2022 and Risk - Cyber Security Informer

Microsoft Patch Tuesday, July 2022 Edition

Krebs on Security

JULY 12, 2022

The company said it would roll out the changes in stages between April and June 2022. Microsoft Office by default warns users that enabling macros in untrusted documents is a security risk, but those warnings can be easily disabled with the click of button.

Internet

Internet Internet Cyber threats Software

Microsoft Patch Tuesday, March 2022 Edition

Krebs on Security

MARCH 9, 2022

Those include remote code execution bugs CVE-2022-24512 , affecting.NET and Visual Studio , and CVE-2022-21990 , affecting Remote Desktop Client. CVE-2022-24459 is a vulnerability in the Windows Fax and Scan service. All three publicly disclosed vulnerabilities are rated “ Important ” by Microsoft.

Authentication

Authentication Ransomware Cyber threats Software

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Krebs on Security

FEBRUARY 28, 2023

Image: Shutterstock.com Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. But by the time we got to claims made in the middle of May 2022, completing the rest of the year’s timeline seemed unnecessary.

Mobile

Mobile Phishing Authentication Advertising

Wormable Flaw, 0days Lead Sept. 2022 Patch Tuesday

Krebs on Security

SEPTEMBER 14, 2022

Worst in terms of outright scariness is CVE-2022-37969 , which is a “privilege escalation” weakness in the Windows Common Log File System Driver that allows attackers to gain SYSTEM-level privileges on a vulnerable host. .” CVE-2022-32984 is a problem in the deepest recesses of the operating system (the kernel).

Spyware

Spyware Cyber threats Security Defenses Cyber Attacks

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

Uncover and mitigate various security risks that put sensitive customer and business data at risk — including identifying misconfigured SaaS settings and suspicious or malicious behavior. Register now for this exclusive webinar on March 24th, 2022 at 9:30 am PDT, 12:30 pm EDT, 5:30 pm GMT

Risk

GUEST ESSAY: Why the arrests of cyber criminals in 2021 will incentize attackers in 2022

The Last Watchdog

DECEMBER 16, 2021

In 2022 we expect to see more aggressive and complex ransomware efforts. If 2021 was the year that Zero Trust security reached mainstream IT — and it was — then 2022 will become the realization that it cannot be done without identity first. Central importance of identity. The ascendency of CISOs.

CISO

CISO Ransomware Risk Authentication

GUEST ESSAY: Rising cyber risks make business intelligence gathering more vital than ever

The Last Watchdog

JULY 5, 2022

In our recent report Intelligent Business: 2022 Strategic Intelligence Report we asked 205 creators and consumers of intelligence within large organizations (i.e. In our recent report Intelligent Business: 2022 Strategic Intelligence Report we asked 205 creators and consumers of intelligence within large organizations (i.e.

Cyber Risk

Cyber Risk Risk Marketing Data privacy

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

Digital Shadows

MARCH 17, 2025

Key Findings Even years after their disclosure, VPN-related vulnerabilities like CVE-2018-13379 and CVE-2022-40684 remain essential tools for attackers, driving large-scale campaigns of credential theft and administrative control. Editors note: This report was authored by Gautham Ashok & Alexa Feminella. Rated CVSS 9.8,

VPN

VPN Authentication Ransomware Risk

Why Businesses Must Address Risks of Quantum Computing NOW Rather Than Wait Until Problems Arrive

Joseph Steinberg

JULY 20, 2022

Another important reason why we must address quantum-supremacy risks well in advance has to do with the nature of data. NIST has already begun to narrow down its list of recommended ways to address quantum’s risks to encryption – and products have already hit the market already that enable businesses to begin such transitions.

Risk

Risk Encryption Government Artificial Intelligence

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

August 11, 2022 at 11:00 am PDT, 2:00 pm EDT, 7:00 pm GMT In this webinar, you will learn how to: Outline popular change management models and processes. Organize ERM strategy, operations, and data. Determine impact tangents. Practice change management process with ERM data.

Risk

GUEST ESSAY: Where we stand on mitigating software risks associated with fly-by-wire jetliners

The Last Watchdog

AUGUST 29, 2023

Here’s what you should know about the risks, what aviation is doing to address those risks, and how to overcome them. It is difficult to deny that cyberthreats are a risk to planes. Risks delineated Still, there have been many other incidents since. Fortunately, there are ways to address the risks.

