---
title: "Cyber Security News Update, Week 30 of 2022 | DuoCircle"
description: "The cybersecurity landscape continues to evolve rapidly, with threat actors evolving their modus operandi every week to target individuals and organizations."
image: "https://www.duocircle.com/images/og-default.png"
canonical: "https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-30-of-2022/"
---

Quick Answer

Cybersecurity headlines for the week of August 1, 2022\. Apple patched roughly 37 flaws across iOS, iPadOS, tvOS, macOS, and watchOS, including CVE-2022-2294, a WebRTC memory corruption bug exploited against Chrome users. A fake Nvidia 30th-anniversary site impersonated the company to run a 50,000 BTC giveaway scam targeting cryptocurrency holders. India's SEBI reported 11 employee email accounts hacked and used to send bogus messages during a system upgrade. Google began removing the app permissions list in favor of its new Data Safety section on the Android Play Store. Premint NFT was hit by a JavaScript injection that prompted users to 'set approvals for all,' leading to 314 stolen NFTs and around 275 ETH lost. Adobe shipped patches for Acrobat and Reader (APSB22-32, 15 critical bugs), RoboHelp, Photoshop, and Character Animator. The New York State DMV also warned of a phishing text offering a fake $1,500 fuel rebate.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-30-of-2022%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cyber%20Security%20News%20Update%2C%20Week%2030%20of%202022&url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-30-of-2022%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-30-of-2022%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-30-of-2022%2F&title=Cyber%20Security%20News%20Update%2C%20Week%2030%20of%202022 "Share on Reddit") [ ](mailto:?subject=Cyber%20Security%20News%20Update%2C%20Week%2030%20of%202022&body=Check out this article: undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-30-of-2022%2F "Share via Email") 

![DuoCircle blog post image](https://media.mailhop.org/duocircle/images/2022/08/365-to-365-migration-7463.jpg) 

The cybersecurity landscape continues to evolve rapidly, with threat actors evolving their modus operandi every week to target individuals and organizations worldwide. Here are the latest [cybersecurity](/email-security/9-strategies-to-enhance-cybersecurity-for-the-remote-workforce/) headlines to follow this week:

## Apple Fixes Several Security Flaws Affecting its Platforms

Apple recently fixed multiple flaws affecting iOS, iPadOS, tvOS, macOS, and watchOS. Around 37 security flaws were patched in different components of macOS and iOS. These include [arbitrary code execution](https://en.wikipedia.org/wiki/Arbitrary%5Fcode%5Fexecution#:~:text=In%20computer%20security%2C%20arbitrary%20code,hardware%20allowing%20arbitrary%20code%20execution.), privilege escalation, DoS, information disclosure, and so much more.

The most notable vulnerability among these was tracked as CVE-2022-2294\. It is a memory corruption flaw affecting the WebRTC component and was actively used to launch attacks against Chrome users. However, there is no evidence to prove its exploitation for _iOS, macOS, and Safari_.

Other arbitrary code execution flaws affecting Apple Neural Engine, ImageIO, Audio, Kernel, IOMobileFrameBuffer, and WebKit were also detected and patched. Furthermore, [five security vulnerabilities](https://thehackernews.com/2022/07/apple-releases-security-patches-for-all.html?&web%5Fview=true) were fixed in the latest version of macOS. These affected the **SMB module** and could be used to leak data, gain privileged access, or execute arbitrary code. Apple recommends that iPadOS 15.6, iOS 15.6, tvOS 15.6, macOS Monterey 12.5, and watchOS 8.7 update their devices at the earliest to ensure [ransomware protection](/resources/locky-ransomware).

## Beware of Fake Nvidia Giveaway Scams

Cyber adversaries have found a new way of tricking people, this time, it’s impersonating popular software company Nvidia. Nvidia’s 30th anniversary is coming soon, and the adversaries are using that to launch a scam where they promise to give away 50,000 Bitcoin. In reality, however, their objective is to steal cryptocurrency.

The hackers created a fake website resembling that of Nvidia, and the website promoted its 30th anniversary. The adversaries also used the company’s logo and CEO’s photo to **enhance the scam’s credibility**.

As part of the scam, visitors are asked to participate in the ongoing event and choose a category for participation. However, only one big button on the screen says “**Bitcoin Giveaway.**” Once users click on this button, they are redirected to a page full of **bogus giveaway information**.

