---
title: "Cybersecurity Updates For The Week 45 of 2022 | Phish Protection"
description: "Cybersecurity Updates For The Week 45 of 2022: You may hardly find an industry today that is not impacted by phishing attacks . Threat actors don"
image: "https://phishprotection.com/og/blog/weekly-cyber-news-updates-week-45-of-2022.png"
canonical: "https://phishprotection.com/blog/weekly-cyber-news-updates-week-45-of-2022/"
---

Quick Answer

You may hardly find an industry today that is not impacted by \*\*phishing attacks\*\*. Threat actors don't spare anyone, be it a typical internet user or an organization with thousands of employees. This is why it is crucial to keep yourself updated about how these attacks happen to ensure you or your organization does not end up being a victim of such \[cyber threats\](https://www.upguard.com/blog/cyber-threat). Here are threat week headlines that cover how threat actors exploit vulnerabilities and target your information

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fweekly-cyber-news-updates-week-45-of-2022%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20Updates%20For%20The%20Week%2045%20of%202022&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fweekly-cyber-news-updates-week-45-of-2022%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fweekly-cyber-news-updates-week-45-of-2022%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fweekly-cyber-news-updates-week-45-of-2022%2F&title=Cybersecurity%20Updates%20For%20The%20Week%2045%20of%202022 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20Updates%20For%20The%20Week%2045%20of%202022&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fweekly-cyber-news-updates-week-45-of-2022%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2022/11/spear-phishing-protection-7748.jpg) 

You may hardly find an industry today that is not impacted by **phishing attacks**. Threat actors don’t spare anyone, be it a typical internet user or an organization with thousands of employees. This is why it is crucial to keep yourself updated about how these attacks happen to ensure you or your organization does not end up being a victim of such [cyber threats](https://www.upguard.com/blog/cyber-threat). Here are threat week headlines that cover how threat actors exploit vulnerabilities and target your information assets.

### Malicious Actors Exploit Aiphone Intercom System Vulnerability to Open Doors

**Aiphone** is the world’s largest intercom systems manufacturer and also makes video and audio entry systems for corporate and residential buildings. Last week, researchers at[Promon](https://www.securityweek.com/aiphone-intercom-system-vulnerability-allows-hackers-open-doors?&web%5Fview=true), a Norwegian application security firm, published a report that suggests an Aiphone intercom products vulnerability that potentially allows hackers to breach the system using an **NFC tag** and access the buildings. They tracked the security bug as **CVE-2022-40903**, describing it as an information disclosure vulnerability.

Promon suggests that the bug allows threat actors to “use a mobile with NFC capability to execute a [brute-force attack](https://www.usnews.com/360-reviews/privacy/what-is-brute-force-attack) on the entry system to find the admin password. The system allows attackers with network access to try all possible **four-digit code combinations** and discover the admin passcode,” Promon said. Attackers need a modification app to execute the attack (a custom NFC host-based emulation app mimicking the official administrative tool’s behavior.)

After knowing the administrator passcode, the threat actors use it to update the system with a new NFC tag (by injecting the mobile’s serial number) to gain access into the building. Thus the attackers get the code in plain text that they **punch into the keypad** and an NFC tag that they can use to enter the building\_ without touching any buttons\_.

### Australia Considers Banning Ransom Payments to Cyber Criminals

**Clare O’Neil**, Australia’s Home Affairs Minister, said the government is considering making paying ransoms to cyber attackers illegal following recent cyber-attacks that affected millions of Australians. **Medibank Private Ltd** (MPL.AX), Australia’s biggest health insurer, suffered a massive cyber-attack last month as Australia grappled with a rise in hacks. Earlier in September, along with at least eight other organizations, Australia’s second-largest telco Optus was breached.

The comments come after O’Neil recently formalized the latest **cyber-policing model** between the Australian Signals Directorate and the Australian Federal Police (AFP) to accomplish **“new tough policing”** on cybercrime. The partnership between the two federal agencies will have around[100 officers](https://www.reuters.com/technology/australia-consider-banning-paying-ransoms-cyber-criminals-2022-11-12/?&web%5Fview=true)and act as a joint standing operation against threat actors.

