--- title: "Cybersecurity Updates For The Week 34 of 2022 | Phish Protection" description: "Cybersecurity Updates For The Week 34 of 2022: Staying updated on cybersecurity news means not just knowing about the latest data breaches. It also requires." image: "https://phishprotection.com/og/blog/cybersecurity-updates-week-34-2022.png" canonical: "https://phishprotection.com/blog/cybersecurity-updates-week-34-2022/" --- Quick Answer Staying updated on cybersecurity news means not just knowing about the latest data breaches. It also requires understanding the steps organizations take to \*\*minimize the effects\*\* of a data breach. Furthermore, it helps s Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-week-34-2022%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20Updates%20For%20The%20Week%2034%20of%202022&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-week-34-2022%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-week-34-2022%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-week-34-2022%2F&title=Cybersecurity%20Updates%20For%20The%20Week%2034%20of%202022 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20Updates%20For%20The%20Week%2034%20of%202022&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-week-34-2022%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2022/09/phishing-prevention-7936.jpg) Staying updated on cybersecurity news means not just knowing about the latest data breaches. It also requires understanding the steps organizations take to **minimize the effects** of a data breach. Furthermore, it helps s ecurity managers and CISOs ensure their teams are aware and **well-informed** of emerging threats. Following are the latest trends in the cybersecurity threat landscape covering [phishing](/resources/what-is-phishing/), data breaches and other cyber threats. ### France: Cyberattack on a Hospital Center, its Services Severely Disrupted The Corbeil-Essonnes located South Francilien Hospital Center (CHSF) became the victim of a cyberattack **seriously disrupting** its activity, a press release from the establishment said. The Center shifted some patients to public hospitals in Île-de-France. The attack made most of the hospital’s [business software](https://www.techopedia.com/definition/24067/business-software) **inaccessible**, including the information system and the storage systems (medical imaging) related to patient admissions. According to sources, [threat actors](/phishing-awareness/threat-actors-breach-reddit-and-access-internal-documents-code-and-business-systems) demanded a ransom of 10 million dollars from the hospital center. The hospital **quickly seized** the[National Authority for the Security and Defense of Information Systems (ANSSI)](https://www.tellerreport.com/tech/2022-08-22-essonne--a-hospital-center-targeted-by-a-cyberattack--its-services-severely-disrupted.BJzSzR6x1j.html?&web%5Fview=true)about the crisis and the measures it had taken to take charge of the patients. Patients requesting access to the technical platform were **redirected** to the public hospitals in Ile-de-France. Those arriving at the emergency room were assessed and sent to the Sud Francilien hospital’s medical care center. The medico-technical services (medical biology) were working in a [degraded mode](https://www.dataclinic.co.uk/what-is-degraded-mode/) for patients hospitalized at the CHSF. The establishment said the situation “can have a **significant impact** on the operating room’s activity.” ### Google: Iranian Hackers Using Latest Tool to Steal Emails From Targets Charming Kitten, the **state-sponsored** Iranian hacking group, is using a **new tool** to download emails from targeted Microsoft Outlook, Gmail and Yahoo accounts. They are using the **Hyperscraper utility**, and like most threat actor tools, it is not very sophisticated.[In a recent technical report, Google’s Threat Analysis Group (TAG](https://www.bleepingcomputer.com/review/gaming/google-iranian-hackers-use-new-tool-to-steal-email-from-victims/?&web%5Fview=true)) shared that Hyperscraper’s functionality is under active development . According to TAG, the Iranian-backed group is also known as Phosphorus and APT35, and the earliest sample dates from 2020\. The researchers analyzed Hyperscraper using a **test Gmail account**, with the following findings: Hyperscraper is an instrument that helps [malicious actors](/phishing/malicious-actors-exploit-commenting-feature-in-google-docs-to-send-phishing-emails) steal **email data** and save it on their computers after accessing the victim’s email account. It has an [embedded browser](https://wpewebkit.org/about/what-is-embedded.html) that **spoofs the user agent** and offers the Gmail account’s basic HTML view. After logging in, the tool modifies the account’s language to English and iterates through the inbox contents, **downloading messages as .eml files** individually and marking them unread . After the exfiltration, Hyperscraper restores the language settings to the original and **deletes the security alerts** from