--- title: "Cybersecurity Updates For The Week 50 of 2022 | Phish Protection" description: "Cybercriminals keep updating their techniques and do not relent in targeting big organizations every day. This week was no different in cyberspace." image: "https://phishprotection.com/og/blog/weekly-cyber-news-updates-week-50-of-2022.png" canonical: "https://phishprotection.com/blog/weekly-cyber-news-updates-week-50-of-2022/" --- Quick Answer Cybercriminals keep updating their techniques and do not relent in targeting big organizations every day. This week was no different in cyberspace. Here are this week's \[phishing\](/resources/what-is-phishing/) and data breach headlines. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fweekly-cyber-news-updates-week-50-of-2022%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20Updates%20For%20The%20Week%2050%20of%202022&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fweekly-cyber-news-updates-week-50-of-2022%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fweekly-cyber-news-updates-week-50-of-2022%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fweekly-cyber-news-updates-week-50-of-2022%2F&title=Cybersecurity%20Updates%20For%20The%20Week%2050%20of%202022 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20Updates%20For%20The%20Week%2050%20of%202022&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fweekly-cyber-news-updates-week-50-of-2022%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2022/12/spear-phishing-prevention-7755.jpg) Cybercriminals keep updating their techniques and do not relent in targeting big organizations every day. This week was no different in cyberspace. Here are this week’s [phishing](/resources/what-is-phishing/) and data breach headlines. --- ### BetMGM: A Famous Sports Betting Operator Hit by Data Breach Sports betting service BetMGM recently said that cybercriminals obtained the **personal information** of its customers in an unauthorized manner but refrained from specifying the number of users affected. According to Reuters, the incident impacted customer information like _name, contact information, hashed Social Security number, date of birth, account identifiers, and transaction information with BetMGM._ [BetMGM](https://www.reuters.com/lifestyle/sports/sports-betting-operator-betmgm-hit-by-data-breach-2022-12-21/?&web%5Fview=true)did not respond when asked how many customers were impacted by the breach, which occurred in May this year. The sports betting operator said it became aware of the matter on November 28 and has no evidence that [threat actors](/blog/threat-actors-using-phishing-as-a-service-phaas/) accessed account funds or **patron passwords**. BetMGM further added that its online operations did not get compromised. Last month, another sports-betting firm DraftKings Inc (DKNG.O), reported a **security breach** where the login information of its customers got compromised. One way to reduce the risk of a security breach due to phishing attacks is to use a [phishing protection](/) security solution, such as an email spam filter or a browser extension that can detect and block suspicious links. ### The Guardian Newspaper Targeted by a Ransomware Attack One of the world’s most popular newspapers was hit by a[ransomware attack](https://www.infosecurity-magazine.com/news/ransomware-attack-guardian/?&web%5Fview=true)which forced it to send employees home. Jim Waterson, the media editor of The Guardian, said the incident affected “part of the company’s behind-the-scenes services and **technology infrastructure**.” The newspaper staff started work from home for the remaining week, although the incident did not impact the paper’s online publishing. > “As everyone knows, a serious incident affected our IT systems and network in the past 24 hours. We believe it was a ransomware attack but are considering all possibilities,” read a statement from Anna Bateson, the Guardian Media Group CEO, and Katharine Viner, editor-in-chief. “We publish globally to our apps and website, although some internal systems are impacted. We are confident we will publish it in print tomorrow. Our IT and technology team is working to deal with various aspects of this incident, and most of our staff is working from home as they did during the pandemic.” It is unclear if the attackers took any **sensitive data** during the raid. ### Google Ad Fraud Campaign On Adult Websites Rakes in Millions in Revenue for Cybercriminals A massive ad fraud campaign used Google Ads and ‘popunders’ on adult websites and supposedly generated millions of ad impressions from stolen articles, earning the imposters an estimated $275k per month . Malwarebytes discovered the **fraud campaign** and reported it to Google, which took it down for violating policies that forbid Google Ads on adult sites. While researchers could not ascertain the campaign’s operator,[Malwarebytes](https://www.bleepingcomputer.com/news/security/google-ad-fraud-campaign-used-adult-content-to-make-millions/?