2022 - Information Management Today

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Security Affairs

APRIL 22, 2024

Microsoft reported that the Russia-linked APT28 group (aka “ Forest Blizzard ”, “ Fancybear ” or “ Strontium ” used a previously unknown tool, dubbed GooseEgg, to exploit the Windows Print Spooler flaw CVE-2022-38028. The vulnerability CVE-2022-38028 was reported by the U.S.

Military

Military File names Education Phishing

Feds Link $150M Cyberheist to 2022 LastPass Hacks

Krebs on Security

MARCH 7, 2025

In September 2023, KrebsOnSecurity published findings from security researchers who concluded that a series of six-figure cyberheists across dozens of victims resulted from thieves cracking master passwords stolen from the password manager service LastPass in 2022. In a court filing…

Passwords

Passwords Security

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Security Affairs

JANUARY 15, 2025

released in October 2022. “The build date coded in the last number block also points to the same date range: None of the firewall firmwares examined had been compiled after September 14, 2022.” The analysis of the configuration files revealed that all the FortiOS versions in the data set were older than version 7.2.2,

Passwords

Passwords Security IT Data breaches

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Black Basta ransomware gang hit BT Group

Security Affairs

DECEMBER 4, 2024

Black Basta ransomware-as-a-service (RaaS) has been active since April 2022, it impacted several businesses and critical infrastructure entities across North America, Europe, and Australia. Black Basta is a ransomware-as-a-service (RaaS) variant, first identified in April 2022. reads the CSA.

Ransomware

Ransomware Blockchain Insurance Data breaches

Going to Market Smarter in the New Economy

Advertiser: ZoomInfo

In 2022, as companies continue to move more functions online, employees will take a more virtual -- and flexible -- mindset and lifestyle in parallel to the digitization of businesses. The fight to find new customers and retain existing ones is the biggest business challenge for many companies.

Marketing

Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks

Security Affairs

DECEMBER 13, 2023

Sophos backports the patch for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions due to ongoing attacks exploiting the issue. In December 2022, Sophos released security patches to address seven vulnerabilities in Sophos Firewall version 19.5 , including some arbitrary code execution bugs. reads the advisory.

Security

Security IT Information Security

US Treasury Department sanctioned Chinese cybersecurity firm linked to Flax Typhoon APT

Security Affairs

JANUARY 4, 2025

networks since the summer of 2022. According to OFAC, between 2022 and 2023, Flax Typhoon hacked U.S. Treasury sanctioned a Chinese cybersecurity firm, Integrity Tech, for links to cyberattacks by Chinas state-backed Flax Typhoon APT group (also called Ethereal Panda or RedJuliett). critical infrastructure sectors.“

Cybersecurity

Cybersecurity IoT Risk IT

The Mask APT is back after 10 years of silence

Security Affairs

DECEMBER 18, 2024

The APT group targeted an organization in Latin America in 2019 and 2022. While investigating the 2022 attack, the researchers noticed that the victim organization had also suffered a 2019 attack using “Careto2” and “Goreto” frameworks. ” reads the analysis published by Kaspersky.

Government

Government IT Access Information Security

Hunters International gang claims the theft of 1.4 TB of data allegedly stolen from Tata Technologies

Security Affairs

MARCH 5, 2025

On October 14, 2022, Tata Power, Indias largest power generation company, announced a cyber attack hit its infrastructure. The gang claims to have breached the corporate network on October 3rd, 2022. The Hunter International group recently added the Indian company to the list of victims on its Tor leak site.

Ransomware

Ransomware Manufacturing IT Security

The ABC’s of Recruiting for Gen Z

Advertiser: ZoomInfo

In 2022, society has fully immersed itself in the web and all it has to offer - and no one more so than those of Generation Z. Take a look around you at any given moment, and somebody is likely surfing the web on their phone.

IT

Australia Optus 2022 Data Breach 'Not Highly Sophisticated'

Data Breach Today

JUNE 21, 2024

Hackers Exploited Coding Error, Says Australian Communications and Media Authority Hackers behind the leak of 10 million records from Australia's second-largest telecommunications carrier Optus exploited a vulnerability the company unwittingly inserted four years earlier into a web portal access control, said the Australian Communications and Media (..)

