It was a big year for cybersecurity in 2022 with massive cyberattacks and data breaches, innovative phishing attacks, privacy concerns, and of course, zero-day vulnerabilities.
Some stories, though, were more popular with our readers than others.
Below are the ten most popular stories at BleepingComputer during 2022, with a summary of each.
Russia created its own TLS certificate authority (CA) to allow websites to continue to provide HTTPS connections after sanctions prevented them from renewing certificates from Western companies.
As certificate authorities need first to be vetted by companies before they are used in their browsers, Russia-based Yandex browser and Atom products were the only companies to recognize the new CA at the time.
Due to this, Russia told citizens to use these browsers instead of Chrome, Firefox, Edge, etc.
Four malicious Android apps were available on Google Play that stole sensitive information from victims’ devices and generated ‘pay-per-click’ revenue for the operators.
The malware impersonated Bluetooth apps that would not show malicious functionality until 72 hours after being installed. This delay allowed the apps to evade detection by security software and Google’s review process.
The developer of the very popular npm package named ‘node-ipc’ released sabotaged versions of the library that deleting all data and overwriting all files on developer’s machines, in addition to creating new text files with “peace” messages.
A new social engineering attack allowed for a method that could be used to abuse Microsoft Teams for phishing attacks and covertly executing commands to steal data using GIFs.
This method abused various flaws to exfiltrate data directly through Microsoft’s own servers, making it look like legitimate Microsoft Team’s traffic.
It should be noted that the attacker must first convince a user to install a malicious stager that executes commands and upload output to a Microsoft Teams webhook.
Over thirty malicious Google Chrome extensions with a combined one million installs on the Chrome Web Store were used to inject affiliate links into websites and hijack searches.
The extensions themselves did not contain malicious code, making them hard to detect.
A Linux vulnerability named PwnKit was found in Polkit’s pkexec component that attackers could exploit to gain full root privileges on the system.
This vulnerability was tracked as CVE-2021-4034 was present in the default configuration of all major Linux distributions, making it a significant concern for admins and security professionals.
Security researchers discovered that the desktop app for Microsoft Teams saved authentication tokens in clear text in various locations of Windows.
These authentication tokens could be stolen by threat actors who gained access to the device to log in as the user, even if they had multi-factor authentication (MFA) enabled.
Microsoft and many security researchers did not believe this was an issue in itself as it requires a user to already have gained access to a system before they could steal the tokens, which already means its “game over” for the user as the threat actor could access all locally stored data.
However, other researchers found this report to be of significant concern due to the rising tide of information stealers that could steal the tokens and send them back to remote attackers.
BleepingComputer was the first to report that threat actors gained access to Okta’s GitHub repositories and stole the company’s source code.
Okta began alerting customers last month via a “Confidential” email shared with BleepingComputer, warning that the source code for Okta Workforce Identity Cloud (WIC) was exposed in the breach.
However, they stated that hackers did not access the source code for Auth0 (Customer Identity Cloud) products during the breach.
The developer of the popular open-source libraries ‘colors’ and ‘faker’ intentionally introduced an infinite loop that bricked thousands of projects that depend on the packages.
Applications using these libraries suddenly found their projects outputting gibberish messages on their console stating, ‘LIBERTY LIBERTY LIBERTY’ followed by a sequence of non-ASCII characters:
This change appears to have been introduced in retaliation against mega-corporations and commercial consumers of open-source projects who extensively rely on cost-free and community-powered software but do not, according to the developer, give back to the community.
This year’s most-read story is about how a security researcher accidentally discovered a way to bypass the lock screen on his fully patched Google Pixel 6 and Pixel 5 Android smartphones.
This vulnerability is tracked as CVE-2022-20465 and was fixed in the Android security updates released on November 7, 2022.
A demonstration of this bypass is shown in the viewed below.