Monthly Security Bulletin – December 2022

December hot topics:

• Microsoft fixes critical RCE flaw affecting Azure Cosmos DB
• Dropbox discloses breach after hacker stole 130 GitHub repositories
• New Crimson Kingsnake gang impersonates law firms in BEC attacks
• RomCom RAT malware campaign impersonates KeePass, SolarWinds NPM, Veeam
• As Twitter brings on $8 fee, phishing emails target verified accounts
• Microsoft sued for open-source piracy through GitHub Copilot
• Malicious extension lets attackers control Google Chrome remotely
• Lenovo fixes flaws that can be used to disable UEFI Secure Boot
• 15,000 sites hacked for massive Google SEO poisoning campaign
• Worok hackers hide new malware in PNGs using steganography
• DuckDuckGo now lets all Android users block trackers in their apps
• Failures in Twitter’s Two-Factor Authentication System
• Successful Hack of Time-Triggered Ethernet
• Exploit released for actively abused ProxyNotShell Exchange bug
• Google Chrome extension used to steal cryptocurrency, passwords
• Apple’s Device Analytics Can Identify iCloud Users
• Pro-Russian hacktivists take down EU Parliament site in DDoS attack
• Trigona ransomware spotted in increasing attacks worldwide
• Cybersecurity researchers take down DDoS botnet by accident