top of page
    • Dec 14, 2022

Cyber Outlook Rundown 12/14/22

Cybersecurity News

A Cybersecurity briefing on noteworthy Cyber Attacks, Vulnerabilities, and InfoSec news.

 

Noteworthy Cyber Attacks

  1. Cornerstone Payment Systems - Credit Card Processing Company Exposed 9 Million Transaction Records Online including PII and PCI https://www.websiteplanet.com/blog/cornerstone-leak-report/?&web_view=true

  2. Riverside County Hospital (California) - It was found that the Hospital exposed sensitive patient information like SSNs and the details of medical care following an incident in the fall. https://therecord.media/california-hospital-breach-exposed-patients-social-security-numbers-medical-info Two Swedish municipalities - Declare a crisis after having to shutdown all technical services affecting over 25k people due to a cyber attack on Monday. https://therecord.media/crisis-situation-declared-as-two-swedish-municipalities-hit-by-cyberattack/?web_view=true

Noteworthy Vulnerabilities

  1. Microsoft's December 2022 Patch Tuesday fixed two zero-day vulnerabilities, including an actively exploited bug, and a total of 49 flaws. Six of which are classified as 'Critical' as they allow remote code execution, one of the most severe types of vulnerabilities. https://www.bleepingcomputer.com/news/microsoft/microsoft-december-2022-patch-tuesday-fixes-2-zero-days-49-flaws/?&web_view=true

  2. Apple discovered the ninth actively exploited zero-day flaw in 2022. Security updates for iOS, iPadOS, macOS, tvOS, and Safari web browser have been released to address this. Make sure you update ASAP. https://thehackernews.com/2022/12/new-actively-exploited-zero-day.html

  3. VMware has released several recent vulnerabilities, including 2 Critical vulnerabilities yesterday alone. Monitor their advisory page and make sure you're software is patched. https://www.vmware.com/security/advisories.html

  4. SAP's Security Patch day was released including several Critical vulnerabilities. https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10

Noteworthy InfoSec News

  1. Google announced their OSV-Scanner, that offers easy access to vulnerability info for various projects, currently supporting 16 ecosystems, including all major languages, Linux distributions, Android, and OSS-Fuzz. https://github.com/google/osv-scanner


Check our Twitter and Discord Server for more information:

https://twitter.com/CyberOutlook

https://discord.com/invite/ZRMUz3Q9Uy

 

Additional sources:

  1. Full report of Microsoft's CVEs https://www.bleepingcomputer.com/microsoft-patch-tuesday-reports/December-2022.html

  2. A distributed vulnerability database for Open Source https://osv.dev/