Data breaches

Data breaches Communications Access

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

Security Affairs

OCTOBER 12, 2024

Since April 2021, Russian state-sponsored hackers have exploited vulnerabilities, including Zimbra’s CVE-2022-27924 for injecting commands to access credentials and emails, and JetBrains TeamCity’s CVE-2023-42793 for arbitrary code execution through an authentication bypass.

Data collection

Data collection Authentication Access Cybersecurity

CISA adds Microsoft Windows Print Spooler flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 25, 2024

CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2022-38028 Microsoft Windows Print Spooler Privilege Escalation vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.

IT

IT Education Cybersecurity Risk

Brazil’s Polícia Federal arrested the notorious hacker USDoD

Security Affairs

OCTOBER 16, 2024

However, the Brazilian national turned into more complex cybercriminal activities by 2022. CrowdStrike’s investigation reveals that USDoD’s leader, Luan BG, has been a hacktivist active since at least 2017. The link between Luan’s hacktivism and cybercrime was established due to his bad Operational security (opsec).

Data breaches

Data breaches Cybersecurity Risk IT

What We Learned From Our Own Data-Driven ABM Strategy

Advertiser: ZoomInfo

So, what does ABM look like in 2022? Analysts and professionals alike tend to argue that account based marketing (ABM) is not new. On the surface, this is an accurate statement. However, ABM practitioners have evolved the strategy from development to implementation.

B2B

China’s Volt Typhoon botnet has re-emerged

Security Affairs

NOVEMBER 13, 2024

The botnet is comprised of two complementary activity clusters, the experts believe it has been active since at least February 2022. In early July and August of 2022, the researchers noticed several Cisco RV320s , DrayTek Vigor routers , and NETGEAR ProSAFEs that were part of the botnet.

e-Discovery

e-Discovery Communications Ransomware Government

Advanced Fined 3 Million Pounds Over 2022 Ransomware Hack

Data Breach Today

MARCH 26, 2025

million pound fine for a 2022 ransomware hack that exposed medical records of tens of thousands of National Health Service patients. UK ICO Says Advanced's Security Measures 'Fell Seriously Short' A British IT service company must pay a 3.07

Ransomware

Ransomware Authentication Security IT

J-magic malware campaign targets Juniper routers

Security Affairs

JANUARY 24, 2025

Lumen experts also mentioned another variant of cd00r, codenamed SEASPY , that was used in a campaign targeting Barracuda Email Security Gateway (ESG) appliances that dates back in 2022. However, there is no evidence that the two campaigns are linked.

Encryption

Encryption Access Security IT

US DoJ charges five alleged members of the Scattered Spider cybercrime gang

Security Affairs

NOVEMBER 21, 2024

He is accused of stealing at least $800,000 from five victims between August 2022 and March 2023. Urban, known online as “Sosa” and “King Bob,” is linked to the same group that hacked Twilio and other companies in 2022. In January 2024, U.S.

Phishing

Phishing Access Passwords Ransomware

Partner Webinar: A Framework for Building Data Mesh Architecture

Speaker: Jeremiah Morrow, Nicolò Bidotti, and Achille Barbieri

Register now for the webinar on June 9, 2022 at 2:00 am PST, 5:00 am EST, and 11:00 am CEST. How Agile Lab and Enel Group used Dremio to connect their disparate organizations across geographies and business units. Leveraging Dremio for data governance and multi-cloud with Arrow Flight.

Government

Ivanti fixed a maximum severity flaw in its Endpoint Management software (EPM)

Security Affairs

SEPTEMBER 11, 2024

“Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.” ” reads the advisory published by the company. High) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Critical) CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Authentication

Authentication IT IoT Security

Critical SQL Injection flaws impact Ivanti Endpoint Manager (EPM)

Security Affairs

MAY 23, 2024

Below is the list of the addressed vulnerabilities: CVE Description CVSS Vector CVE-2024-29822 An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.