The task force will “day in and day out, hunt down the adversaries responsible for the malicious crimes,” she said. **Prime Minister Anthony Albanese** had previously mentioned the government was doing everything to limit the impact of the Medibank cyber-attack and had set up a dedicated phone service for the affected customers seeking help from the government and Medibank.

![Spear phishing protection](https://media.mailhop.org/phishprotection/images/2022/11/spear-phishing-protection-7748.jpg) 

### New Phishing Campaign Spoofing Spain’s Tax Agency

A brand new phishing campaign came to light in Spain, in which scammers posed as **Agencia Tributaria**, the Spanish Tax Agency. The[phishing attempt](https://blog.avast.com/phishing-spain-tax-agency?&web%5Fview=true)begins when the victim receives a fraudulent SMS notifying them about a supposed reimbursement for which they are eligible.

According to the SMS, they must fill out a form on the agency’s website to **receive the refund**. When the user opens the link, it redirects them to a webpage that looks like the Tax Agency’s official website, asking them for their _credit card details, including the PIN and CVV codes._

Aware users can note that while the [malicious website](https://www.mimecast.com/blog/what-are-malicious-websites/) mimics the agency’s actual website, it **lacks functionality**. For example, users can not change the website’s language, although there is an option. When the user enters the credit card info, it appears that the site processes it.

Finally, the site asks victims to enter an OTP that they’re supposed to receive through SMS (the victim never gets it) or open their mobile banking app to receive a reimbursement notification. Of course, there are no notifications or SMS codes, and these are both parts of the [phishing attack](/resources/7-most-common-phishing-attacks-and-learning-to-protect-against-them/) at work.

### The US Health Dept Issues Warning About Venus Ransomware Targeting Healthcare Organizations

The US Department of **Health and Human Services (HHS)** says that[Venus ransomware](https://www.bleepingcomputer.com/news/security/us-health-dept-warns-of-venus-ransomware-targeting-healthcare-orgs/?&web%5Fview=true)attacks target the country’s healthcare organizations. Health Sector Cybersecurity Coordination Center (HC3) recently issued an analyst note mentioning that it discovered at least one incident of Venus ransomware targeting the US healthcare organization’s network. However, the report mentions no confirmed data leak website where attackers deploying Venus ransomware publish **stolen data online**.

“HC3 discovered at least one healthcare entity in the **US falling victim** to Venus ransomware recently,” says the report. ”

The Venus ransomware operators do not operate as a [ransomware-as-a-service (RaaS)](https://www.crowdstrike.com/cybersecurity-101/ransomware/ransomware-as-a-service-raas/) model, and we are unaware of the existence of any associated data leak site (DLS).” The Venus ransomware attack operators hack into the victims’ publicly-exposed Remote Desktop services and encrypt Windows devices.

### Famous UK Motor Racing Circuit Suffers a Ransomware Attack

A famous motor racing circuit in the UK is investigating a ransomware attack after a threat group added it to the victim’s list this week.

“We are aware of the development and investigating the matter,” Silverstone Circuit’s spokesperson said. **Silverstone Circuit** is among the most popular racing circuits in the UK ( hosting the British Grand Prix since 1950).

The Royal ransomware gang took credit for the alleged cyber incident. The[British Racing Drivers’ Club](https://therecord.media/popular-uk-motor-racing-circuit-investigating-ransomware-attack/?web%5Fview=true)(BRDC) operates the circuit, which hosts numerous motorcycle events and Formula One races.

> 

**Brett Callow**, a threat analyst at Emsisoft, said that the Royal ransomware group is a new gang that follows the **encrypt-and-exfiltrate model**. “The ransomware is secure, meaning we cannot break its encryption,” Callow said. Another security researcher added that while the group is new, it likely consists of experienced hackers who worked as ransomware groups’ affiliates previously.

![Prevent spear phishing](https://media.mailhop.org/phishprotection/images/2022/11/prevent-spear-phishing-7750.jpg) 

### Spymax RAT Malware Targets Indian Defense Personnel

[Cyfirma](https://cyware.com/news/spymax-rat-targets-indian-defense-personnel-52ba7297), an External threat landscape management firm, reported that a **malicious Android package** targeted Indian defense personnel for a while. The cybercriminals used a **Spymax RAT malware** variant and controlled the victims’ devices. Cyfirma says the campaign has been active since at least July 2021 . The attackers share an APK file with the victim, masquerading as a promotion letter and promising them the **‘Subs Naik’** rank.