Google. ![Phishing prevention](https://media.mailhop.org/phishprotection/images/2022/09/phishing-prevention-7936.jpg) ### Greek Gas Operator Refuses Negotiation With Ransomware Group After Cyberattack [DESFA](https://therecord.media/greek-gas-operator-refuses-to-negotiate-with-ransomware-group-after-attack/?web%5Fview=true), Greece’s national natural **gas operator**, confirmed that it became the target of a cyberattack, but it **will not negotiate** with the attackers. DESFA is responsible for developing, exploiting, operating and managing Greece’s natural gas system. The [ransomware](/resources/ransomware-attack-why-organizations-pay-ransom) group Ragnar Locker added the DESFA to its leak site and mentioned that **no one had responded** to their demands. Furthermore, DESFA confirmed the impact on the availability of a few systems and the **leakage** of some directories and files. > The company’s statement read, “We have **managed** to continue the operation of the NNGS (National Natural Gas System) reliably and safely. NNGS management **continues to operate efficiently** DESFA will continue to supply natural gas on the country’s all entry and exit points safely and adequately.” Furthermore, it added that “DESFA will remain firm in its non-negotiating position with [cybercriminals](https://thehackernews.com/2023/03/cybercriminals-targeting-law-firms-with.html).” After the attack, DESFA **deactivated** most of its IT services and is slowly bringing everything back on. ### Experts Find Backdoors in Budget Android Devices that Target Whatsapp and Whatsapp Business Apps [Doctor Web](https://securityaffairs.co/wordpress/134735/malware/counterfeit-versions-mobile-devices-target-whatsapp.html?web%5Fview=true)researchers recently discovered **backdoors** in the system partition of budget Android devices and counterfeit versions of famous models. The [malware](/content/protection-against-malware/how-to-prevent-malware-attacks) targets WhatsApp and WhatsApp Business apps and allows attackers to conduct various **malicious activities** like: - \_ Interception of chats. - \_ Theft of confidential information. - \_ Execute spam campaigns and various scam schemes. According to Doctor Web, these are not the **sole risk factor** for users. These devices claim they have installed a secure and modern Android OS version, which is far from the truth. They run an **obsolete Android version**, subject to various vulnerabilities. The experts noticed that the affected devices **mimicked** famous brand-name models; their names were similar to models produced by popular manufacturers. However, they were running **outdated** [Android](https://www.financialexpress.com/photos/technology-gallery/820361/android-o-list-of-smartphones-which-will-get-the-oreo-check-if-your-mobile-is-on-the-list/) OS versions (Android 4.4.2) instead of installing the latest OS versions. ### Estonia Says it Thwarted a Major Cyber-Attack After Removing Soviet Monuments After it removed several **Soviet monuments** in an ethnic Russian majority, Estonia said they have repelled “the most extensive cyber-attack since 2007.”[Russian hacker group Killnet](https://www.reuters.com/world/europe/estonia-says-it-repelled-major-cyber-attack-after-removing-soviet-monuments-2022-08-18/?&web%5Fview=true)stated on its Telegram account that it had **denied access** to over 200 state and private Estonian institutions, like the online citizen identification system and claimed responsibility for the attack. Killnet, which claimed to execute a **similar attack** against Lithuania in June, mentioned it acted after Estonia moved a Soviet Tu-34 tank from public display in the Narva town to a museum. _In a [DDoS attack](https://www.comptia.org/content/guides/what-is-a-ddos-attack-how-it-works), attackers flood a network with **high data traffic volumes** to paralyze it so it cannot cope with the scale of requested data._ Estonia started taking [phishing protection](/) measures in 2007 after suffering extensive attacks on **private and public websites** that it blamed on Russians. It said they were angry at removing a Soviet-era statue, The Red Army monument, that was moved from a Tallinn square. The incident followed **two nights of riots** by ethnic Russians. The Estonian government had ordered the **swift removal** of all public Soviet memorials in Narva, the majority Russian-speaking town, citing rising tensions and accusing Russia of **exploiting the past** to divide Estonian society. ![How to prevent phishing](https://media.mailhop.org/phishprotection/images/2022/09/how-to-prevent-phishing-6846.jpg) ### LockBit Leaks Data from a Data Breach on Security Giant Entrust Starting in early June,[Entrust](https://www.bleepingcomputer.com/news/security/lockbit-claims-ransomware-attack-on-security-giant-entrust-leaks-data/)began telling its customers that they had suffered a data breach and data got stolen from **internal systems**. > The communique from the company said, “As we continue our investigations, we **will directly contact** you if there is