Here’s our round-up of the security stories that have shaped the cyber year in what has been yet another rollercoaster ride for infosec professionals.
January
Last year ended with a sting in its tail, with the Log4J vulnerability Log4Shell emerging just as security folks felt it might be safe to start winding down for the holidays. There have been reports of the vulnerability being exploited by state sponsored actors, including an attack on Belgium’s Defence ministry, but it’s probably fair to say the damage – so far as we know – hasn’t been as bad as feared.
Prior to Log4Shell, the major priority for many was defending against ransomware, and 2022 continued as 2021 left off with an attack on schools website provider FinalSite leading to a lengthy loss of access to many online services in thousands of schools and colleges around the world.
North Korea’s veteran hacking organisation Lazarus started the year as it meant to go on using Windows Update and GitHub to deploy malware as part of a new spear-phishing campaign aimed at US defence contractor…
