Monthly Security Bulletin – November 2022
Learn more about the latest Cybersecurity news in the November edition of our monthly Security bulletin, prepared by our Senior Security Analysts.
November hot topics:
- Over 1,000 iOS apps found exposing hardcoded AWS credentials
- Facebook Has No Idea What Data It Has
- GIFShell attack creates reverse shell using Microsoft Teams GIFs
- Phishing page embeds keylogger to steal passwords as you type
- Microsoft Teams stores auth tokens as cleartext in Windows, Linux, Macs
- Relay Attack against Teslas
- Zoom is down, users unable to sign in or join meetings
- New malware bundle self-spreads through YouTube gaming videos
- Microsoft Edge’s News Feed ads abused for tech support scams
- Massive Data Breach at Uber
- VMware, Microsoft warn of widespread Chromeloader malware attacks
- MFA Fatigue: Hackers’ new favorite tactic in high-profile breaches
- 2K Games says hacked help desk targeted players with malware
- Okta: Credential stuffing accounts for 34% of all login attempts
- Unpatched 15-year old Python bug allows code execution in 350k projects
- Microsoft: Exchange servers hacked via OAuth apps for phishing
- Microsoft SQL servers hacked in TargetCompany ransomware attacks
- Leaking Passwords through the Spellchecker
- Hackers use PowerPoint files for ‘mouseover’ malware delivery
- New Erbium password-stealing malware spreads as game cracks, cheats
- New NullMixer dropper infects your PC with a dozen malware families
- New malware backdoors VMware ESXi servers to hijack virtual machines
- Microsoft confirms new Exchange zero-days are used in attacks
