---
title: "Cybersecurity Updates For The Week 43 of 2022 | Phish Protection"
description: "Traditional cybersecurity measures cannot protect organizations against today"
image: "https://phishprotection.com/og/blog/weekly-cyber-news-updates-week-43-of-2022.png"
canonical: "https://phishprotection.com/blog/weekly-cyber-news-updates-week-43-of-2022/"
---

Quick Answer

Traditional cybersecurity measures cannot protect organizations against today's \[phishing attacks\](/resources/7-most-common-phishing-attacks-and-learning-to-protect-against-them/) as they are getting increasingly sophisticated. Thus, enterprises must take a layered approach to \*\*prevent cyber-attacks\*\* and lessen their impact when they occur. Additionally, they can learn from the latest trends in the cyber threat landscape. Here are this week's \[phishing\](/resources/what-is-phishing/) and data breach-related headlines.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fweekly-cyber-news-updates-week-43-of-2022%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20Updates%20For%20The%20Week%2043%20of%202022&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fweekly-cyber-news-updates-week-43-of-2022%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fweekly-cyber-news-updates-week-43-of-2022%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fweekly-cyber-news-updates-week-43-of-2022%2F&title=Cybersecurity%20Updates%20For%20The%20Week%2043%20of%202022 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20Updates%20For%20The%20Week%2043%20of%202022&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fweekly-cyber-news-updates-week-43-of-2022%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2022/11/phishing-attack-prevention-9836.jpg) 

Traditional cybersecurity measures cannot protect organizations against today’s [phishing attacks](/resources/7-most-common-phishing-attacks-and-learning-to-protect-against-them/) as they are getting increasingly sophisticated. Thus, enterprises must take a layered approach to **prevent cyber-attacks** and lessen their impact when they occur. Additionally, they can learn from the latest trends in the cyber threat landscape. Here are this week’s [phishing](/resources/what-is-phishing/) and data breach-related headlines.

### 

### Twilio Blames Voice Phishing For Another Hack From June

Cloud communications provider Twilio disclosed another [data breach](https://www.kaspersky.com/resource-center/definitions/data-breach) stemming from a security incident in June 2022 , where the same cybercriminals behind the August hack accessed their customers’ information.

Twilio, referring to it as a ”[brief security incident](https://www.bleepingcomputer.com/news/security/twilio-discloses-another-hack-from-june-blames-voice-phishing/?&web%5Fview=true)” on June 29, said the threat actor used social engineering to lure employees into sharing their credentials through a **voice phishing attack**. The attackers used the stolen credentials _“to access contact information for a few customers.”_ Twilio recently revealed that they identified and eradicated the threat actor within 12 hours. Furthermore, they notified the customers whose information got impacted by the June incident on July 2, 2022 .

Twilio added that attackers behind the August breach accessed the personal data of over 209 customers and 93 Authy end users.\_ “They breached an internal non-production system using credentials stolen in an earlier SMS phishing attack.”\_ Twilio has a total customer base of over 270,000 and approximately 75 million Authy end users. After concluding the investigation, Twilio found no evidence of hackers accessing its customers’ **API keys**, console account credentials, or authentication tokens.

### Apple: iOS and macOS Flaw Might Have Allowed Apps to Eavesdrop on Your Siri Conversations

Apple recently patched a flaw in its

**iOS and macOS** operating systems which potentially enabled Bluetooth access apps to eavesdrop on Siri conversations.

_Apple said in a statement, “an app might record audio using a connected AirPods pair,”_ adding it patched the Core Bluetooth issue in the latest iOS 16.1 updates with improved entitlements.

App developer **Guilherme Rambo** discovered and reported the bug in August 2022, dubbed[SiriSpy](https://thehackernews.com/2022/10/apple-ios-and-macos-flaw-couldve-let.html?&web%5Fview=true), which later got the identifier CVE-2022-32946 .

> 

Rambo shared in a blog, “Any app with Bluetooth access can record your audio from the **iOS keyboard dictation** and conversations with Siri when you are using Beats headsets or AirPods.”

“It can happen without the app requesting you for microphone access permission and without leaving any trace that it was listening to your conversations.”

While the hack requires that the app has Bluetooth access, hackers can bypass this restriction as users granting **Bluetooth access** will not expect it to open the door to access their audio from dictation and conversations with Siri.

![Phishing attack prevention](https://media.mailhop.org/phishprotection/images/2022/11/phishing-attack-prevention-9836.jpg) 

### LinkedIn Phishing Campaign Bypasses Google Workspace Security

A [phishing email](https://www.boxphish.com/common-phishing-emails-to-look-out-for-in-2022/) reportedly from LinkedIn targeted users at a travel organization to steal their credentials on the social media platform. The email had the subject line, **“We noticed an unusual activity from your account.”**

The **phishing campaign** cheated advanced email authentication checks like **SFP** and [DMARC](https://www.dmarcanalyzer.com/dmarc/) and slipped past Google’s email security protocols, claims[Armorblox](https://www.darkreading.com/risk/linkedin-phishing-spoof-bypasses-google-workspace-security?&web%5Fview=true). The email security provider’s system in the victim enterprise discovered and stopped the phishing campaign pointing to 500 user inboxes .