Authentication

Authentication Security Information Security IT

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

Security Affairs

MARCH 20, 2025

The DCRat consists of three components: A stealer/client executable A single PHP page, serving as the command-and-control (C2) endpoint/interface An administrator tool In June 2022, the Governmental Computer Emergency Response Team of Ukraine (CERT-UA) warned of another malware campaign targeting Ukrainian telecommunications operators with the DarkCrystal (..)

Computer and Electronics

Computer and Electronics Archiving Passwords Government

Dutch police dismantled dual dark web market ‘Bohemia/Cannabia’

Security Affairs

OCTOBER 14, 2024

Law enforcement agencies from the United Kingdom, United States, and Ireland participated in the operation that began towards the end of 2022. These are two of the largest and longest-running dark web platforms for the trade of illegal goods, drugs, and cybercrime services.

Marketing

Marketing IT Information Security Security

Building Best-in-Class Enterprise Analytics

Speaker: Anthony Roach, Director of Product Management at Tableau Software, and Jeremiah Morrow, Partner Solution Marketing Director at Dremio

Register now for the webinar on April 21, 2022 at 10:00 am PDT, 12:00 pm EDT to learn how Dremio and Tableau are delivering mission critical BI and interactive analytics on data directly in the data lake. A self-service platform for data exploration and visualization that broadens access to analytic insights.

Analytics

CISA adds GeoSolutionsGroup JAI-EXT, Linux Kernel, and Roundcube Webmail bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

JUNE 27, 2024

in April 2022. Technical details and PoC exploit code are publicly available since August 2022. Linux Kernel Flaw CVE-2022-2586 (CVSS score of 7.8) White hat hackers demonstrated an exploit for this issue during the Pwn2Own Vancouver 2022. is a code injection issue in the Jai-Ext open source project. and 1.3.12.

IT

IT Cybersecurity Risk Security

Blackbasta group claims to have hacked Atlas, one of the largest US oil distributors

Security Affairs

MAY 21, 2024

Black Basta has been active since April 2022, like other ransomware operations, it implements a double-extortion attack model. In November 2022, Sentinel Labs researchers reported having found evidence that links the Black Basta ransomware gang to the financially motivated hacking group FIN7.

Ransomware

Ransomware Phishing Access IT

China-linked threat actors stole 10% of Belgian State Security Service (VSSE)’s staff emails

Security Affairs

FEBRUARY 27, 2025

As per the vendors statement, the flaw has been exploited in real-world scenarios, with incidents dating back to October 2022 at the very least. Earliest identified evidence of exploitation of CVE-2023-2868 is currently October 2022. The company confirmed that the CVE-2023-2868 was first exploited in October 2022.

Security

Security Access Government Cybersecurity

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Krebs on Security

JUNE 15, 2024

. — and charged him with stealing at least $800,000 from five victims between August 2022 and March 2023. Urban allegedly went by the nicknames “ Sosa ” and “ King Bob, ” and is believed to be part of the same crew that hacked Twilio and a slew of other companies in 2022.

Phishing

Phishing Passwords Authentication Encryption

Marketing-Led COVID-19 Growth Strategies: 2022 and Beyond

Advertiser: ZoomInfo

More than two years into the pandemic, COVID-19 is far from over. Businesses are tasked with beating pre-pandemic numbers, making marketing more essential than ever before.

Marketing

CISA adds Qualcomm flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

DECEMBER 6, 2023

CVE-2022-22071 was included in our May 2022 public bulletin. CVE-2022-22071 was included in our May 2022 public bulletin. Google Threat Analysis Group and Google Project Zero first reported that the CVE-2023-33106, CVE-2023-33107, CVE-2022-22071 and CVE-2023-33063 were actively exploited in targeted attacks.

IT

IT Cybersecurity Risk Security

Burnout in SOCs: How AI Can Help Analysts Focus on High-Value Tasks

Security Affairs

DECEMBER 5, 2024

Research published in Dark Reading in 2022 revealed that 70% experience burnout, and 65% said they were likely to change jobs in the next year. The Reality of SOC Burnout SOC analysts have it rough. Whether they did or not, we’ll probably never know.

