Week in review: F5 BIG-IP RCE exploitation, URL spoofing flaws in Zoom, Google Docs


Here’s an overview of some of last week’s most interesting news, articles and interviews:

Microsoft patches Windows LSA spoofing zero-day under active attack (CVE-2022-26925)
May 2022 Patch Tuesday is here, and Microsoft has marked it by releasing fixes for 74 CVE-numbered vulnerabilities, including one zero-day under active attack (CVE-2022-26925) and two publicly known vulnerabilities (CVE-2022-29972 and CVE-2022-22713).

Attackers are attempting to exploit critical F5 BIG-IP RCE
Researchers have developed PoC exploits for CVE-2022-1388, a critical remote code execution bug affecting F5 BIG-IP multi-purpose networking devices/modules.

Researchers uncover URL spoofing flaws on Zoom, Box, Google Docs
Researchers have discovered several URL spoofing bugs in Box, Zoom and Google Docs that would allow phishers to generate links to malicious content and make it look like it’s hosted by an organization’s SaaS account.

Critical flaw in Zyxel firewalls grants access to corporate networks (CVE-2022-30525)
A critical vulnerability (CVE-2022-30525) affecting several models of Zyxel firewalls has been publicly revealed, along with a Metasploit module that exploits it.

Data centers on steel wheels: Can we trust the safety of the railway infrastructure?
In this interview for Help Net Security, Dimitri van Zantvliet Rozemeijer, CISO at Nederlandse Spoorwegen (Dutch Railways), talks about railway cybersecurity and the progresses this industry has made to guarantee safety.

Google Drive emerges as top app for malware downloads
Netskope published a research which found that phishing downloads saw a sharp increase of 450% over the past 12 months, fueled by attackers using search engine optimization (SEO) techniques to improve the ranking of malicious PDF files on popular search engines, including Google and Bing.

The role of streaming machine learning in encrypted traffic analysis
Organizations now create and move more data than at any time ever before in human history. Network traffic continues to increase, and global internet bandwidth grew by 29% in 2021, reaching 786 Tbps.

Password reuse is rampant among Fortune 1000 employees
SpyCloud published an annual analysis of identity exposure among employees of Fortune 1000 companies in key sectors such as technology, finance, retail and telecommunications.

How to set up a powerful insider threat program
Security spend continues to focus on external threats despite threats often coming from within the organization. A recent Imperva report (by Forrester Research) found only 18 percent prioritized spend on a dedicated insider threat program (ITP) compared to 25 percent focused on external threat intelligence.

Is that health app safe to use? A new framework aims to provide an answer
A new framework for assessing the privacy, technical security, usability and clinical assurance and safety of digital health technologies has been created by the American College of Physicians (ACP), the American Telemedicine Association (ATA) and ORCHA, the Organization for the Review of Care and Health Applications.

An offensive mindset is crucial for effective cyber defense
As ransomware attacks continue to increase and cybercriminals are becoming more sophisticated, the federal government has implemented a more proactive approach when it comes to cybersecurity.

How to avoid headaches when publishing a CVE
Finding a CVE (Common Vulnerabilities and Exposures) is the first step in a process which starts with the identification of a zero-day and could end with fame and glory – if the discovery is significant enough.

A 10-point plan to improve the security of open source software
The Linux Foundation and the Open Source Software Security Foundation, with input provided by executives from 37 companies and many U.S. government leaders, delivered a 10-point plan to broadly address open source and software supply chain security, by securing open source security production, improving vulnerability discovery and remediation, and shortening the patching response time of the ecosystem.

The SaaS-to-SaaS supply chain is a wild, wild mess
The SaaS-to-SaaS supply chain continues to grow uninhibited, without alerting security teams on new risks and connections created by non-human identities that cannot be resolved using traditional security controls designed for human-to-app interactions.

Funding women-led cybersecurity startups: Where are we at?
In this video for Help Net Security, Lisa Xu, CEO at NopSec, talks about the cybersecurity funding landscape and its lack of diversity.

Threats to hardware security are growing
In this video for Help Net Security, Jason Oberg, CTO at Tortuga Logic, talks about the growing hardware security threats.

Ransomware works fast, you need to be faster to counter it
In this video for Help Net Security, Chuck Everette, Director of Cybersecurity Advocacy at Deep Instinct, talks about the ransomware threat, the speed at which ransomware attacks unfold, and offers advice on how to mitigate the associated risk.

Shrinking healthcare cybersecurity gaps between hospitals and manufacturers
In this video for Help Net Security, Christopher Gates, Director of Product Security at Velentium, talks about the gaps in healthcare cybersecurity, as well as the new FDA premarket cybersecurity guidance for medical device manufacturers and Health Sector Coordinating Council’s model contract language template.

Why are DDoS attacks so easy to launch and so hard to defend against?
In this video for Help Net Security, Ivan Shefrin, Executive Director at Comcast Business, talks about how businesses can monitor for and mitigate against DDoS attacks.

Welcome “Frappo” – Resecurity identified a new Phishing-as-a-Service
The Resecurity HUNTER unit identified a new underground service called “Frappo”, which is available on the Dark Web.

Download guide: Evaluating third-party security platforms
A comprehensive third-party security program can align your vendor’s security with your internal security controls and risk appetite. Such a program can also help you remediate risk if your vendors fall short.

New infosec products of the week: May 13, 2022
Here’s a look at the most interesting products from the past week, featuring releases from Cohesity, ForgeRock, iDenfy, Nasuni, Orca Security, SecureAge, and Sonatype.

More about

Don't miss