Weekly Cybersecurity Recap January 7, 2022
Table of Contents
- By David Lukic
- Published: Jan 07, 2022
- Last Updated: May 18, 2022
The new year has gotten off to quite the dramatic start in the context of digital attacks. Cyber miscreants are causing problems here in the United States and abroad even though the new year is merely one week old. Here’s a quick recap of this week’s digital hacks and attacks of note.
Cobalt Strike
Nation-states are employing Cobalt Strike and other living off the land digital hacking tactics to steal information. Living off the land hacks appear harmless yet cause all sorts of problems for organizations spanning a wide array of industries. This type of attack manipulates functions and tools within networks. Azure LoLBins is one of the many examples of living off the land tactics. Cobalt Strikes are also used to generate botnets, infect computers, and implement ransomware.
The DoorLock HomeKit Bug
Everyone who owns an Apple device should be aware of the DoorLock HomeKit digital security flaw. The Apple iOS mobile operating system is fallible in that it has a significant DoS vulnerability, meaning denial-of-service weakness. This bug prompts Apple devices to endlessly reboot or crash at startup. The bug can also provide an opportunity to steal target users' data.
Financial Theft Hacks
Cyber security specialists have identified a massive financial theft hack. The hackers are covertly stealing small amounts of money from retailers, banks, and other financial institutions primarily in Latin America.
Malsmoke Exploits Microsoft E-Signature Verification
The hacking group known as Malsmoke is stealing valuable information through a clandestine campaign. The group uses ZLoader malware for the hack. The malware steals valuable data, including user credentials. All in all, 2,000 targets have been compromised in more than 100 countries.
Google Docs Exploit
Digital attackers are exploiting a security flaw within the comments feature of Google Docs. These phishing attacks were identified in December. The digital miscreants use the comments section of Google Docs to transmit harmful links within an overarching phishing campaign that zeroes in on Outlook users.
VMWare Addresses Bug Impacting Fusion, Workstation, and ESXi Products
VMWare is providing updates tailored to products from ESXi, Fusion, and Workstation. The updates address digital security vulnerabilities that have the potential to be weaponized through threat actors. These vulnerabilities empower threat actors to take over the affected systems if unpatched.
Morgan Stanley Breach Settlement
Morgan Stanley is in the news for agreeing to pay a whopping $60 million in a digital security settlement. Regulators state the financial powerhouse failed to sufficiently decommission its legacy equipment. The resulting unencrypted data remaining on systems put clients’ sensitive information at risk. Everything from customer names to Social Security numbers, credit card numbers, dates of birth, and account information were revealed to potential wrongdoers.
Google Acknowledges Browser Vulnerabilities with Chrome Update
Google recently released a new update for its Chrome browser to patch a litany of browser vulnerabilities. All in all, nearly 40 such security flaws exist. One of those flaws is considered severe, meaning every individual and business who uses Chrome for web surfing should implement the patch as soon as possible.