Cybersecurity

Cybersecurity Artificial Intelligence Risk Data collection

Australian government announced sanctions for Medibank hacker

Security Affairs

JANUARY 23, 2024

The Australian government announced sanctions for a member of the REvil ransomware group for the Medibank hack that occurred in 2022. The man is responsible for the cyber attacks that in 2022 hit the Australian insurance provider Medibank. “ In November 2022, Medibank announced that personal data belonging to around 9.7M

Government

Government Insurance Ransomware Data breaches

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

Security Affairs

SEPTEMBER 8, 2023

The state-sponsored hackers exploited the CVE-2022-47966 RCE vulnerability in Zoho ManageEngine. The CVE-2022-47966 flaw is an unauthenticated remote code execution vulnerability that impacts multiple Zoho products with SAML SSO enabled in the ManageEngine setup. The vulnerability was addressed by the company on October 27th, 2022.

Cybersecurity

Cybersecurity Access Security Encryption

A Practical Guide to Business Intelligence Governance

Speaker: Marius Moscovici, CEO Metric Insights & Mike Smitheman, VP Metric Insights

September 14th, 2022 at 9:30 am PT, 12:30 pm ET, 5:30 pm BST This presentation will provide a practical step-by-step guide for implementing effective BI governance and a toolkit for addressing the three critical aspects of any program: People - Roles and responsibility in the governance process.

Government

Ivanti fixed a maximum severity flaw in its Endpoint Management software (EPM)

Security Affairs

SEPTEMBER 11, 2024

“Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.” ” reads the advisory published by the company. High) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Critical) CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Authentication

Authentication IT IoT Access

Hackers obtained user data from Twilio-owned 2FA authentication app Authy

Security Affairs

JULY 4, 2024

” In August 2022, Twilio disclosed a data breach, threat actors had access to the data of some of its customers. On August 4, 2022, Twilio became aware of unauthorized access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials.

Authentication

Authentication Phishing Communications Access

US offers $10 million reward for info on Hive ransomware group leaders

Security Affairs

FEBRUARY 8, 2024

Starting from the end of July 2022, the FBI infiltrated Hive’s computer networks. The threat actors behind the Hive RaaS have extorted $100 million in ransom payments from over 1,300 companies worldwide as of November 2022, reported the U.S. cybersecurity and intelligence authorities in January.

Ransomware

Ransomware Blockchain Manufacturing Analytics

FBI seized the notorious BreachForums hacking forum

Security Affairs

MAY 15, 2024

From March 2022 until March 2023, a separate version of BreachForums (hosted at breached.vc/.to/.co) The BreachForums hacking forum was launched in 2022 after the law enforcement authorities seized RaidForums as a result of Operation TOURNIQUET. According to the statement published by law enforcement on the site breachforums.ic3.gov

Access

Access IT Information Security Security

Build Your Open Data Lakehouse on Apache Iceberg

Speaker: Veena Vasudevan and Jason Hughes

Register now for the live webinar on August 16th, 2022 at 9:00 am PST, 12:00 pm EST. In this webinar, Dremio and AWS will discuss the most common challenges in data architecture and how to overcome them with an open data lakehouse architecture on AWS.

Access

CNN, Paris Hilton, and Sony TikTok accounts hacked via DMs

Security Affairs

JUNE 5, 2024

In August 2022, Microsoft researchers discovered a high-severity flaw ( CVE-2022-28799 ) in the TikTok Android app, which could have allowed attackers to hijack users’ accounts with a single click. Microsoft reported the issue to TikTok in February 2022, and the company quickly addressed it.

Access

Access Security IT Information Security

I invested $50 in Bitcoin in 2022, and it's been a ride. Here's how much I have now

Collaboration 2.0

JANUARY 2, 2025

Bitcoin dropped, crashed, and burned - then it skyrocketed. My $50 investment went through the wringer. Here's how 2024's halving event and political shifts turned massive losses into unexpected gains.

