This week, Mitre published the 2022 Common Weakness Enumeration Top 25 Most Dangerous Software Weaknesses list. This year, there are 3 new entries in the Top 25. The list enables organizations to reconsider their defenses. Also, the cPanel team introduced the new features and fixes in cPanel & WHM version 106. This week, GoDaddy also announced a new acquisition. The web hosting giant is about to acquire the innovative domain marketplace Dan.com.
Mitre releases 2022’s most dangerous bugs
Mitre published the 2022 Common Weakness Enumeration Top 25 Most Dangerous Software Weaknesses list, including the most common and impactful software weaknesses. Most of the vulnerabilities on the list allow cybercriminals to easily find and exploit them. To create the list, Mitre inspected 37,899 CVE records from the last two years. While some weaknesses moved to higher positions on the list from the last year’s list, there are also some weaknesses that made their first appearance.
What’s new in cPanel & WHM 106?
The cPanel team introduced the new features and fixes in cPanel & WHM version 106. The team also announced that cPanel version 106 has been released to the EDGE tier. One of the most significant changes is now the Top Tools section was replaced with the Favorites section in the WHM Home interface. The favorites category is also added to the side navigation menu. Tools added to the Favorites section will also appear in the Favorites category. Force short prefix for MySQL and MariaDB databases setting is also added to the SQL section of WHM’s Tweak Settings interface.
LockBit ransomware disguises as a copyright claim
Reports say that LockBit 2.0 ransomware affiliates are using a peculiar scheme to get victims into infecting their machines camouflaging a virus as copyright claims. The ransomware encodes the infected devices before requesting payment and the receivers of copyright claim emails are supposedly making use of media files without the creator’s license. The recipients are demanded to remove the infringing content from their websites or they will encounter legal action.
GoDaddy acquires Dan.com
GoDaddy announced the acquisition of the innovative domain marketplace Dan.com. With the acquisition, the company aims to strengthen the company with Dan.com’s automation and lease-to-own options. The integration time has not been specified yet by any of those companies. But it is expected to be shortly after the deal close. With over 84 million domains under management, the registrar company aims for this procurement to help continue profitable revenue increase in their domains business as well.
Millions of users’ data from Bean VPN leaked
A group of cybersecurity researchers announced that they have found a database online that contains more than 10 GB of leaked personal data from Bean VPN. The database includes over 25 million records including device IDs, Play Service IDs, IP addresses, and connection stamps. The information can be used to identify users’ approximate location by using the geo-IP database and the Play Service ID can reveal the user’s email address that they are signed in to their device. The company claims that it doesn’t keep user activity logs including no logging of browsing history, traffic destination, data content, or DNS queries.
Cisco is leaving Russia and Belarus
Tech giant Cisco System announced that the company is leaving Russia entirely. The company suspended its sales and operations in Russia in March due to the war between Russia and Ukraine. Cisco’s rival International Business Machines Corp started cutting its business in Russia and Microsoft announced it was making significant cuts to its Russian business. Cisco also offered relocation options to its employees based living in Russia.
Log4j is still being actively exploited, CISA warns
After 8 months of Apache Log4j vulnerability has emerged, CISA made a new warning regarding the vulnerability. CISA and CGCYBER have published an advisory urging system admins to update VMware Horizon and Unified Access Gateway servers that run vulnerable Log4j versions. The patch was released shortly after the vulnerability was discovered. CISA also gave the names of the loader malware they have discover.