Here are this week’s highlights in cybersecurity:

  • A former NSA employee has been arrested on charges of attempting to sell classified information to a foreign spy, who was actually an undercover agent working for the FBI. More
  • Microsoft shared mitigations for two new Exchange zero-day vulnerabilities tracked as CVE-2022-41040 (SSRF) and CVE-2022-41082 (RCE), but researchers warn that the mitigation for the on-premise servers is not enough. More
  • U.S. cybersecurity agencies released an alert about state-backed hackers using custom malware and the Impacket framework to steal sensitive data from a U.S. organization in the Defense Industrial Base sector. The breach lasted for ten months and it is likely that multiple APT groups compromised the organization. More
  • A threat actor is targeting cryptocurrency scam websites by injecting malicious scripts that blend in with the website. The hackers target only accounts with balances higher than 0.005 ETH or a USDT token balance higher than 22,000 USDT, leaving the rest for the other scammers. More
  • BlackByte ransomware group is using a “bring you own driver” approach to disable a list of over 1,000 drivers on which security products rely to provide protection. The bypass is achieved by exploiting the legitimate vulnerable driver RTCore64.sys belonging to MSI Afterburner. More
  • Hacker steals $566 million worth of BNB coin from Binance Bridge. Binance suspended validators and estimates that between $70M – $80M were taken off-chain. More

Don’t have time to check this page? You can get the news summary every week in your email inbox by subscribing to my newsletter.