Here are this week’s highlights in cybersecurity:

  • Microsoft revoked several hardware developer accounts after drivers signed through their profiles were used in ransomware incidents. The attackers are using signed malware to disable antivirus and EDR software. More
  • QBot started delivering malware via a relatively new technique using HTML smuggling via SVG files. More
  • The FBI seized 48 domains and charged 6 suspects for their involvement in running DDoS-as-a-service platforms that allow anyone to easily launch distributed denial of service attacks. More
  • Social media analytics platform Social Blade suffered a data breach after its database was put up for sale on a hacking forum. The leak includes email addresses and password hashes. More
  • Colombian energy company Empresas Publicas de Medellin (EPM) suffered a ransomware attack. BlackCat/ALPHV disrupted the company’s operations by taking down online services. More
  • Microsoft reclassified a vulnerability patched in September as Critical. Tracked as CVE-2022-37958, the vulnerability is a pre-authentication remote code execution vulnerability impacting a wide range of protocols, including HTTP, SMB & RDP. Some researchers compare it to the vulnerability exploited by WannaCry and EternalBlue. More

Don’t have time to check this page? You can get the news summary every week in your email inbox by subscribing to my newsletter.