&web%5Fview=true)collected evidence suggesting the threat actor is likely of Russian origin. **_‘Popunders’ and Google Ads_** The fraudsters designed advertising campaigns on adult websites and received massive traffic using **‘popunder’ ads**. The advertisements are cheap and open as ‘pop-ups’ windows in the browser, so the user cannot see them until they move or close the main browser window. Adult webcams, online dating services, and other adult content portals typically use ‘popunders.’ In the incident, the fraudster created **legitimate-looking news portals** containing scraped content from other websites and used them as ‘popunder’ advertisements. However, they overlay an iframe promoting a ‘TXXX’ adult site instead of showing the page’s content. To generate ad revenue from such popunders, the threat actors embedded a Google Ad at the webpage’s bottom, violating **Google’s advertising policies**. A click anywhere on the webpage (the user may select one of the thumbnails and watch a particular video) triggers a click on a Google ad instead. ![Spear phishing prevention](https://media.mailhop.org/phishprotection/images/2022/12/spear-phishing-prevention-7755.jpg) ### Little Rock School District Approves $250K as Ransomware Settlement To recover stolen data from its servers, the **Little Rock School District’s board** approved a[$250,000 settlement](https://www.cybersecuritydive.com/news/little-rock-school-ransomware-payment/639083/?&web%5Fview=true)for ending a recent **ransomware incident**. However, during the public board meeting, an LRSD school board member unknowingly shared the entire settlement amount. The Little Rock School District is a 21,200-student district in Arkansas and has released few details about the recent [cyberattack](https://www.bleepingcomputer.com/news/security/rackspace-confirms-play-ransomware-was-behind-recent-cyberattack/) since the December 5 meeting. However, LRSD Board President Greg Adams issued a letter to the school community saying they had reached a final agreement. > “After we confirm that we have retrieved the stolen information,” Adams wrote, “we will contact everyone whose data might be compromised.” Furthermore, everyone whose data got compromised and people potentially impacted by the incident will receive identity and credit monitoring services. “As a precautionary measure,” all district staff will receive the same services. The FBI, the Multi-State Information Sharing Analysis Center, and the [Cybersecurity](/content/cybersecurity-in-a-nutshell/) and Infrastructure Security Agency highly discourage paying any ransom amidst a cyberattack because it cannot guarantee the recovery of victims’ files. ### DarkTortilla Malware Distributed Through Phishing Sites Masquerading Grammarly and CISCO Cyble Research and Intelligence Labs (CRIL) recently detected threat Actors (TAs) distributing the **DarkTortilla malware**. DarkTortilla is a complex,\*\* NET-based malware\*\* that has been operating since 2015. Researchers say that the malware drops numerous [Remote Access Trojans (RATs)](https://www.checkpoint.com/cyber-hub/threat-prevention/what-is-remote-access-trojan/) and stealers, including AgentTesla, AsyncRAT, NanoCore, etc. Security researchers said that DarkTortilla spreads through spam emails containing **malicious attachments**. However, CRIL said that the Threat Actors (TAs) behind[DarkTortilla](https://gbhackers.com/highly-sophisticated-darktortilla-malware/?web%5Fview=true)built phishing websites to spread the malware. “We identified two phishing websites that seemed legitimate Grammarly and Cisco sites . Fake website links could reach users via online ads or [spam emails](https://www.usnews.com/360-reviews/privacy/what-spam-email-is) to infect them”, CRIL said. Technical analysis showed that the Grammarly phishing site downloaded a malicious zip file, **“GnammanlyInstaller.zip,”** when the user clicked on the “Get Grammarly” Button. Furthermore, the zip file contained a malicious cabinet file, “GnammanlyInstaller.ce9rah8baddwd7jse1ovd0e01.exe,” masquerading as a Grammarly executable. ### Stolen API Keys of Email Marketing Services Put Mobile App Users at Risk CloudSEK’s BeVigil security search engine analyzed 600 apps on the Google Play store and found 50% leaking [API (application programming interface)](https://www.ibm.com/topics/api) keys of three popular marketing and transactional email service providers. The providers included SendGrid, Mailgun, and MailChimp.[CloudSEK](https://www.infosecurity-magazine.com/news/api-keys-email-marketing-services/?