---
title: "Cyber Security News Update, Week 25 of 2022 | DuoCircle"
description: "Since cyberattacks are becoming more and more common these days, staying abreast of the latest news headlines is important to learn from them and keep our."
image: "https://www.duocircle.com/images/og-default.png"
canonical: "https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-25-of-2022/"
---

Quick Answer

Six items. SAP released 10 security notes on its June Patch Day, including fixes for critical flaws in NetWeaver and Financial Consolidation. Microsoft researchers found a flaw in cryptocurrency wallets using the trust-wallet-core library that could leak seed phrases through weak randomness. Interpol's Operation First Light arrested roughly 2,000 people across 76 countries for telecom and BEC fraud, seizing $50 million. Cisco patched a Secure Email Gateway flaw (CVE-2022-20798) allowing authentication bypass via crafted credentials. A DDoS-for-hire operator was sentenced to 24 months by a U.S. court. And Resecurity reported a new 'Robin Banks' phishing kit targeting customers of Citi, Bank of America, Wells Fargo, and Capital One.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-25-of-2022%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cyber%20Security%20News%20Update%2C%20Week%2025%20of%202022&url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-25-of-2022%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-25-of-2022%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-25-of-2022%2F&title=Cyber%20Security%20News%20Update%2C%20Week%2025%20of%202022 "Share on Reddit") [ ](mailto:?subject=Cyber%20Security%20News%20Update%2C%20Week%2025%20of%202022&body=Check out this article: undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-25-of-2022%2F "Share via Email") 

![cybersecurity](https://media.mailhop.org/duocircle/images/2022/07/SMTP-relay.jpg) 

Since cyberattacks are becoming more and more common these days, **staying abreast** of the latest news headlines is important to learn from them and keep our information assets secure. This week’s cybersecurity news headlines cover some significant **patches and fixes**. Read on to find out what’s happening in cyberspace.

## SAP Announces Multiple Security Notes

SAP recently announced ten new and two updated security notes on its June 2022 Security Patch Day. Among these latest notes, **CVE-2022-27668 (with a CVSS score of 8.6)** was considered the most severe vulnerability. It involved improper access control related to the SAProuter proxy in the [ABAP](https://www.guru99.com/what-is-abap.html) and **NetWeaver platforms**.

Exploiting this [vulnerability](/email-security/two-zero-day-vulnerabilities-discovered-in-microsoft-exchange-server-patches-pending/) would allow adversaries to affect systems’ availability by executing administration commands on the systems connected to the **SAPRouter**. It is recommended that customers **apply the patch** at the earliest.

_Another high-severity cybersecurity_ _issue (with a CVSS score of 8.2) in NetWeaver AS Java was also addressed in SAP._ This note came with four other notes addressing CVE-2022-31590 (a privilege escalation issue in **PowerDesigner Proxy 16.7** with a CVSS score of 7.8), among [other vulnerabilities](https://www.securityweek.com/sap-patches-high-severity-netweaver-vulnerabilities?&web%5Fview=true).

## Can this New Vulnerability Leak Your Crypto Seed?

A new vulnerability is targeting crypto wallet owners. It involves accessing the **secret recovery phrase** of user wallets and stealing their cryptocurrencies and NFTs. Recovery phrases, or seeds, are the human-readable versions of the **private keys** of user wallets. With access to this recovery phrase, any [hacker](/data-privacy/hacker-taunts-tiktok-after-stealing-over-2-billion-records-in-a-massive-data-breach/) can import the wallet to their device and steal the NFTs and cryptocurrencies.

[![cybersecurity](https://media.mailhop.org/duocircle/images/2022/07/hosted-email-server-6249.jpg)](https://media.mailhop.org/duocircle/images/2022/07/hosted-email-server-6249.jpg)

First discovered by [cybersecurity](/) experts at Halborn in September 2021, this vulnerability has been dubbed CVE-2022-32969\. It exploits the standard restore session system used by web browsers to facilitate the saving of **non-password input fields** on the disk.

Browser wallet extensions like Metamask, Brave, and Phantom do not use a password field to enter **recovery phrases**; they rely on regular input fields. These input fields get saved on the disk in **plain text form**. This makes it easy for adversaries to steal the seeds and import users’ wallets to their own devices.