Software

Software Risk Artificial Intelligence Cyber Attacks

The Biggest Cybersecurity Risk We're Ignoring—And No, It's Not AI

SecureWorld News

FEBRUARY 28, 2025

But amidst all these flashy, futuristic threats, the biggest cybersecurity risk remains the same as it's always beenhumans. And I'm not talking about the shadowy hackers in hoodies. I'm talking about your employees, your executives, even you. Don't mind me as I just lay it out bare in this little writeup.

Cybersecurity

Cybersecurity Risk Social Engineering Phishing

Best Practices for Hospitals To Manage Risks To CyberSecurity Created By Medical Technology And Information Systems: A Webinar With The CIA’s Former CyberSecurity Director And The Top CyberSecurity Columnist

Joseph Steinberg

OCTOBER 12, 2022

Join Bonnie Stith, former Director of the CIA’s Center for Cyber Intelligence , and and Joseph Steinberg, renowned cybersecurity expert witness and columnist , for a special, free educational webinar, Best Practices for Asset Risk Management in Hospitals. The discussion will cover: * How IT asset risks have evolved.

Cybersecurity

Cybersecurity Technology Risk Artificial Intelligence

News alert: Beazley reports on how AI, new tech distract businesses as cyber risk intensifies

The Last Watchdog

JULY 13, 2023

London, July 13, 2023 — Beazley, the leading specialist insurer, today published its latest Risk & Resilience report: Spotlight on: Cyber & Technology Risks 2023. Yet, boardroom focus on cyber risk appears to be diminishing. trillion by 2025, a 300% increase since 2015 1.

Cyber Risk

Cyber Risk Risk Insurance Energy and Utilities

RSAC insights: Why vulnerability management absolutely must shift to a risk-assessment approach

The Last Watchdog

MAY 31, 2022

Related: Log4J’s long-run risks. It supplies a unified vulnerability and risk management solution that automates vulnerability management processes and workflows. This kind of thing can be rectified by adopting risk-assessment principles alongside CD/CI. Risk-tolerance security. That’s changing — dramatically.

Risk

Risk Digital transformation Software Technology

US Treasury Department sanctioned Chinese cybersecurity firm linked to Flax Typhoon APT

Security Affairs

JANUARY 4, 2025

networks since the summer of 2022. According to OFAC, between 2022 and 2023, Flax Typhoon hacked U.S. Violators risk penalties, with sanctions aimed at encouraging behavioral change rather than punishment. The China-linked APT group used Integrity Tech’s infrastructure to launch cyberattacks on European and U.S.

Cybersecurity

Cybersecurity IoT Hacking Technology

CISA Order Highlights Persistent Risk at Network Edge

Krebs on Security

JUNE 15, 2023

Earlier today, incident response firm Mandiant revealed that since at least October 2022, Chinese cyber spies have been exploiting a zero-day vulnerability in many email security gateway (ESG) appliances sold by California-based Barracuda Networks to hoover up email from organizations using these devices.

Risk

Risk VPN Internet Internet

Feds seized $23 million in crypto stolen using keys from LastPass breaches

Security Affairs

MARCH 10, 2025

authorities seized $23M in crypto linked to a $150M Ripple wallet theft, experts believe the incident is linked to the 2022 LastPass breach. authorities seized $23M in crypto tied to a $150M Ripple hack, suspected to have been carried out by hackers from the 2022 LastPass breach. ” reads the complaint. ” However.

Password Management

Password Management Cryptocurrency Passwords Data breaches

GUEST ESSAY: A new year, a familiar predicament — consumers face intensifying cybersecurity risks

The Last Watchdog

JANUARY 3, 2023

2021 saw a massive increase in phishing attacks , and that trend has continued into 2022. With more and more people working remotely, unsecured home or public WiFi networks represent a security risk not only to individuals but to their companies as well.

Risk

Risk Cybersecurity Antivirus Phishing

U.S. CISA adds Microsoft Outlook, Sophos XG Firewall, and other flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

FEBRUARY 6, 2025

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog. is a Remote Code Execution flaw in Microsoft Outlook.

Firewall

Firewall Hacking Cybersecurity Risk

SecureMySocial Issued 5th US Patent For Social Media Security Technology

Joseph Steinberg

DECEMBER 2, 2022

The patent was issued by the United States Patent Office on September 6th, 2022, with a priority date going back over a decade, to June of 2012. US 11,438,334 – Granted in September of 2022. US 10,771,464 – Granted in September 2020. All of the patents can be read by visiting my Google Scholar page.