> 

“The main Secure my account (call-to-action) button included in the email contained a **malicious URL** and took users to a\*\* fake landing page\*\*. The fake landing page _mimicked a genuine LinkedIn sign-in page_ and included LinkedIn logos, illustrations, and language that mirrored actual LinkedIn branding,” Armorblox shared.

### Attackers Launch a New Cryptojacking Campaign Targeting Kubernetes, Docker Cloud Servers

Researchers at **CrowdStrike** recently discovered a **global hacking campaign** targeting cloud infrastructure in service of a cryptojacking scheme. The “[Kiss-a-Dog” campaign](https://www.crowdstrike.com/blog/new-kiss-a-dog-cryptojacking-campaign-targets-docker-and-kubernetes/) dates back to September when a CrowdStrike honeypot started gathering signs of attacks targeting vulnerable _Kubernetes and Docker instances_. The name of the campaign gets inspiration from the domain name that attackers used to fetch _kiss\[.\]a-dog\[.\]top: the Python-coded malware payload._

It leverages[multiple command and control](https://www.scmagazine.com/analysis/cloud-security/researchers-uncover-cryptojacking-campaign-targeting-docker-kubernetes-cloud-servers?&web%5Fview=true)(C2) servers to evade containerized environments and get root privileges while using user and **kernel rootkits** for obfuscation, making lateral movement, creating backdoors, and persistence. After gaining a foothold in a compromised container, the attackers compiled network scanning tools to search for additional cloud servers running Kubernetes and Docker. Researchers said the ultimate goal was to harness users’ computing power for installing XMRig and **mining cryptocurrency**.

### Wisconsin School District Attacked by Snatch Ransomware Group

[The Snatch ransomware gang](https://www.scmagazine.com/brief/ransomware/wisconsin-school-district-attacked-by-snatch-ransomware-group) recently claimed responsibility for the attack against Wisconsin’s Kenosha Unified School District, which caters to over 20,000 students , according to[The Record](https://www.scmagazine.com/brief/ransomware/wisconsin-school-district-attacked-by-snatch-ransomware-group?&web%5Fview=true), a [cybersecurity firm](/) Recorded Future subsidiary.

The group did not divulge the details about the types of files or amount of data stolen in the attack. The **Kenosha Unified School District** got impacted by the attack on September 25\. However, the officials noted that the school district restored systems it had taken down as a precaution and sought assistance from a **cybersecurity firm** and law enforcement in investigating the incident.

Snatch ransomware gang’s claims on the **Kenosha Unified breach** come as the Government Accountability Office recently reported that attacks aimed at K-12 schools usually disrupt learning for three days or weeks and result in recovery times ranging from two to nine months.

### POS Malware Steals Credit Card Numbers Worth $3.3 Million

Cybercriminals used two strains of [POS (point-of-sale) malware](https://digitalguardian.com/blog/what-point-sale-pos-malware-how-it-works-and-how-protect-your-pos-system) to steal the personal details of over 167,000 credit cards from the payment terminals. If they sell the details on underground forums, the hack can net the attackers upwards of[$3.3 million.](https://www.theregister.com/2022/10/24/pos%5Fmalware%5Fcampaign%5Fsteals%5F33m/?&web%5Fview=true)

The backend C2 (command-and-control) server operating the **Treasure Hunter** and [MajikPOS malware](https://cybersecuritynews.com/majikpos/) remain active, according to Group-IB’s Said Khamchiev and Nikolay Shelekhov, and **“the victims’ number keeps growing.”**

The security firm’s researchers identified the **C2 server** in April and discovered the operators stealing payment information of numerous credit card holders from _February 2021 to September 8, 2022._ Incidentally, Americans are the majority of victims with US banks’ issued credit cards.

After discovery, the investigators handed the information to _US-based law enforcement agencies_ and a threat-sharing organization. However, they did not attribute the malware to a specific crime group. The Treasure Hunter and MajikPOS malware infect **Windows POS terminals**, scanning them to exploit the events when it reads and stores card data in plain text in memory.

Treasure Hunter performs the so-called [RAM scraping](https://securitygladiators.com/threat/ram-scraping/): it snoops over the memory of the **running processes** on the register to get the magnetic-stripe data freshly swiped by a shopper payment. MajikPOS also scans the infected PCs for credit card data.

