A security flaw has been tracked in the Zoom for macOS app. The flaw has a CVSS score of 7.3. More: - According to the company, the flaw is a debugging port misconfiguration.
- A threat actor could take advantage of the flaw to connect to and control the Zoom Apps running in the Zoom client.
- This bug is being tracked as CVE-2022-28762.
- The company also patched a bug that affected Zoom On-Premise Meeting Connector Multimedia Router (MMR).
- The vulnerability is tracked as CVE-2022-2876 and has a CVSS score of 6.5.
Zoom Out: - Recently, the Indian government released a warning about several security flaws it had found in Zoom's infrastructure.
| |
Tata Power, India's leading power producer, has been hit by a cyberattack. The company has stated that all critical systems are functioning. More: - The company has placed certain employees under restricted access.
- Tata Power has not shared details regarding any possible data theft or ransom.
- Local authorities are believed to have warned the company of imminent cyberattacks a few days before hackers launched the hacking campaign.
- The Indian power giant contributes 13,974 MW to the country's power grid, making it a leader in the market.
Zoom Out: - In April, security researchers tracked a hacking campaign deployed by a China-linked threat actor targeting Indian power grid organizations.
- In Early 2022, a number of cyberattacks targeted at least 7 Indian State Load Despatch Centres. The SLDCs carry out real-time operations for grid control and electricity dispatch within their territory.
| |
 A message from SECURITY COMPASS Current approaches to software threat modeling simply don’t work. They are manual, inconsistent, take too long, don’t scale, and don’t give developers what they need. When software security and compliance are considered more as an afterthought, rather than a vital step in the development process, organizations end up trying to remediate security and compliance issues after software has been written, rather than preventing issues in the first place. Here you can find a series of posts breaking down how you can anticipate threats earlier in the software development life cycle to create more secure and compliant software. Empower DevSecOps teams to make software secure and compliant by: - Design through automating threat modeling
- Generating application security requirements
- Providing secure development
- Compliance best practices.
The SD Elements platform is the best solution for organizations who need to scalably model software threats, identify countermeasures, and deliver secure, compliant code quickly. Download the whitepapers
| |
The government of Bulgaria has announced that several institutions have been hit by a Russian cyberattack. The government has identified at least one individual involved. More: - The threat actor attacked several institutions of the Bulgarian government, such as the Internal Affairs Ministry, The Defense Ministry, The Constitutional Court, and the Justice Ministry.
- Bulgarian authorities stated that they traced the attack to Magnitogorsk, Russia, but they did not give any more information due to the ongoing investigation.
- The cyberattack is being considered an attack on the entire country's infrastructure and not just on institutional websites.
- DDoS attacks were the threat vector used in this hacking campaign.
- The Bulgarian government will request the extradition of the identified individual.
Zoom Out: - Pro-Russia hackers claimed credit for a cyberattacking campaign on tens of U.S. airports last week. The attack forced the airports to shut down their websites and online infrastructure.
- Russian hackers have been responsible for other hacking campaigns as well, such as the cyberattacks on numerous U.S. telecom companies back in March 2022.
| |
Interpol has arrested 75 members of the Black Axe crime group. Most arrests were made in South Africa. More: - The group is believed to have been involved in many illegal activities, ranging from online scams to drug trafficking.
- INTERPOL seized:
- $1.9M in cash
- 12,000 SIM cards
- three cars
- It also made 75 total arrests and searched 49 properties.
- The suspects were located in countries such as Argentina, Australia, Côte d'Ivoire, France, Germany, Ireland, Italy, Malaysia, Nigeria, Spain, the U.S., South Africa, the UAE, and the U.K.
| |
 A message from IMPACT Tis’ the season for savvy spending! Work with partners to promote the best deals and get consumers to add to their cart early so that you can sleep easy this season. Tap into Impact.com's content hub for access to their free toolkit which includes: - Current guides on affiliate and influencer marketing in 2022
- Ebooks on partnership management
- Case studies with brands' partnership program success journeys
- Reviews of the latest industry trends and projections
- Best practices to scale your program
Learn why scaling affiliate and influencer programs is at the top of everyone’s wishlist this year. Get the toolkit
| |
New ransomware is targeting transportation and logistics companies in Ukraine and Poland. The attack is believed to have come from Russia-backed actors. More: - The hacking campaign was tracked by Microsoft's Threat Intelligence Center.
- While the techniques used for the cyberattack are similar to previous ones tracked by Microsoft, there are several differences that make it difficult to tie the campaign with one specific threat actor.
- In this case, the threat actor used a ransomware variant named Prestige, which Microsoft claims it has never tracked before.
- The hackers used three different methods to deploy the payload, while they also used RemoteExec, Impacket WMIexec,winPEAS, and other tools to ensure that the code is remotely executed and data is extracted.
| |
Quick Hits: - You might have an amazing product and team, but you’ll struggle with your next funding round if you’re weak on this one metric.*
- Amazon has warned its customers of an active hacking campaign that uses phishing to steal important information such as names, emails, addresses, credit card info, etc.
- A ransomware variant tracked as Venus ransomware is able to breach remote desktop services, researchers claim.
- Hackers forced the council of Hackney, a borough in London, to pay $11.7M in one year in order to recover from the damages they caused the town through a cyberattack.
- A former Wall Street Journal journalist is claiming that a U.S. law firm hired Indian hackers to get him fired and ruin his reputation. The hackers stole and published emails that showed the journalist planning to leave his job and start a business.
- Unlock profitable growth. Get Northbeam and discover the true impact of your marketing spend.*
*This is sponsored content.
| |
Upcoming events at Inside: - October 14 - Learn how leaders from Slack, Shopify, and Stripe are improving developer productivity, workflow, and collaboration in their engineering orgs. (Register Here) *
- October 19 - AMA with Zecca Lehn (Responsibly VC) (Register Here)
- October 25 - Meet Our Fund 4, an Inside.com Summit (Register Here)
- November 02 - AMA with Bill Glenn (Executive Chairman at Crenshaw Associates) (Register Here)
- November 09 - Live AMA with Yashar Behzadi (CEO and Founder of Synthesis AI)* (Register Here)
- December 07 - Live AMA with Deividi Silva ( Head of Developer Relations at Gun.io) (Register Here)
*This is a sponsored listing.
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
Security Compass is on a mission to accelerate software time-to-market while managing risk. | |
| |
