Here are this week’s highlights in cybersecurity:

  • GitHub discloses a security incident involving stolen OAUTH tokens that affects Heroku & Travis CI. More
  • EnemyBot is latest DDoS botnet analyzed by Fortinet, based on Gafgyt & Mirai source code. More
  • Remote Code Execution found in WordPress Elementor, a plugin with over 5 million installations. More
  • A new method of running code via Office documents, using VSTO. More
  • Exploiting a DoS in Snort, a popular network security tool used for Intrusion Detection. More
  • Microsoft patches over 100 CVEs this month, a few of which might be wormable. Hurry up and patch! CVE-2022-26809 is one of the most feared, having a CVSS score of 9.8. It’s a zero-click vulnerability in Windows’ RPC system so it’s remotely exploitable via port 445, although initial analysis by researchers indicates that it doesn’t work on a default configuration. More
  • CISA issued an alert about North Korean hackers targeting blockchain companies via malicious apps than install a RAT. More
  • Recent paper shows that popular videoconference apps keep the microphone active, even when the “Mute” button is activated. More
  • Kaspersky released a free decryptor for Yanlouwang ransomware. More
  • Mandiant published an analysis of the state-sponsored SCADA malware used in recent attacks dubbed as INCONTROLLER. More
  • According to Mandiant’s 2022 M-trends report, median dwell time for intrusions identified by external third parties and disclosed to the victims dropped to 28 days in 2021 from 73 days in 2020. The report covers 2 hacker groups FIN12 & FIN13, observations on Microsoft Exchange hacking attempts and more. Great read for defenders. More
  • Unit42 identified a container escape/privilege escalation vulnerability in AWS’ Log4Shell hotpatches. More
  • 3 days. That’s all it took a ransomware group to encrypt file since initial access. More

Don’t have time to check this page? You can get the news summary every week in your email inbox by subscribing to my newsletter.