Skip links

BleepingComputer’s most popular cybersecurity stories of 2022



It was a big year for cybersecurity in 2022 with massive cyberattacks and data breaches, innovative phishing attacks, privacy concerns, and of course, zero-day vulnerabilities.

Some stories, though, were more popular with our readers than others.

While the recent discovery that hackers stole LastPass vault data in its August cloud storage breach was too new to make it into the top ten list, it warrants a mention.

Below are the ten most popular stories at BleepingComputer during 2022, with a summary of each.

10. Russia creates its own TLS certificate authority to bypass sanctions

Russia created its own TLS certificate authority (CA) to allow websites to continue to provide HTTPS connections after sanctions prevented them from renewing certificates from Western companies.

As certificate authorities need first to be vetted by companies before they are used in their browsers, Russia-based Yandex browser and Atom products were the only companies to recognize the new CA at the time.

Due to this, Russia told citizens to use these browsers instead of Chrome, Firefox, Edge, etc.

9. Malicious Android apps with 1M+ installs found on Google Play

Four malicious Android apps were available on Google Play that stole sensitive information from victims’ devices and generated ‘pay-per-click’ revenue for the operators.

The malware impersonated Bluetooth apps that would not show malicious functionality until 72 hours after being installed. This delay allowed the apps to evade detection by security software and Google’s review process.

8. BIG sabotage: Famous npm package deletes files to protest Ukraine war

The developer of the very popular npm package named ‘node-ipc’ released sabotaged versions of the library that deleting all data and overwriting all files on developer’s machines, in addition to creating new text files with “peace” messages.

7. GIFShell attack creates reverse shell using Microsoft Teams GIFs

A new social engineering attack allowed for a method that could be used to abuse Microsoft Teams for phishing attacks and covertly executing commands to steal data using GIFs.

This method abused various flaws to exfiltrate data directly through Microsoft’s own servers, making it look like legitimate Microsoft Team’s traffic.

It should be noted that the attacker must first convince a user to install a malicious stager that executes commands and upload output to a Microsoft Teams webhook.

6. Chrome extensions with 1 million installs hijack targets’ browsers

Over thirty malicious Google Chrome extensions with a combined one million installs on the Chrome Web Store were used to inject affiliate links into websites and hijack searches.

The extensions themselves did not contain malicious code, making them hard to detect.

However, once installed, they redirected users to other sites that prompted for the installation of further extensions that sideloaded malicious JavaScript into the browser.

5. Linux system service bug gives root on all major distros, exploit released

A Linux vulnerability named PwnKit was found in Polkit’s pkexec component that attackers could exploit to gain full root privileges on the system.

This vulnerability was tracked as CVE-2021-4034 was present in the default configuration of all major Linux distributions, making it a significant concern for admins and security professionals.

4. Microsoft Teams stores auth tokens as cleartext in Windows, Linux, Macs

Security researchers discovered that the desktop app for Microsoft Teams saved authentication tokens in clear text in various locations of Windows.

These authentication tokens could be stolen by threat actors who gained access to the device to log in as the user, even if they had multi-factor authentication (MFA) enabled.

Microsoft and many security researchers did not believe this was an issue in itself as it requires a user to already have gained access to a system before they could steal the tokens, which already means its “game over” for the user as the threat actor could access all locally stored data.

However, other researchers found this report to be of significant concern due to the rising tide of information stealers that could steal the tokens and send them back to remote attackers.

3. Okta’s source code stolen after its GitHub repositories hacked

BleepingComputer was the first to report that threat actors gained access to Okta’s GitHub repositories and stole the company’s source code.

Okta began alerting customers last month via a “Confidential” email shared with BleepingComputer, warning that the source code for Okta Workforce Identity Cloud (WIC) was exposed in the breach.

However, they stated that hackers did not access the source code for Auth0 (Customer Identity Cloud) products during the breach.

2. Dev corrupts NPM libs ‘colors’ and ‘faker’ breaking thousands of apps

The developer of the popular open-source libraries ‘colors’ and ‘faker’ intentionally introduced an infinite loop that bricked thousands of projects that depend on the packages.

Applications using these libraries suddenly found their projects outputting gibberish messages on their console stating, ‘LIBERTY LIBERTY LIBERTY’ followed by a sequence of non-ASCII characters:

This change appears to have been introduced in retaliation against mega-corporations and commercial consumers of open-source projects who extensively rely on cost-free and community-powered software but do not, according to the developer, give back to the community.

1. Android phone owner accidentally finds a way to bypass lock screen

This year’s most-read story is about how a security researcher accidentally discovered a way to bypass the lock screen on his fully patched Google Pixel 6 and Pixel 5 Android smartphones.

This vulnerability is tracked as CVE-2022-20465 and was fixed in the Android security updates released on November 7, 2022.

A demonstration of this bypass is shown in the viewed below.

[embedded content]

Adblock test (Why?)