IT

Root access vulnerability in GNU Library C (glibc) impacts many Linux distros

Security Affairs

JANUARY 30, 2024

in August 2022. “This vulnerability was introduced in glibc 2.37 (in August 2022) by the following commit: [link] and was also backported to glibc 2.36 because this commit was a fix for another, minor vulnerability in __vsyslog_internal() (CVE-2022-39046, an “uninitialized memory [read] from the heap”).”

Libraries

Libraries Access Security IT

US teenager pleads guilty to his role in credential stuffing attack on a betting site

Security Affairs

NOVEMBER 20, 2023

3 On or about November 18, 2022, the man launched a credential stuffing attack on the Betting Website and gained access to approximately 60,000 accounts. According to court documents, on November 18, 2022, Garrison launched the attack against the betting site, obtaining access to approximately 60,000 user accounts.

Passwords

Passwords Access Information Security IT

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

August 11, 2022 at 11:00 am PDT, 2:00 pm EDT, 7:00 pm GMT In this webinar, you will learn how to: Outline popular change management models and processes. Organize ERM strategy, operations, and data. Determine impact tangents. Practice change management process with ERM data.

Risk

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Feds Link $150M Cyberheist to 2022 LastPass Hacks

Webinars

Trending Sources

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Webinars

Black Basta ransomware gang hit BT Group

Going to Market Smarter in the New Economy

Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks

US Treasury Department sanctioned Chinese cybersecurity firm linked to Flax Typhoon APT

The Mask APT is back after 10 years of silence

Hunters International gang claims the theft of 1.4 TB of data allegedly stolen from Tata Technologies

The ABC’s of Recruiting for Gen Z

Australia Optus 2022 Data Breach 'Not Highly Sophisticated'

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

CISA adds Microsoft Windows Print Spooler flaw to its Known Exploited Vulnerabilities catalog

Brazil’s Polícia Federal arrested the notorious hacker USDoD

What We Learned From Our Own Data-Driven ABM Strategy

China’s Volt Typhoon botnet has re-emerged

Advanced Fined 3 Million Pounds Over 2022 Ransomware Hack

J-magic malware campaign targets Juniper routers

US DoJ charges five alleged members of the Scattered Spider cybercrime gang

Partner Webinar: A Framework for Building Data Mesh Architecture

Ivanti fixed a maximum severity flaw in its Endpoint Management software (EPM)

Critical SQL Injection flaws impact Ivanti Endpoint Manager (EPM)

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

Dutch police dismantled dual dark web market ‘Bohemia/Cannabia’

Building Best-in-Class Enterprise Analytics

CISA adds GeoSolutionsGroup JAI-EXT, Linux Kernel, and Roundcube Webmail bugs to its Known Exploited Vulnerabilities catalog

Blackbasta group claims to have hacked Atlas, one of the largest US oil distributors

China-linked threat actors stole 10% of Belgian State Security Service (VSSE)’s staff emails

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Marketing-Led COVID-19 Growth Strategies: 2022 and Beyond

CISA adds Qualcomm flaws to its Known Exploited Vulnerabilities catalog

Burnout in SOCs: How AI Can Help Analysts Focus on High-Value Tasks

Australian government announced sanctions for Medibank hacker

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

A Practical Guide to Business Intelligence Governance

Ivanti fixed a maximum severity flaw in its Endpoint Management software (EPM)

Hackers obtained user data from Twilio-owned 2FA authentication app Authy

US offers $10 million reward for info on Hive ransomware group leaders

FBI seized the notorious BreachForums hacking forum

Build Your Open Data Lakehouse on Apache Iceberg

CNN, Paris Hilton, and Sony TikTok accounts hacked via DMs

I invested $50 in Bitcoin in 2022, and it's been a ride. Here's how much I have now

Root access vulnerability in GNU Library C (glibc) impacts many Linux distros

US teenager pleads guilty to his role in credential stuffing attack on a betting site

Successful Change Management with Enterprise Risk Management

Stay Connected