information which we think will affect the security of **services** and products we offer to your organization.” Entrust claimed that while investigations were ongoing, there was no indication that the [data breach](/phishing/data-breaches-how-they-impact-small-businesses) affected the security or operation of their products and services. _They run in [air-gapped](https://www.techopedia.com/definition/17037/air-gap), separate environments from their internal systems and are **completely operational**._ However, the ransomware group LockBit recently created a dedicated [data leak](https://cybernews.com/security/toyota-customer-data-leak/) webpage for Entrust, stating they will publish all the stolen files soon. When ransomware groups publish data on their **data leak websites**, they usually leak it over time to **scare the target** into returning to the negotiation table. Since LockBit states **they will publish** all data, it is possible that Entrust did not negotiate with the attackers or refuses to give in to their demands. ### Cisco Patches a High-Severity Bug in its Web Protection Solution Cisco recently **announced patches** for an escalation of privilege vulnerability (high-severity) in AsyncOS for the Cisco Secure Web Appliance.[Cisco’s Secure Web Appliance](https://www.securityweek.com/cisco-squashes-high-severity-bug-web-protection-solution?&web%5Fview=true), formerly Web Security Appliance (WSA), is an **enterprise protection solution** that provides application visibility and control and blocks risky websites . Tracked as [CVE-2022-20871](https://vulmon.com/vulnerabilitydetails?qid=CVE-2022-20871&scoretype=cvssv3), hackers could **remotely exploit** the newly addressed flaw to escalate privileges to root by **injecting commands**. However, it required authentication for successful exploitation. Cisco said that the **security bug** existed because of the non-validation of the user-supplied input for the [web interface](https://www.g2.com/glossary/web-user-interface-definition). After authenticating to the system and forwarding a crafted **HTTP packet** to the targeted device, the cybercriminal could easily exploit the vulnerability. _A successful exploit allowed the cybercriminal to execute arbitrary commands and elevate privileges to root._ Cisco confirmed that it had **resolved the vulnerability** with the AsyncOS for the Secure Web Appliance 14.5.0-537 release and planned to release the 12.5 and 14.0 **updated versions** of the appliance. ### 35 “Clearly Malicious” Apps Found in the Google Play Store Researchers warned that over two million Android users had downloaded a few malicious apps that **bypassed security** protections and got into the Google Play app store. After installation, the apps used malicious techniques to hide from the victim to avoid getting removed while bringing up **malicious ads** that link directly to malware. [Cybersecurity](/) researchers at Bitdefender discovered 35 “clearly malicious” apps in the **Google Play store**, many of which tricked victims into downloading them. If users[download any apps](https://www.bitdefender.com/blog/labs/real-time-behavior-based-detection-on-android-reveal-dozens-of-malicious-apps-on-google-play-store), researchers recommend they **immediately find and delete them**. Some malicious apps like Image Warp Camera, Personality Charging Show, and Animated Sticker Finder got downloaded over 100,000 times . ### Protect Your Organization - [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/) - [See how Phish Protection blocks threats in real time](/anti-phishing-tools/) ## Topics [ Announcements ](/tags/announcements/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Intermediate 5m Cybersecurity Updates For The Week 33 of 2022 Aug 22, 2022 ](/blog/cyber-security-news-update-week-33-2022/)[ Intermediate 6m Cybersecurity Updates For The Week 41 of 2022 Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[ Intermediate 5m Cybersecurity Updates For The Week 1 of 2021 Jan 1, 2021 ](/blog/cybersecurity-updates-for-the-week-1-of-2021/)[ Intermediate 6m Cybersecurity Updates For The Week 1 of 2022 Jan 7, 2022 ](/blog/cybersecurity-updates-for-the-week-1-of-2022/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity Updates For The Week 34 of 2022","description":"Cybersecurity Updates For The Week 34 of 2022: Staying updated on cybersecurity news means not just knowing about the latest data breaches. It also requires.","url":"https://phishprotection.com/blog/cybersecurity-updates-week-34-2022/","datePublished":"2022-09-01T04:35:52.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2022-09-01T04:35:52.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-week-34-2022/"},"articleSection":"intermediate","keywords":"Announcements","wordCount":1485,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2022/09/phishing-prevention-7936.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Cybersecurity Updates For The Week 34 of 2022","item":"https://phishprotection.com/blog/cybersecurity-updates-week-34-2022/"}]} ```