Media

Media Technology Artificial Intelligence Risk

7-Zip bug could allow a bypass of a Windows security feature. Update now

Malwarebytes

JANUARY 22, 2025

7-Zip added support for MotW in June 2022. We dont just report on threatswe remove them Cybersecurity risks should never spread beyond a headline. The MotW is what triggers warnings that opening or running such files could lead to potentially dangerous behavior, including installing malware on their devices.

Internet

Internet Internet Malware Risk

Burnout in SOCs: How AI Can Help Analysts Focus on High-Value Tasks

Security Affairs

DECEMBER 5, 2024

SOC analysts, vital to cybersecurity, face burnout due to exhausting workloads, risking their well-being and the effectiveness of organizational defenses. Research published in Dark Reading in 2022 revealed that 70% experience burnout, and 65% said they were likely to change jobs in the next year.

Artificial Intelligence

Artificial Intelligence Data collection Cybersecurity Risk

Why DSPM is Essential for Achieving Data Privacy in 2024

Security Affairs

OCTOBER 23, 2024

It becomes increasingly difficult to gain complete visibility or transparency that could help security and privacy teams discover sensitive data, identify its security and compliance postures, and mitigate risks. To add to the difficulty, the advent of Generative AI (GenAI) has brought unprecedented security and privacy risks.

Data privacy

Data privacy Unstructured Data Risk Data breaches

Top 7 Cloud Storage Security Issues & Risks (+ Mitigations)

eSecurity Planet

JANUARY 30, 2024

Cloud storage risks involve potential external threats and vulnerabilities that jeopardize the security of stored data. Risks can lead to issues, but at the same time, you can prevent the risks by addressing these issues. Migration challenges result in incomplete transfers, which expose critical information to risk.

Risk

Risk DDOS Data breaches Encryption

Scammer robs homebuyers of life savings in $20 million theft spree

Malwarebytes

NOVEMBER 14, 2024

From calendar years 2020 to 2022, there was a 27% increase in victim reports to the Internet Crime Complaint Center (IC3) of BECs with a real estate nexus. We don’t just report on threats—we remove them Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Accountability

Accountability Banking Internet Internet

Worthwhile Books Q4 2022

Adam Shostack

JANUARY 2, 2025

I especially enjoyed the engineering and risk management discussions, which were accessible and went to good depth. A really well told story of the first Pluto mission. Inexplicably, the authors spend time explaining why the vote to demote Pluto was academic politics. But also convincingly.

Cybersecurity

Cybersecurity Engineering Risk

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

technology companies during the summer of 2022. stole at least $800,000 from at least five victims between August 2022 and March 2023. 2022 that an intrusion had exposed a “limited number” of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials.

Social Engineering

Social Engineering Mobile Passwords Cybercrime

How Cryptocurrency Turns to Cash in Russian Banks

Krebs on Security

DECEMBER 11, 2024

Peter German , a former deputy commissioner for the Royal Canadian Mounted Police who authored two reports on money laundering in British Columbia, told the publicationsit goes against the spirit of Canadas registration requirements for such businesses, which are considered high-risk for money laundering and terrorist financing.

Cryptocurrency

Cryptocurrency Banking Cybercrime Advertising

Increased GDPR Enforcement Highlights the Need for Data Security

Security Affairs

NOVEMBER 18, 2024

Instagram: €405 Million ($427 Million), 2022 Instagram was fined for violating privacy rules concerning children’s data. The Growing Risk: Why This Should Concern Global Enterprises As the regulatory environment tightens, global companies must realize that non-compliance with data protection laws can have dire consequences.

Data privacy

Data privacy Risk Surveillance Government

Arrests in $400M SIM-Swap Tied to Heist at FTX?

Krebs on Security

FEBRUARY 1, 2024

Three Americans were charged this week with stealing more than $400 million in a November 2022 SIM-swapping attack. 11-12, 2022. 11-12, 2022. 11, 2022 after they SIM-swapped an AT&T customer by impersonating them at a retail store using a fake ID. 11, 2022 local time, and continuing until the 12th of November.

Cryptocurrency

Cryptocurrency Ransomware Retail Government

Navigating Insider Risks: Are your Employees Enabling External Threats?

