Invinsense Cybersecurity Newsletter 24-Jan-22

Patch Notes

• Adobe Patches Reader Flaws That Earned Hackers $150,000 at Chinese Contest

• First Patch Tuesday of 2022 Brings Fix for a Critical ‘Wormable’ Windows Vulnerability

• Apple Releases iPhone and iPad Updates to Patch HomeKit DoS Vulnerability

• Cisco Patches Critical Vulnerability in Contact Center Products

• GitLab shifts left to patch high-impact vulnerabilities

• Firefox fixes fullscreen notification bypass bug that could have led to convincing phishing campaigns

Cyber Attacks

• Ransomware targets Edge users

• Mobile Phishing & Managing User Fallibility

• A New Destructive Malware Targeting Ukrainian Government and Business Entities

• Critical Cisco Contact Center Bug Threatens Customer-Service Havoc

• Researchers Decrypted Qakbot Banking Trojan’s Encrypted Registry Keys

• Defense contractor Hensoldt confirms Lorenz ransomware attack

• Phishers are targeting Office 365 users by exploiting Adobe Cloud

Malware and Vulnerabilities

• New SysJoker backdoor targets Windows, macOS, and Linux

• IP spoofing bug leaves Django REST applications open to DDoS, password-cracking attacks

• Critical SonicWall NAC Vulnerability Stems from Apache Mods

• Microsoft: New critical Windows HTTP vulnerability is wormable

• Threat actors can bypass malware detection due to Microsoft Defender weakness

• Three Plugins with Same Bug Put 84K WordPress Sites at Risk

Cyber Tech

• New KCodes NetUSB Bug Affect Millions of Routers from Different Vendors

• A New Approach to Detect Stealthy Malware on IoT Devices

• NoReboot - Faking iPhone Shutdown and Reboot

• Introducing vAPI – an open source lab environment to learn about API security