After installing, the app shows a lookalike **Adobe Reader icon** and asks for multiple permissions like storage, microphone, camera, and internet. The source code of the Spymax RAT variant that the threat actors used is available in underground forums. They circulated a _WhatsApp message_ containing a Google Drive link with a PDF file listing Indian defense personnel recently promoted to higher ranks.

As the campaign has been active for some time and is _targeting security personnel_, researchers suspect it is the act of a nation-state actor attempting to **steal confidential information**. However, based on the gathered data, they cannot attribute the campaign to a specific nation-state threat actor.

### A DDoS Attack Brings Down Mississippi Election Websites

Several Mississippi state websites got[knocked offline](https://therecord.media/mississippi-election-websites-knocked-out-by-ddos-attack/?web%5Fview=true)during the recent midterm election, making it the day’s most significant digital disruption. A federal official warned that we could expect more as we count ballots.

> 

The Mississippi secretary of state’s office said, “An abnormally large traffic volume increase because of [DDoS](https://www.imperva.com/learn/ddos/denial-of-service/#:~:text=DDoS%20meaning%3A%20What%20is%20DDoS,target%20website%20with%20fake%20traffic.) \[distributed denial-of-service\] activity led to the periodic inaccessibility of the public-facing side of our websites.”

“We want to remain clear and reassure Mississippians that the election system was not compromised.” A senior **CISA** (Cybersecurity and Infrastructure Security Agency) official confirmed the attack before the statement.

“We are chatting with them for several hours now and working with the vendors to put the mitigations in place,” the official told reporters. In a Telegram post, a **pro-Russian threat group** took credit for the cyberattack, which did not interfere with the voting or counting processes.

### A Deloitte Employee Masterminds Hacking Attacks on British Businesses

A[report](https://www.business-standard.com/article/companies/deloitte-s-india-office-employee-masterminds-global-hack-says-report-122110600787%5F1.html?&web%5Fview=true)mentioned that one of Deloitte India’s office employees was the mastermind behind a computer hacking gang that targeted _British businesses, journalists, and government officials_. The Deloitte employee, **Arvind Jain**, has been running a computer hackers’ network for the past seven years. British private detectives hired them to steal the email inboxes of the targets using ”[phishing](/resources/what-is-phishing/)” techniques.

> 

“India deals with the issue with a light touch. There is a need to strengthen the legal framework. After the Covid pandemic, cyber crime’s golden age has begun,” says Pawan Duggal, Founder, and Chairman of the International Commission on **Cyber Security Law**.

## Topics

[ Announcements ](/tags/announcements/)[ Cybersecurity ](/tags/cybersecurity/)[ Phishing ](/tags/phishing/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Intermediate 6m  Cybersecurity Updates For The Week 41 of 2022  Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[  Intermediate 6m  Cybersecurity Updates For The Week 1 of 2023  Jan 1, 2023 ](/blog/weekly-cyber-news-updates-week-1-of-2023/)[  Intermediate 6m  Cybersecurity Updates For The Week 44 of 2022  Nov 11, 2022 ](/blog/weekly-cyber-news-updates-week-44-of-2022/)[  Intermediate 5m  American Airlines Suffers Employee Email Data Breach, Personal Information at Risk  Oct 4, 2022 ](/blog/american-airlines-suffers-employee-email-data-breach-personal-information-risk/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity Updates For The Week 45 of 2022","description":"Cybersecurity Updates For The Week 45 of 2022: You may hardly find an industry today that is not impacted by phishing attacks . Threat actors don't spare.","url":"https://phishprotection.com/blog/weekly-cyber-news-updates-week-45-of-2022/","datePublished":"2022-11-18T06:00:45.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2022-11-18T06:00:45.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/weekly-cyber-news-updates-week-45-of-2022/"},"articleSection":"intermediate","keywords":"Announcements, Cybersecurity, Phishing","wordCount":1453,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2022/11/spear-phishing-protection-7748.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Cybersecurity Updates For The Week 45 of 2022","item":"https://phishprotection.com/blog/weekly-cyber-news-updates-week-45-of-2022/"}]}
```