&web%5Fview=true)notified all the involved entities and impacted apps about the hardcoded API keys. The leaked API keys allowed [cybercriminals](/blog/cybercriminals-are-duping-millions-of-accounts-in-the-latest-facebook-phishing-campaign/) to perform many unauthorized actions like deleting API keys, sending emails, and modifying[ two-factor authentication (2FA)](https://www.techtarget.com/searchsecurity/definition/two-factor-authentication). An API is a software that enables applications to communicate without human intervention. The API key is a **unique identifier** that helps developers, or users use to authenticate themselves to an API. CloudSEK mentioned that an examination of the three providers’ data revealed that the US topped the list with the highest number of downloads, followed by the UK, Spain, Russia, and India. Thus, the report mentions that the discovery makes 54 million mobile app users vulnerable. ![Anti phishing protection](https://media.mailhop.org/phishprotection/images/2022/12/anti-phishing-protection-7756.jpg) ### Social Blade Confirms Data Breach After Cybercriminals Post Stolen User Data Social Blade, a Social media analytics platform, confirmed it suffered a [data breach](/blog/data-breaches-how-they-impact-small-businesses/) after discovering its database was up for sale on a hacking forum. Social Blade, an analytics platform, provides statistical graphs for _YouTube, Instagram, Twitter, Twitch, Daily Motion, and Mixer accounts,_ allowing users to see estimated earnings and projects. It offers an API allowing users to **integrate the Social Blade data** into their platforms directly. After[BleepingComputer](https://www.bleepingcomputer.com/news/security/social-blade-confirms-breach-after-hacker-posts-stolen-user-data/?&web%5Fview=true)contacted Social Blade regarding the data sale, it confirmed they suffered a breach and began informing customers through **data breach notifications**. “On December 14, we got a notification regarding a potential data breach whereby a threat actor had acquired exports of our user database and attempted to sell it on a **hacker forum**,” read the data breach notification. > “We investigated the posted samples and verified they were real. It appears the cybercriminal exploited a vulnerability on our website and gained access to the database.” The data breach notification mentions that the threat actors accessed its database and stole the following information: Email addresses Password hashes Client IDs Tokens for business API users Auth tokens for connected accounts Various internal and non-personal data The notice further clarifies that no credit card information got exposed due to the security incident. ### US Leads The Group as Researchers Discover 3.5 Million Exposed IP Cameras According to recent[Cybernews](https://securityaffairs.co/139625/hacking/3-5m-ip-cameras-exposed-with-us-in-the-lead.html)research, there is a steep rise in **internet-facing IP cameras**. The research team analyzed 28 of the most popular manufacturers and found 3.5 million cameras exposed to the internet. The findings signify an eightfold increase since April 2021\. While the review period saw default security settings improve, some popular brands either offer no authentication or **default passwords**, meaning anyone can spy on the users. Interestingly, Chinese companies manufacture the majority of internet-facing cameras. And while organizations are following cosmetic security measures, security leaders warn that the Chinese government can exploit technologies produced by Chinese companies. Recently, the UK parliament asked government agencies to _stop installing Chinese equipment, including surveillance cameras, on **sensitive sites**._ ## Topics [ Announcements ](/tags/announcements/)[ Cybersecurity ](/tags/cybersecurity/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Intermediate 6m Cybersecurity Updates For The Week 41 of 2022 Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[ Intermediate 6m Cybersecurity Updates For The Week 1 of 2023 Jan 1, 2023 ](/blog/weekly-cyber-news-updates-week-1-of-2023/)[ Intermediate 6m Cybersecurity Updates For The Week 42 of 2022 Oct 28, 2022 ](/blog/weekly-cyber-news-updates-week-42-of-2022/)[ Intermediate 6m Cybersecurity Updates For The Week 43 of 2022 Nov 4, 2022 ](/blog/weekly-cyber-news-updates-week-43-of-2022/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity Updates For The Week 50 of 2022","description":"Cybercriminals keep updating their techniques and do not relent in targeting big organizations every day. This week was no different in cyberspace.","url":"https://phishprotection.com/blog/weekly-cyber-news-updates-week-50-of-2022/","datePublished":"2022-12-23T04:41:07.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2022-12-23T04:41:07.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/weekly-cyber-news-updates-week-50-of-2022/"},"articleSection":"intermediate","keywords":"Announcements, Cybersecurity","wordCount":1515,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2022/12/spear-phishing-prevention-7755.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Cybersecurity Updates For The Week 50 of 2022","item":"https://phishprotection.com/blog/weekly-cyber-news-updates-week-50-of-2022/"}]} ```