Users are asked to contribute to becoming eligible for the giveaway and are promised their money will be doubled. In addition, they also have a chance to win [50,000 BTC](https://cyware.com/news/fake-nvidia-giveaway-scam-6228d55b). With such an attractive lure standing in front of the **investment-oriented users**. Adversaries have always leveraged human greed to quench their greed, and this Nvidia giveaway scam is just another example. Therefore, it is important to be wise on the web and take **cybersecurity** **measures**.

[![cybersecurity  measures](https://media.mailhop.org/duocircle/images/2022/08/365-to-365-migration-7461.jpg)](https://media.mailhop.org/duocircle/images/2022/08/365-to-365-migration-7461.jpg)

## SEBI Reports Security Incidents

The Securities and Exchange Board of India (SEBI) recently reported a cybersecurity incident affecting its email system. However, experts later confirmed that no sensitive data was stolen in this episode. SEBI had registered an FIR after noticing some suspicious activities in its email system, which was undergoing system upgrades at the time.

Reportedly, 11 official email accounts belonging to SEBI employees were hacked and used to send out bogus emails. SEBI quickly adopted **ransomware protection measures** and informed CERT-IN about the incident. An official SEBI spokesperson mentioned that it was a [small incident](https://www.livemint.com/news/india/sebi-files-fir-in-cyber-security-incident-as-email-accounts-of-11-officials-hacked-see-here-11658016879223.html) and did not lead to any compromise of sensitive information. Further, the organization has taken measures to strengthen its systems.

## Google to Remove App Permissions List

Google is currently removing the app permissions list from its web and mobile versions. This comes after the launch of its new Data Safety section on the Android Play Store. The Data Safety section was launched in April 2022 and is parallel to the **Privacy Nutrition Labels in iOS**. This feature lets users have a unified view of an app’s data collection and processing practices.

Google’s Data Safety section requires third-party app developers to provide the required details by 20th July 2022, after which the app permission list will be removed. So far, it’s uncertain whether this decision is a good one because major apps like _Instagram, Facebook, WhatsApp, Messenger, Discord, Amazon, PhonePe, and DuckDuckGo_ are yet to fill out their data safety sections.

What triggered Google to go ahead with the **Data Safety Section** remains unclear, especially considering that it runs on an honor system and requires developers to make full and correct declarations in the app’s store listing. Cybersecurity experts guess that improved readability is a strong factor influencing Google’s switch to the [Data Safety section](https://thehackernews.com/2022/07/google-removes-app-permissions-list.html?&web%5Fview=true).

## Hackers Target Premint NFT

The NFT platform Premint NFT recently underwent a cyberattack where hackers took over its official website and stole 314 NFTs. Cybersecurity experts claim this is one of the biggest NFT hacks ever. Reportedly, hackers infected premint.xyz with a malicious **JavaScript code** that was designed to instruct users to “set approvals for all” while connecting their wallets to the Premint site. This would enable the [threat actors](/email-security/email-security-101-how-to-steer-clear-of-threat-actors/) to access users’ crypto assets.

Six externally owned accounts (EOAs) are linked to this attack, which continued to affect on-chain and stole **approximately 275 ETH**. Fortunately, two of these EOAs were detected, and the funds were redirected back to the victims’ accounts. Experts advise users to refrain from signing transactions that say ‘set approvals for all.’

Certik experts recommend that web3 projects require multiple signatures before granting access to privileged controls’ accounts. Further, it advises that such access be revoked after each use. This marks another example of the **rising number of cyberattacks** where hackers use [web2 vulnerabilities](https://securityaffairs.co/wordpress/133339/cyber-crime/crooks-stole-375k-from-premint-nft-it-is-one-of-the-biggest-nft-hacks-ever.html?web%5Fview=true) to exploit web3 projects.

## Adobe Releases Security Updates

Adobe has recently released security updates for Acrobat and Reader, Photoshop RoboHelp, and Character and Animator products. The updates would patch vulnerabilities in these products that could let adversaries take over the affected systems. The patch for Adobe Acrobat and Reader ([APSB22-32](https://helpx.adobe.com/security/products/acrobat/apsb22-32.html)) addresses 15 Critical vulnerabilities, all of which could end up in arbitrary code execution. These flaws affect both Windows and macOS devices.

The security patch for RoboHelp ([APSB22-10](https://helpx.adobe.com/security/products/robohelp/apsb22-10.html)) fixes an important vulnerability tracked as CVE-2022-23201\. It affects RH2020.0.7 and the earlier versions of RoboHelp. The fix for Adobe Photoshop ([APSB22-35](https://helpx.adobe.com/security/products/photoshop/apsb22-35.html)) deals with two critical vulnerabilities dubbed CVE-2022-34243 and CVE-2022-34244\. The former could lead to arbitrary code execution, and the latter was a memory leak vulnerability. These vulnerabilities affect both Adobe Photoshop 2021 (22.5.7 and earlier versions ) and Adobe Photoshop 2022 (23.3.2 and earlier versions) for Windows and macOS.