The Hacker News

JULY 17, 2024

For example, in 2022, the FBI issued a warning1 that SIM swap attacks are growing: gain control of the phone and earn a gateway to email, bank accounts, stocks, Attacks on your network are often meticulously planned operations launched by sophisticated threats.

Risk

Risk Banking Accountability

Top Cybersecurity Trends to Watch Out For in 2025

Centraleyes

DECEMBER 16, 2024

Tools like ChatGPT and Bard, powered by large language models, showcase how generative AI transforms business processesbut they also pose new risks. By 2027, 75% of employees are expected to acquire or modify technology outside of ITs control, up from 41% in 2022. The challenge? Securing these AI models and the data they generate.

Cybersecurity

Cybersecurity Insurance Cyber Insurance Risk

Why CISOs Are Stepping Away and What the Future Holds

SecureWorld News

DECEMBER 9, 2024

Burnout and job dissatisfaction The State of the CISO 20232024" report reveals a decline in job satisfaction, with only 64% of CISOs satisfied with their rolesa sharp drop from 74% in 2022. Stress and burnout are leading contributors, with 60% citing stress and 53% citing burnout as risks that could prompt them to leave.

CISO

CISO Cyber threats Risk Cybersecurity

China’s Volt Typhoon botnet has re-emerged

Security Affairs

NOVEMBER 13, 2024

The botnet is comprised of two complementary activity clusters, the experts believe it has been active since at least February 2022. In early July and August of 2022, the researchers noticed several Cisco RV320s , DrayTek Vigor routers , and NETGEAR ProSAFEs that were part of the botnet. ” continues the report.

VPN

VPN Government Malware Manufacturing

Quantum Threats and How to Protect Your Data

SecureWorld News

DECEMBER 8, 2024

It is essential to understand the risks posed by quantum computing, as future advancements could compromise today's encrypted data, opening new opportunities for threat actors. Current efforts to address quantum threats Recognizing these risks, organizations and governments are developing quantum-resistant cryptographic methods.

Encryption

Encryption Firewall Education Firmware

Twitter Exposes Personal Information for 5.4 Million Accounts

Schneier on Security

AUGUST 12, 2022

In January 2022, we received a report through our bug bounty program of a vulnerability in Twitter’s systems. In July 2022, we learned through a press report that someone had potentially leveraged this and was offering to sell the information they had compiled. million accounts. And someone was trying to sell this information.

Accountability

Accountability Government Risk

UK Sets Up Fake Booter Sites To Muddy DDoS Market

Krebs on Security

MARCH 28, 2023

. “Going forward, people who wish to use these services can’t be sure who is actually behind them, so why take the risk?” In mid-December 2022, the U.S. ” the NCA announcement continues. men with computer crimes related to their alleged ownership of popular DDoS-for-hire services.

DDOS

DDOS Marketing Computers and Electronics Risk

Brazil’s Polícia Federal arrested the notorious hacker USDoD

Security Affairs

OCTOBER 16, 2024

However, the Brazilian national turned into more complex cybercriminal activities by 2022. Exposing the identities of individuals in an intelligence report presents risks. CrowdStrike’s investigation reveals that USDoD’s leader, Luan BG, has been a hacktivist active since at least 2017.

Data breaches

Data breaches Media Cybercrime Accountability

Black Hat Fireside Chat: Deploying ‘AI’ as a weapon to win the ‘attack surface management’ war

The Last Watchdog

AUGUST 22, 2022

Guest expert: Justin Fier, VP Tactical Risk and Response, Darktrace. We discussed how legacy, on-premises cybersecurity systems generate massive amounts of telemetry – data which is perfectly suited for high-scale, automated data analytics.

Artificial Intelligence

Artificial Intelligence Cybersecurity Risk Internet

RSAC insights: How ‘TPRM’ can help shrink security skills gap — while protecting supply chains

The Last Watchdog

JUNE 2, 2022

Third-Party Risk Management ( TPRM ) has been around since the mid-1990s – and has become something of an auditing nightmare. Related: A call to share risk assessments. TPRM will be in the spotlight at the RSA Conference 2022 next week in San Francisco. Cyber risks profiling. This alone was a huge improvement.

