Internet Security Week – Edition No. 102

In issue #102 of Internet Security Week , Windows 10 vulnerability, new techniques used in malware, millennium bug, Linux vulnerability and more.

News

Vulnerability in Windows 10 allows you to gain administrator privileges

In the first update package released by Microsoft this year for its products, the company fixed 97 vulnerabilities and six zero-day flaws. Of the total flaws fixed, 41 were elevation of privilege vulnerabilities.

By Juan Manuel Harán in We Live Security

Malware uses new techniques to create persistence in systems

An indicator that threat actors continually change tactics and update defensive techniques against detection could be confirmed by researchers at cybersecurity firm Sophos when tracking the hacker group that operates SolarMarker, an information stealer and backdoor that has been using sneaky Windows “Registry” tricks to establish long-term persistence on compromised systems.

In CISO Advisor

“New millennium bug” and Trojans are January’s main threats

February has already begun, and with that security companies, such as ISH Tecnologia, are beginning to release their reports on the most detected threats during the previous month, in this case, January. And the first cycle of 2022 in Brazil had as its main security failure an attack very similar to the famous “millennium bug”.

By Dácio Castelo Branco on Canaltech

Wi-Fi 6 and 5G: new opportunities and more advantages

The 5G network, expected to start operating in the first quarter of 2022 in Brazilian capitals, brings with it the promise of a world of possibilities in internet access, with new opportunities and more advantages.

By Kelvin Zimmer on Lumiun Blog

If your passwords have these characteristics, it's time to change them!

Passwords are the first line of defense to protect everyone online: emails, banking, shopping, social networks and countless systems that process work, financial, family and personal information.

By Nathalia Sica in Kaspersky Daily

Microsoft blocked billions of brute force and phishing attacks last year

Office 365 and Azure Active Directory (Azure AD) customers were targets of billions of phishing emails and brute force attacks successfully blocked last year by Microsoft.

By Sergiu Gatlan in Bleeping Computer

PwnKit: new Linux vulnerability gives root access to major distributions

Experts discovered a vulnerability in Polkit, a component that controls systems with all the privileges present in most Linux distributions. This component relies on pkexec, a tool that allows an unprivileged user to execute commands as if they were another user with maximum privileges.

By Juan Manuel Harán in We Live Security

Most targeted sectors: finance, retail, dealerships

Trellix, the company that resulted from the merger of McAfee and FireEye, today released its “Advanced Threat Research Report: January 2022”, containing an analysis of the behavior and activity of cyber criminals and their threats in the third quarter of 2021.

In CISO Advisor

1 in 4 Brazilian companies suffered cyber attacks in 12 months

Phishing, viruses, ransomware and vishing were the most recurrent cyber attacks in the last 12 months. And they reached 26% of Brazilian companies, according to the 1st BugHunt National Information Security Survey, carried out by the BugHunt platform.

By Roseli Andrion on FreeGameGuide

Microsoft releases quarterly cyber threat report

Microsoft has just released Cyber Signals, a summary of cyber threat intelligence based on the latest data and investigations from the technology company. This content, which will be released quarterly, provides an expert perspective on the current threat landscape, focusing on trending tactics, techniques, and strategies used by the world's most sophisticated threat actors.

In Microsoft News