December | 2022 | OSG: Bits, Bytes and Packets

Skip navigation

Monthly Archives: December 2022

LastPass breach update: Are you following their best practices? If not (and possibly if even so), might be time to update passwords

December 22, 2022 – 5:15 pm
Posted in Attacks, Cloud, Computers and Internet, Cyber security, HAck, Privacy Alert, Technology
Tagged Best Practices, LastPass
Leave a Comment

Notice of Recent Security Incident

Okta breach results in source code stolen from their private GitHub repositories

December 22, 2022 – 4:54 pm
Posted in Cloud, Computers and Internet, Cyber security, HAck, Technology
Tagged Bleepingcomputer.com, Github, IAM, MFA, Okta, Source Code
Leave a Comment

https://www.bleepingcomputer.com/news/security/oktas-source-code-stolen-after-github-repositories-hacked/

HHS warns hospitals about ROYAL Ransomware attacks

December 16, 2022 – 3:18 pm
Posted in Attacks, Business Continuity, Computers and Internet, Cyber security, HAck, Malware, Privacy Alert, ransomware
Tagged 202212071400, HHS, Royal Ransomware
Leave a Comment

Click to access royal-ransomware-analyst-note.pdf

Former Twitter employee found guilty for spying on behalf of Saudi Arabia

December 16, 2022 – 3:13 pm
Posted in Computers and Internet, Cyber security, Fraud, Insider threat, Technology
Tagged thehackernews.com, Twitter
Leave a Comment

https://thehackernews.com/2022/12/ex-twitter-employee-gets-35-years-jail.html

CISA: Vulnerabilities in Veeam Backup and Replication are being exploited

December 16, 2022 – 2:50 pm
Posted in Attacks, Business Continuity, CISA, Computers and Internet, Cyber security, Disaster Recovery, Dont wait, Exploit Warning, Patch Available, Technology, Vulnerability
Tagged CVE-2022-26500, CVE-2022-26501, TCP Port 9380, thehackernews.com, Veeam, Veeam Distribution Service
Leave a Comment

https://thehackernews.com/2022/12/cisa-alert-veeam-backup-and-replication.html

FBI program Infragard hacked and membership data leaked. Hackers are said to be communicating through the portal to members

December 14, 2022 – 11:25 am
Posted in Attacks, Community, Computers and Internet, Cyber security, FBI, HAck, Privacy Alert, Social Engineering, Supply Chain Attack
Tagged Infragard, krebsonsecurity.com, PII
Leave a Comment

https://krebsonsecurity.com/2022/12/fbis-vetted-info-sharing-network-infragard-hacked/

SSL-VPN zero-day vulnerability

December 13, 2022 – 1:47 pm
Posted in Attacks, Computers and Internet, Cyber security, HAck, Outage, Patch Available, Technology, VPN, Vulnerability, Zero Day
Tagged CWE-122, SSL-VPN
Leave a Comment

Anyone else seeing other impacted products? What else is vulnerable to ” heap-based buffer overflow vulnerability [CWE-122]”

Bad actors “actively” exploiting Zero-Day vulnerability in Citrix ADC/Gateway. Citrix releases patch.

December 13, 2022 – 12:14 pm
Posted in Attacks, Computers and Internet, Cyber security, Exploit Warning, HAck, Patch Available, Technology, Vulnerability, Zero Day
Tagged Bleepingcomputer.com, Citrix, Citrix ADC, CVE-2022-27518
Leave a Comment

https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-citrix-adc-and-gateway-zero-day-patch-now/

PSIRT Advisory: Patch FortiOS SSL-VPN ASAP

December 13, 2022 – 10:59 am
Posted in Attacks, Breaking, Computers and Internet, Cyber security, Exploit Warning, HAck, Patch Available, Technology, VPN, Vulnerability
Tagged CVE-2022-42475, Fortigate, FortiGuard Labs Research, Fortinet, FortiOS SSL-VPN, heap-based buffer overflow, RCE
Leave a Comment

https://www.fortiguard.com/psirt/FG-IR-22-398

Microsoft Edge and Webview2 Runtime goes End of Support in January, 2023 for Windows 7 ,Windows 8.x

December 9, 2022 – 3:36 pm
Posted in Computers and Internet, Cyber security, End of Life, Microsoft, Technology
Tagged Bleepingcomputer.com, Microsoft Edge, Webview2 Runtime, Windows 7, Windows 8, Windows 8.1
Leave a Comment

https://blogs.windows.com/msedgedev/2022/12/09/microsoft-edge-and-webview2-ending-support-for-windows-7-and-windows-8-8-1/