Cyber Risk

Cyber Risk Risk Digital transformation Insurance

AT&T Discloses 2022 Data Breach Affecting Nearly Every Customer

SecureWorld News

JULY 12, 2024

On July 12, 2024, AT&T disclosed a data security incident that occurred in 2022. MFA provides an additional layer of defense against unauthorized access, significantly reducing the risk of breaches," said Jason Soroko, Senior Vice President of Product at Sectigo.

Data breaches

Data breaches Passwords Authentication Artificial Intelligence

Europol takes down criminal data hub Manson Market in busy month for law enforcement

Malwarebytes

DECEMBER 6, 2024

The law enforcement investigation started in 2022 when investigators were able to track very specific information used by scammers to the specialized marketplace. We don’t just report on threats – we help safeguard your entire digital identity Cybersecurity risks should never spread beyond a headline.

Marketing

Marketing Banking Encryption Phishing

Understanding MFA Fatigue: Why Cybercriminals Are Exploiting Human Behaviour

IT Security Guru

FEBRUARY 25, 2025

For instance, in 2022, Uber experienced a significant security breach attributed to MFA fatigue. Theres also risk-based authentication that dynamically adjusts security requirements based on the perceived risk of a login attempt. MFA will always be a cornerstone of account security, but it is not a standalone solution.

Social Engineering

Social Engineering Authentication Risk Accountability

Microsoft Patch Tuesday, July 2022 Edition

Microsoft Patch Tuesday, March 2022 Edition

Trending Sources

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Wormable Flaw, 0days Lead Sept. 2022 Patch Tuesday

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

GUEST ESSAY: Why the arrests of cyber criminals in 2021 will incentize attackers in 2022

GUEST ESSAY: Rising cyber risks make business intelligence gathering more vital than ever

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

Why Businesses Must Address Risks of Quantum Computing NOW Rather Than Wait Until Problems Arrive

Successful Change Management with Enterprise Risk Management

GUEST ESSAY: Where we stand on mitigating software risks associated with fly-by-wire jetliners

The Biggest Cybersecurity Risk We're Ignoring—And No, It's Not AI

Best Practices for Hospitals To Manage Risks To CyberSecurity Created By Medical Technology And Information Systems: A Webinar With The CIA’s Former CyberSecurity Director And The Top CyberSecurity Columnist

News alert: Beazley reports on how AI, new tech distract businesses as cyber risk intensifies

RSAC insights: Why vulnerability management absolutely must shift to a risk-assessment approach

US Treasury Department sanctioned Chinese cybersecurity firm linked to Flax Typhoon APT

CISA Order Highlights Persistent Risk at Network Edge

Feds seized $23 million in crypto stolen using keys from LastPass breaches

GUEST ESSAY: A new year, a familiar predicament — consumers face intensifying cybersecurity risks

U.S. CISA adds Microsoft Outlook, Sophos XG Firewall, and other flaws to its Known Exploited Vulnerabilities catalog

SecureMySocial Issued 5th US Patent For Social Media Security Technology

7-Zip bug could allow a bypass of a Windows security feature. Update now

Burnout in SOCs: How AI Can Help Analysts Focus on High-Value Tasks

Why DSPM is Essential for Achieving Data Privacy in 2024

Top 7 Cloud Storage Security Issues & Risks (+ Mitigations)

Scammer robs homebuyers of life savings in $20 million theft spree

Worthwhile Books Q4 2022

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

How Cryptocurrency Turns to Cash in Russian Banks

Increased GDPR Enforcement Highlights the Need for Data Security

Arrests in $400M SIM-Swap Tied to Heist at FTX?

Navigating Insider Risks: Are your Employees Enabling External Threats?

Top Cybersecurity Trends to Watch Out For in 2025

Why CISOs Are Stepping Away and What the Future Holds

China’s Volt Typhoon botnet has re-emerged

Quantum Threats and How to Protect Your Data

Twitter Exposes Personal Information for 5.4 Million Accounts

UK Sets Up Fake Booter Sites To Muddy DDoS Market

Brazil’s Polícia Federal arrested the notorious hacker USDoD

Black Hat Fireside Chat: Deploying ‘AI’ as a weapon to win the ‘attack surface management’ war

RSAC insights: How ‘TPRM’ can help shrink security skills gap — while protecting supply chains

AT&T Discloses 2022 Data Breach Affecting Nearly Every Customer

Europol takes down criminal data hub Manson Market in busy month for law enforcement

Understanding MFA Fatigue: Why Cybercriminals Are Exploiting Human Behaviour

Stay Connected