Attackers can use a [remote access trojan](https://encyclopedia.kaspersky.com/glossary/remote-access-trojan-rat/) to access user devices; the rest is a cakewalk. But cybersecurity experts also mentioned that for the vulnerability to be exploited, users need to check the checkbox asking to **“Show Secret Recovery Phrase,”** as this ensures that the password **gets stored** on the local disk.

Metamask **patched** the vulnerability in its wallet extension version 10.11.3\. Phantom dealt with it in April 2022, and xDefi addressed the vulnerability in version 13.3.8\. However, Brave has yet to release a statement or address the issue. Users who feel they might have been affected by the flaw should consider **migrating their assets** to [new accounts](https://www.bleepingcomputer.com/news/security/metamask-phantom-warn-of-flaw-that-could-steal-your-crypto-wallets/?&web%5Fview=true).

## Interpol Arrests 2000 Scammers

An Interpol operation recently recovered **$50 million in illicit funds** and arrested 2,000 alleged scammers from 76 countries. The International Criminal Police Organization (Interpol) conducted a drive to investigate the rising [social engineering](/phishing-protection/social-engineering-is-a-growing-threat/) scams where adversaries trick users into revealing their sensitive and **confidential information**.

Interpol’s operation lasted two months and was codenamed **“First Light 2022.”** It involves both Interpol and the local police in global countries. Reportedly, the police identified 3,000 different **suspects** during their investigation and arrested 2000 of them on accounts of money laundering.

They also froze 4000 bank accounts and **conducted raids** at 1770 global locations. Among the captured was a Chinese national who was wanted in connection with an enormous **Ponzi scheme** that police say involved some 24,000 victims and the theft of [34 million euros](https://gizmodo.com/interpol-50-million-first-light-social-engineering-scam-1849067588).

## Cisco Patches ESA Vulnerability

[![Email Security](https://media.mailhop.org/duocircle/images/2022/07/SMTP-server-mail-6248.jpg)](https://media.mailhop.org/duocircle/images/2022/07/SMTP-server-mail-6248.jpg)

_Cisco recently patched a critical **security flaw** in [Email Security](/content/email-security-services) Appliance (ESA), Web Manager, and Secure Email that could be exploited to sidestep authentication._

Tracked as CVE-2022-20798, this bypass vulnerability has a CVSS score of 9.8 and is caused due to **improper authentication checks**. The vulnerability happens when the target devices use [Lightweight Directory Access Protocol (LDAP)](https://www.redhat.com/en/topics/security/what-is-ldap-authentication) for **external** authentication.

Cybersecurity experts at Cisco mentioned that to exploit **CVE-2022-20798**, hackers would need to enter a specific input on the login page of the targeted device. Once hackers do this, they gain access to the device’s **web-based management interface**. The flaw was discovered while fixing a technical assistance center (TAC) issue. It affects systems running AsyncOS software

versions 11 and earlier, 12, 12.x, 13, 13.x, 14, and 14.x. However, [two conditions](https://thehackernews.com/2022/06/critical-flaw-in-cisco-secure-email-and.html?&web%5Fview=true) need to be met for the attack to be successful:

- **External authentication** is used to configure the devices.
- The **LDAP** authentication protocol is used.

## DDoS Operator Sentenced to 24 Months in Prison

A 33-year-old man called Matthew Gatrel from St. Charles, Illinois, was recently sentenced to 24 months in prison because of his role in executing three counts of [wire fraud](https://www.investopedia.com/terms/w/wirefraud.asp) and computer-related felonies.

Gatrel was convicted in September 2021 for owning and operating DownThem.org and AmpNode.com. **DownThem.org** is a website allowing users to pay and launch powerful [DDoS attacks](https://www.bleepingcomputer.com/news/security/massive-ddos-attack-takes-russia-s-second-largest-bank-vtb-offline/), and AmpNode.com provides **bulletproof hosting** services for a few. Both these services facilitate DDoS attack amplification and server spoofing.

