Week in review: Follina exploit delivers Qbot malware, Patch Tuesday forecast, RSAC 2022


Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

RSA Conference 2022 coverage
Check out our microsite for related news, photos, product releases, and more.

Researchers unearth highly evasive “parasitic” Linux malware
Security researchers at Intezer and BlackBerry have documented Symbiote, a wholly unique, multi-purpose piece of Linux malware that is nearly impossible to detect.

Apple unveils passkeys for passwordless authentication to apps and websites
At WWDC 2022, Apple has announced and previewed iOS 16 and iPad OS 16, macOS 13 (aka macOS Ventura), watchOS 9, their new M2 chips, new MacBook Air and Pro, as well as new tools, technologies, and APIs for developers focusing on Apple’s platforms.

Qbot – known channel for ransomware – delivered via phishing and Follina exploit
More than a week has passed since Microsoft acknowledged the existence of the “Follina” vulnerability (CVE-2022-30190), after reports of it being exploited in the wild began to crop up here and there. Since then, other state-backed threat actors have started exploiting it, but now one of the most active Qbot (QakBot) malware affiliates has also been spotted leveraging Follina.

The most common exploit paths enterprises leave open for attackers
Exposed version control repositories, leaked secrets in public code repositories, a subdomain vulnerable to takover, exposed Amazon S3 buckets, and Microsoft Exchange Server servers vulnerable to CVE-2021-42321 exploitation are the most common exploit paths medium to large enterprises left open for attackers in Q1 2022, according to Mandiant.

Summer holiday season fuels upswing of travel-themed spam
Phishers, scammers and malware peddlers are ready to take advantage of the summer holiday season: According to Bitdefender security analysts, the deluge of travel-themed spam has started in March and is expected to reach its peak in June.

Qualys VMDR 2.0 with TruRisk: Taking vulnerability management to the next level
In this interview for Help Net Security, Mehul Revankar, VP of Product Management & Engineering for VMDR at Qualys, talks about Qualys Vulnerability Management, Detection and Response (VMDR) 2.0 with TruRisk.

Attackers aren’t slowing down, here’s what researchers are seeing
In this Help Net Security interview, John Shier, Senior Security Advisor at Sophos, talks about the main findings of two Sophos reports: the 2022 Active Adversary Report and the State of Ransomware Report, which provide an exceptional overview of the modern threat landscape.

Why you should worry about medical ID theft
In this interview with Help Net Security, Paige Hanson, Chief of Cyber Safety Education at NortonLifeLock, talks about the risks posed by medical ID theft, the repercussions of such criminal activity, and what people as well as organizations can do to protect valuable medical information.

June 2022 Patch Tuesday forecast: Internet Explorer fades into the sunset
The hot topic this month has been around CVE-2022-30190, also known as the Follina vulnerability. This vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT) allows for remote code execution.

The costs and damages of DNS attacks
EfficientIP has announced the findings of its eighth annual 2022 Global DNS Threat Report, conducted by IDC, which reveals the damaging impact Domain Name System (DNS) attacks have had on global organizations’ operations over the past 12 months.

Four steps to successful empathetic investigations
How security conducts employee investigations needs to change. All too often, security investigations are an attempt to get an employee to admit to suspected wrongdoing.

Ransomware attacks setting new records
Zscaler released the findings of its annual ThreatLabz Ransomware Report, which revealed an 80 percent increase in ransomware attacks year-over-year.

Recovery and resilience: CISO insights into the 2022 cybersecurity landscape
As the market downturn becomes a real concern for the private sector, resilience and recovery are key for security practitioners. Demand for cutting edge security solutions hasn’t changed, rather the opposite, and the panel suggested avoiding knee-jerk reactions and panic in these volatile times.

Top three most critical areas of web security
Akamai Technologies revealed three research reports at the RSA Conference 2022, focusing on three of the most critical areas of web security: ransomware, web applications and APIs, and DNS traffic.

Getting to grips with SaaS security
SaaS sprawl grows with the number of applications an organization uses in its SaaS stack, and as information in the different applications is distributed, it becomes less and less centralized, resulting in data sprawl.

Boards, CEOs demand software supply chain security improvements
Venafi announced the findings of a global study of 1,000 CIOs, in which 82% say their organizations are vulnerable to cyberattacks targeting software supply chains.

Turning the tables on cyber attackers
In this Help Net Security video, Justin Fier, VP Tactical Risk and Response at Darktrace, provides an overview of the Darktrace Cyber AI Research Centre, discusses AI trends, and showcases how Darktrace can help organizations strengthen their cybersecurity posture.

Barely one-third of IT pros can vet code for tampering
Global research commissioned by ReversingLabs and conducted by Dimensional Research, revealed that software development teams are increasingly concerned about supply chain attacks and tampering, but barely a third said they can effectively vet the security of developed and published code for tampering.

Healthcare-specific cybersecurity problems and how to address them
In this video for Help Net Security, Eric Weisman, CSO at TailorMed, talks about the most significant cybersecurity issues to healthcare organizations, and offers insight on how these can be mitigated.

Intelligence must drive strategic decisions
In this video for Help Net Security, Martin Devenish, Head of Corporate Intelligence at S-RM, talks about the importance of intelligence in driving strategic decisions.

How to create awareness and mitigate data loss incidents
In this video for Help Net Security, James Alliband, Senior Manager of Product Strategy at Tessian, talks about the consequences of data loss and how organizations can protect themselves.

Ransomware attacks keeping the educational sector on its toes
In this video for Help Net Security, John Hendley, Head of Strategy at IBM Security X-Force, discusses the implications of ransomware attacks on the educational sector, and offers tips on how these organizations should protect themselves.

How to build security for the metaverse
In this video for Help Net Security, Camellia Chan, CEO at Flexxon, talks about the blueprint for establishing industry standards in the metaverse to help create cybersecurity processes and technologies faster.

What cybersecurity investors should be aware of in 2022
In this video for Help Net Security, Christian Lawaetz Halvorsen, CTO at Valuer, talks about what cybersecurity investors should be aware of in 2022.

The Intigriti Ethical Hacker Survey 2022
The Intigriti Ethical Hacker Survey 2022 is now available, highlighting how ethical hacking continues to grow as a popular career choice for all levels of security experts.

Business fit report: Echoworx Email Encryption
The security of our data is, without question, at the top of any enterprise’s priority list. It is not just an IT problem; this is an issue that impacts all facets of business.

New infosec products of the week: June 10, 2022
Here’s a look at the most interesting products from the past week, featuring releases from Acronis, Code42, Cynet, Elastic, Living Security, Lumu, NetWitness, Qualys, SafeBreach, and Swimlane.

More about

Don't miss