stalker safeguards are “woefully inadequate,” alleges lawsuit

Issued by: Malwarebytes

Two women filed a proposed class-action lawsuit on Monday, December 5, in the United States District Court for the Northern District of California against Apple, the makers of AirTags. Airtags are a small Bluetooth-enabled devices designed to track personal belongings. The suit accuses the company of failure to introduce measures to combat abuse of the…

Mobile Security

TikTok Hit by US Lawsuits Over Child Safety, Security Fears

Issued by: Security Week

The legal salvo came as problems are mounting for TikTok in the United States, with multiple accusations that the extremely popular app is a national security threat and a conduit for spying by China. “The TikTok app is a malicious and menacing threat unleashed on unsuspecting Indiana consumers by a Chinese company that knows full…

Vulnerabilities

Google Chrome zero-day exploited in the wild (CVE-2022-4262)

Issued by: Help Net Security

Google has patched CVE-2022-4262, a type confusion vulnerability in the V8 JavaScript engine used by Google Chrome (and Chromium), which is being exploited by attackers in the wild. No other technical details have been shared about this zero-day flaw, only that it was reported by security engineer Clement Lecigne of Google’s Threat Analysis Group (TAG),…