As for the patches for Character Animator, the Adobe Acrobat and Reader security update ([APSB22-34](https://helpx.adobe.com/security/products/character%5Fanimator/apsb22-34.html)) fixes two critical vulnerabilities, CVE-2022-34241 and CVE-2022-34242\. Both could lead to [arbitrary code execution](https://www.securezoo.com/2022/07/adobe-has-released-security-updates-for-acrobat-and-reader-photoshop-and-other-products/?web%5Fview=true) and affect the Character Animator 2021 version 4.4.7 and previous versions. It also affects the Character Animator 2022 (22.4 or earlier versions) for **Windows and macOS**. Adobe urges that users update their systems at the earliest to ensure protection **against cybersecurity issues**.

[![Phishing Scams](https://media.mailhop.org/duocircle/images/2022/08/365-to-365-migration-7462.jpg)](https://media.mailhop.org/duocircle/images/2022/08/365-to-365-migration-7462.jpg)

## Beware of Phishing Scams: Says NYS DMV

The New York State Department of Motor Vehicles (DMV) has recently released a warning asking all customers to be wary of phishing scams. The scam attempts to steal users’ personal details using a text that promises then $1500 rebate on fuel prices. Clicking on the link leads users to a spoofed web page designed by adversaries to look like the official DMV website. It asks users to enter their personal information; as in other [phishing attacks](/content/phishing-prevention/phishing-attacks), these details automatically reach the attackers.

Providing details on this page also exposes users to malicious software and [identity theft](https://cyware.com/news/warning-issued-against-nydmv-phishing-scams-f98a8e40). Therefore, cybersecurity experts at DMV advise users to remain vigilant and report any suspicious texts that they receive.

## Topics

NewsSecurityUpdates 

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

Brad Slavin 

General Manager

General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.

## Secure your email infrastructure

Protect, authenticate, and deliver. Contact our team to find the right solution.

[Contact Sales](/contact/) [Explore Products](/products/) 

## Related Articles

[  News 3m  Alert: Fix SPF & DKIM Settings For Your Email Forwarding Set Up Through Microsoft o365 SMTP Server Or Your Emails May End Up In Spam  Jul 20, 2021 ](/blog/announcements/alert-fix-spf-dkim-settings-for-your-email-forwarding-set-up-through-microsoft-o365-smtp-server-or-your-emails-may-end-up-in-spam/)[  News 6m  Cyber Security News Update, Week 1 of 2022  Jan 7, 2022 ](/blog/announcements/cyber-security-news-update-week-1-of-2022/)[  News 7m  Cybersecurity News Update, Week 1 of 2023  Jan 1, 2023 ](/blog/announcements/cyber-security-news-update-week-1-of-2023/)[  News 5m  EasyPark Data Breach, Ohio Lottery Cyberattack, GTA 5 Leak, Cybersecurity News \[December 25, 2023\]  Jan 4, 2024 ](/blog/announcements/cyber-security-news-update-week-1-of-2024/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cyber Security News Update, Week 30 of 2022","description":"The cybersecurity landscape continues to evolve rapidly, with threat actors evolving their modus operandi every week to target individuals and organizations.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-30-of-2022/","datePublished":"2022-08-01T12:58:48.000Z","dateModified":"2025-05-09T15:06:53.000Z","dateCreated":"2022-08-01T12:58:48.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-30-of-2022/"},"articleSection":"announcements","keywords":"News, Security, Updates","wordCount":1223,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2022/08/365-to-365-migration-7463.jpg","caption":"DuoCircle blog post image","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"News"},{"@type":"ListItem","position":3,"name":"Cyber Security News Update, Week 30 of 2022","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-30-of-2022/"}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"News","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"Cyber Security News Update, Week 30 of 2022","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-30-of-2022/"}]}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cyber Security News Update, Week 30 of 2022","description":"The cybersecurity landscape continues to evolve rapidly, with threat actors evolving their modus operandi every week to target individuals and organizations.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-30-of-2022/","datePublished":"2022-08-01T12:58:48.000Z","dateModified":"2025-05-09T15:06:53.000Z","dateCreated":"2022-08-01T12:58:48.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-30-of-2022/"},"articleSection":"announcements","keywords":"News, Security, Updates","wordCount":1223,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2022/08/365-to-365-migration-7463.jpg","caption":"DuoCircle blog post image","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```