Internet Safety Week – Edition No. 102

In edition #102 of Internet Security Week , we cover vulnerabilities in Windows 10, new techniques used in malware, the Y2K bug, vulnerabilities in Linux, and much more.

News

Vulnerability in Windows 10 allows users to gain administrator privileges.

In the first update package released by Microsoft this year for its products, the company fixed 97 vulnerabilities and six zero-day flaws. Of the total flaws fixed, 41 were privilege escalation vulnerabilities.

By Juan Manuel Harán in We Live Security

Malware uses new techniques to create persistence in systems.

One indicator that threat actors continually change tactics and update defensive techniques against detection was confirmed by researchers at the cybersecurity firm Sophos when tracking the hacker group operating SolarMarker, an information stealer and backdoor that has used stealthy tricks of the Windows "Registry" to establish long-term persistence on compromised systems.

In CISO Advisor

"New millennium bug" and Trojan horses are the main threats in January.

February has already begun, and with it, security companies, such as ISH Tecnologia, are starting to release their reports on the most detected threats during the previous month, in this case, January. And the first cycle of 2022 in Brazil had as its main security flaw an attack very similar to the famous "millennium bug".

By Dácio Castelo Branco on Canaltech

Wi-Fi 6 and 5G: new opportunities and more advantages

The 5G network, expected to begin operating in the first quarter of 2022 in Brazilian capitals, promises a world of possibilities in internet access, with new opportunities and greater advantages.

By Kelvin Zimmer on Lumiun Blog

If your passwords have these characteristics, it's time to change them!

Passwords are the first line of defense for protecting all aspects of online life: emails, banking, shopping, social media, and countless systems that process work, financial, family, and personal information.

By Nathalia Sica in Kaspersky Daily

Microsoft blocked billions of brute-force and phishing attacks last year.

Microsoft's Office 365 and Azure Active Directory (Azure AD) customers were targeted by billions of phishing emails and brute-force attacks last year.

By Sergiu Gatlan at Bleeping Computer

PwnKit: New Linux vulnerability grants root access in major distributions.

Experts have discovered a vulnerability in Polkit, a component that controls systems with full privileges present in most Linux distributions. This component includes pkexec, a tool that allows a user without privileges to execute commands as if they were another user with maximum privileges.

By Juan Manuel Harán in We Live Security

Most targeted sectors: finance, retail, dealerships

Trellix, the company resulting from the merger of McAfee and FireEye, today released its "Advanced Threat Research Report: January 2022," containing an analysis of the behavior and activity of cybercriminals and their threats in the third quarter of 2021.

In CISO Advisor

One in four Brazilian companies suffered cyberattacks in the last 12 months.

Phishing, viruses, ransomware, and vishing were the most frequent cyberattacks in the last 12 months. And they affected 26% of Brazilian companies, according to the 1st National BugHunt Information Security Survey, conducted by the BugHunt platform.

By Roseli Andrion on Canaltech

Microsoft releases quarterly report on cyber threats.

Microsoft has just released Cyber Signals, a summary of cyber threat intelligence based on the tech giant's latest data and research. This content, which will be released quarterly, provides expert insight into the current threat landscape, focusing on trending tactics, techniques, and strategies used by the world's most sophisticated threat actors.

In Microsoft News