![Phishing email prevention](https://media.mailhop.org/phishprotection/images/2022/11/phishing-email-prevention-8457.jpg) 

### Hackers Target a Cybersecurity Conference in Australia

**The AIDC** (Australian Institute of Company Directors) recently hosted an event to launch its latest **“cybersecurity governance principles”**, a widely debated topic considering the recent Medibank Private and Optus hack. The federal minister,\*\* Clare O’Neil,\*\* and Cyber Security Cooperative and Research Centre CEO, **Rachael Falk**, were among the big names supporting the launch.

No one expected that a highly debated online conference would become the victim of a hack, leaving LinkedIn and the institute’s boss **Mark Rigotti** with a PR problem. Thousands of participants began to get restless when they tried to log in for the 1 pm start of the event, and the conference did not go live on schedule.

As the waiting participants began pouring in comments, the LinkedIn chat function posted a fake[Eventbrite link](https://www.smh.com.au/national/hackers-hit-cybersecurity-conference-20221024-p5bsiq.html?&web%5Fview=true), which many users clicked. The link asked users for their credit card details, and the institute had to intervene and request participants not to open any links posted in the chat.

An **official-looking AICD link** again appeared for the event, and users tried to follow it, complaining later that it was not working. Eventually, after 30, minutes, the institute canceled the event. Rigotti said in the evening that they were unsure if any credit card details were handed over and urged affected users to contact their card issuers.

### Typosquat Campaign Spoofing 27 Brands to Push Android, and Windows Malware

A massive malicious campaign is underway, which uses over 200\*\* typosquatting domains\*\* impersonating _twenty-seven brands_ to trick users into downloading various Android and Windows malware. [Typosquatting](https://support.microsoft.com/en-us/topic/what-is-typosquatting-54a18872-8459-4d47-b3e3-d84d9a362eb0) is the method threat actors utilize to trick people into visiting fake websites by registering a similar domain name that looks like a genuine brand. The hackers used domains in the campaign closely resembling the authentic ones. They featured an **additional “s”** or a single letter position swap, making them easy for unsuspecting users to miss.

[BleepingComputer](https://www.bleepingcomputer.com/news/security/typosquat-campaign-mimics-27-brands-to-push-windows-android-malware/?&web%5Fview=true)reported that the victims end up on these websites by mistyping the site name in the browser’s URL bar, a common mistake when typing on mobile. However, users can also reach these sites if they click on embedded links in _phishing emails or SMS, malicious social media posts, direct messages_, and other ways. Some of the domains used in the campaign are:

payce-google\[.\]com, impersonates Google Wallet

snanpckat-apk\[.\]com, impersonates Snapchat

paltpal-apk\[.\]com, impersonates PayPal

m-apkpures\[.\]com, impersonates APKPure

vidmates-app\[.\]com, impersonates VidMate

tlktok-apk\[.\]link, imitates download portal for TikTok app

In all the cases, the malware attempts to download the **ERMAC APKs,** a banking trojan targeting **cryptocurrency wallets** and banking accounts from 467 apps .

## Topics

[ Announcements ](/tags/announcements/)[ Cybersecurity ](/tags/cybersecurity/)[ Phishing Awareness ](/tags/phishing-awareness/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Intermediate 6m  Cybersecurity Updates For The Week 42 of 2022  Oct 28, 2022 ](/blog/weekly-cyber-news-updates-week-42-of-2022/)[  Intermediate 6m  Cybersecurity Updates For The Week 44 of 2022  Nov 11, 2022 ](/blog/weekly-cyber-news-updates-week-44-of-2022/)[  Intermediate 5m  American Airlines Suffers Employee Email Data Breach, Personal Information at Risk  Oct 4, 2022 ](/blog/american-airlines-suffers-employee-email-data-breach-personal-information-risk/)[  Intermediate 5m  BitRAT Malware Threat Actors Leveraging Stolen Columbian Cooperative Bank Data in Phishing Campaign  Jan 18, 2023 ](/blog/bitrat-malware-threat-actors-leveraging-stolen-columbian-cooperative-bank-data-in-phishing-campaign/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity Updates For The Week 43 of 2022","description":"Traditional cybersecurity measures cannot protect organizations against today's phishing attacks as they are getting increasingly sophisticated.","url":"https://phishprotection.com/blog/weekly-cyber-news-updates-week-43-of-2022/","datePublished":"2022-11-04T03:15:30.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2022-11-04T03:15:30.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/weekly-cyber-news-updates-week-43-of-2022/"},"articleSection":"intermediate","keywords":"Announcements, Cybersecurity, Phishing Awareness","wordCount":1556,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2022/11/phishing-attack-prevention-9836.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Cybersecurity Updates For The Week 43 of 2022","item":"https://phishprotection.com/blog/weekly-cyber-news-updates-week-43-of-2022/"}]}
```