With the disruption, loss of life and heartbreaking images that the Russia-Ukraine conflict has produced, it is easy to overlook what it has meant to the cyber threat landscape. Even threat actors have taken sides.
Throughout 2022, the theft of user credentials continued to blanket the threat landscape. A recent example that illustrates both the simplicity and depth of this tactic is the Uber breach by threat actor Teapot, which bought the illegally harvested user credentials on the Darknet Marketplace (DNM).
After a week of speculation about OpenSSL vulnerabilities, the OpenSSL project disclosed two new CVEs to address buffer overrun vulnerabilities in its cryptographic library that could trigger crashes or lead to remote code execution (RCE).