Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Data theft, denial-of-service, ransomware—the world of cyber threats has never been more dangerous, in large part because there’s never been more vulnerabilities.

Over the past week, threat actors have started scanning for and opportunistically exploiting CVE-2022-29464--a remote code execution vulnerability in multiple WSO2 products used to integrate application programming interfaces (API), applications, and web services. CVE-2022-29464 vulnerability has a CVSS score of 9.8 and severity of Critical which allowed unauthenticated and remote attackers to execute arbitrary code in the following products.

While every sector of the economy experiences cyber attacks, the oil and gas industry is a particularly enticing target because there are inherent weaknesses in its rapidly expanding digital landscape. It's also an industry that can't afford to go offline at any time, which means cybercriminals can force quick action from those they attack.

Cryptocurrency, the next generation of money. Adored by luminaries from Elon Musk to Snoop Dogg. Now the official currency of El Salvador, and a funding source for Ukrainian resistance to the Russian invasion. But is crypto really all that it seems? Cryptocurrency has tremendous potential to address a host of the world’s financial issues: from limited access to financial resources, to ineffective and costly payment and transfer services.

On March 9, the US Securities and Exchange Commission (SEC) issued proposed rules regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies. SEC Chair Gary Gensler highlighted in the press release that “Over the years, our disclosure regime has evolved to reflect evolving risks and investor needs. Today, cybersecurity is an emerging risk with which public issuers increasingly must contend.

It should come as no surprise that as cryptocurrencies become more popular and edge towards the mainstream, the mining of these digital currencies—which uses computing power to solve complex math problem— has given rise to a new form of cyber attack: cryptojacking. Cryptojacking may sound like a way to steal someone's cryptocurrency assets, but it's a less obvious form of theft.

Tetra Defense, an Arctic Wolf® company, partnered with Chainalysis to analyze the link between the Karakurt cyber extortion group to both Conti and Diavol ransomware through Tetra’s digital forensics and Chainalysis’ blockchain analytics. As recent leaks have revealed, Conti and Trickbot are complicated operations with sophisticated structures. But, our findings indicate that web is even wider than originally thought, to include additional exfiltration-only operations.

April Patch Tuesday brings 145 vulnerability fixes from Microsoft — the highest number in 19 months—including CVE-2022-26809, a critical remote code execution (RCE) vulnerability in Windows Remote Procedure Call (RPC) Runtime library that impacts all supported Windows products. Notably, Microsoft also released security updates for Windows 7, an end-of-life product since January 2020, which highlights the severity of CVE-2022-26809.

On Monday, April 11, 2022, NGINX published a security blog post detailing three vulnerabilities in the NGINX LDAP reference implementation. NGINX is web server software that also performs reverse proxy, load balancing, email proxy, and HTTP cache services. No CVE has been assigned to these vulnerabilities at this time. The reference implementation uses Lightweight Directory Access Protocol (LDAP) to authenticate users of NGINX proxied applications.

On Wednesday, April 6, 2022, VMware disclosed several critical-severity vulnerabilities impacting multiple VMware products. If successfully exploited, the vulnerabilities could lead to Remote Code Execution (RCE) or Authentication Bypass. In addition to the critical severity vulnerabilities, VMware disclosed several high and medium severity vulnerabilities, which could lead to Cross Site Request Forgery (CSRF), Local Privilege Escalation (LPE), or Information Disclosure.