Each week Zacco tracks the latest cyber security threats, current industry news or trends and insights into the latest protection best practice. The Cyber Security Digest is a weekly compilation of the most significant developments within both cybersecurity and digital protection space, with links to further information on how it might affect you, your company or your clients.
Essential reading for cyber security professionals, as well as the general public, to keep you informed of current events and emerging threats.
A security researcher at Checkpoint research has discovered a critical REC flaw in the QUALCOMM and MediaTek chipset that allow access to users’ media files.
A security researcher has released a proof of concept for a new digital signature bypass vulnerability in Java. The vulnerability has a CVSS code of 7.5. If a hacker successfully exploits the vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.
Two vulnerabilities CVE-2022-22721 affect 32-bit QNAP NAS models, and CVE-2022-23943 affects mod_sed in Apache HTTP Server on their QNAP device. The vulnerability has a rating of 9.8 in the CVSS scoring system.
The telecommunication giant T-Mobile on Friday revealed that the Lapsus$ hacking group gained access to its networks. As per the company, no customer and government data were compromised.
Microsoft released security patches for 126 vulnerabilities for the month of April 2022. Out of these 71 vulnerabilities, 10 are classified as critical, 113 as classified as important and 3 are classified as moderate. It is found that 51% of the vulnerabilities are locally exploitable.
Ukraine’s Computer Emergency Response Team has reported a new phishing campaign targeting government agencies with IcedID malware, The phishing email message consisted of a weaponized Excel document named “Mobilization Register.xls”.
On Friday GitHub announced that an unnamed advisory is using stolen OAuth user tokens to download private data from several organizations.
A newly discovered strain of malware that intercepts your banking calls and forwards them to cybercriminals impersonating customer support. This malware has been dubbed “FakeCalls” and they are mainly targeting South Korean users.
The cash app is an application developed by “Block”, to transfer money between users. Block inc. has confirmed that there has been a data breach that has nearly exposed 8.2 billion user details.
Security researchers from mobile cybersecurity firm “Kryptowire”, discovered a vulnerability tracked as CVE-2022-22292. The vulnerability exists in preinstalled phone app and executes system privileges in Samsung devices.
A China-linked hacking group has been continuously targeting the Indian power grid. The hacking group mostly uses a modular backdoor named Shadow pad to conduct their activity.
Hydra – World’s largest darknet marketplace based out in Russia, known for its ransomware as a service, hacking services has been shut down by the Germany’s Federal Criminal Police Office, the Bundeskriminalamt (BKA).
A Russian based hacking group Turla uses a custom-based Android malware that mainly targets systems and entitles from Europe and America. This malware needs a total of 18 permissions such as Network state, fine location, camera, audio, read/write external storage to name a few of them.
A 15-year-old security vulnerability in the PEAR PHP repository could allow a threat actor to carry out a supply chain attack. The attacks could also have gained access to unauthorized access to publish rogue packages and execute arbitrary code.
The Anonymous TV hacking group has claimed to have hacked the Russian Orthodox Church’s charitable wing and leaked 15GB of data along with 57000 emails.
On 29th March, Google released an all-new Chrome 100 for the Stable desktop channel. The update includes a new logo, security improvements, and development features.