Cybersecurity experts noted that DownThem had more than 2,000 users in 2018 and launched over 200,000 attacks on financial institutions, government websites, schools, universities, and homes. The accused provided **customer support** for both DownThem and AmpNode and also guided users on how to [launch DDoS attacks](https://www.securityweek.com/operator-downthem-ddos-service-sentenced-24-months-prison?&web%5Fview=true) using these.

Gatrel was **sentenced** to two years in prison owing to his active role in deploying and demonstrating the use of these **attack tools**. One of his allies, Juan Martinez, also ended up with a five-year prison sentence for his role in spreading DownThem.

## New Phishing Toolkit in Town

Adversaries are putting up a sophisticated phishing toolkit called ‘NakedPages’ for **sale** on the [dark web](https://www.bleepingcomputer.com/news/security/new-dark-web-markets-claim-association-with-criminal-cartels/). This toolkit can be used to target Microsoft Office and Google and is being sold via a **PHP-based phishing app**. It is also being advertised on some Telegram channels.

_NakedPages works on Linux and asks for read, write, and execute permission from users_. It is a fully **automated toolkit** with over 50 ready-to-use site projects and [phishing](/content/phishing-prevention/phishing-attacks) templates.

NakedPages comes with a **fully-integrated** and battle-based [anti-bot](https://netacea.com/glossary/anti-bot/) functionality that helps detect all kinds of bots from 120 countries. It also allows adversaries to manually receive and decode responses, filter users from the Js config, and **add cookies**.

The use of toolkits has increased significantly in the recent past. Though NakedPages is relatively new, it is an effective phishing tool. Since phishing toolkits are **easy-to-use** and available for free, their use is rapidly increasing. Users are advised to prioritize protecting personal and **digital data** to avoid such attacks.

## Topics

NewsSecurityUpdates 

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

Brad Slavin 

General Manager

General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.

## Secure your email infrastructure

Protect, authenticate, and deliver. Contact our team to find the right solution.

[Contact Sales](/contact/) [Explore Products](/products/) 

## Related Articles

[  News 3m  Alert: Fix SPF & DKIM Settings For Your Email Forwarding Set Up Through Microsoft o365 SMTP Server Or Your Emails May End Up In Spam  Jul 20, 2021 ](/blog/announcements/alert-fix-spf-dkim-settings-for-your-email-forwarding-set-up-through-microsoft-o365-smtp-server-or-your-emails-may-end-up-in-spam/)[  News 6m  Cyber Security News Update, Week 1 of 2022  Jan 7, 2022 ](/blog/announcements/cyber-security-news-update-week-1-of-2022/)[  News 7m  Cybersecurity News Update, Week 1 of 2023  Jan 1, 2023 ](/blog/announcements/cyber-security-news-update-week-1-of-2023/)[  News 5m  EasyPark Data Breach, Ohio Lottery Cyberattack, GTA 5 Leak, Cybersecurity News \[December 25, 2023\]  Jan 4, 2024 ](/blog/announcements/cyber-security-news-update-week-1-of-2024/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cyber Security News Update, Week 25 of 2022","description":"Since cyberattacks are becoming more and more common these days, staying abreast of the latest news headlines is important to learn from them and keep our.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-25-of-2022/","datePublished":"2022-07-23T16:31:26.000Z","dateModified":"2025-05-09T17:37:33.000Z","dateCreated":"2022-07-23T16:31:26.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-25-of-2022/"},"articleSection":"announcements","keywords":"News, Security, Updates","wordCount":1085,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2022/07/SMTP-relay.jpg","caption":"cybersecurity","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"News"},{"@type":"ListItem","position":3,"name":"Cyber Security News Update, Week 25 of 2022","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-25-of-2022/"}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"News","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"Cyber Security News Update, Week 25 of 2022","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-25-of-2022/"}]}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cyber Security News Update, Week 25 of 2022","description":"Since cyberattacks are becoming more and more common these days, staying abreast of the latest news headlines is important to learn from them and keep our.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-25-of-2022/","datePublished":"2022-07-23T16:31:26.000Z","dateModified":"2025-05-09T17:37:33.000Z","dateCreated":"2022-07-23T16:31:26.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-25-of-2022/"},"articleSection":"announcements","keywords":"News, Security, Updates","wordCount":1085,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2022/07/SMTP-relay.jpg","caption":"cybersecurity","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```
