---
title: "Weekly Cyber News Updates, week 35 of 2022 | DuoCircle"
description: "Keeping up with cybersecurity’s latest is key to avoiding becoming a victim of ever-evolving cyber threats."
image: "https://www.duocircle.com/images/og-default.png"
canonical: "https://www.duocircle.com/blog/announcements/weekly-cyber-news-updates-week-35-of-2022/"
---

Quick Answer

Cybersecurity headlines for week 35 of 2022\. Nelnet Servicing disclosed a breach exposing 2.5 million student loan accounts at OSLA and EdFinancial, who used the Nelnet web portal for digital loan access; attackers exploited a vulnerability and Nelnet blocked the intrusion after detection. Other reported incidents this week followed the same pattern of third-party service-provider breaches cascading into customer data exposure. Recurring lessons across the week's stories: vendor due diligence, contractual breach notification timelines, and segmentation between customer data stores and externally facing portals.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fannouncements%2Fweekly-cyber-news-updates-week-35-of-2022%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Weekly%20Cyber%20News%20Updates%2C%20week%2035%20of%202022&url=undefined%2Fblog%2Fannouncements%2Fweekly-cyber-news-updates-week-35-of-2022%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fannouncements%2Fweekly-cyber-news-updates-week-35-of-2022%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fannouncements%2Fweekly-cyber-news-updates-week-35-of-2022%2F&title=Weekly%20Cyber%20News%20Updates%2C%20week%2035%20of%202022 "Share on Reddit") [ ](mailto:?subject=Weekly%20Cyber%20News%20Updates%2C%20week%2035%20of%202022&body=Check out this article: undefined%2Fblog%2Fannouncements%2Fweekly-cyber-news-updates-week-35-of-2022%2F "Share via Email") 

![cybersecurity updates](https://media.mailhop.org/duocircle/images/2022/09/dkim-validation-1.jpg) 

Keeping up with cybersecurity’s latest is key to avoiding becoming a victim of **ever-evolving cyber threats**. We are here with another weekly update of the latest cybersecurity news and incidents from around the world to help you **achieve awareness** and protect yourself from severe cyber threats. Here is this week’s cybersecurity bulletin:

## Data Breach Exposes 2.5 Million Student Loan Accounts

Following a [data breach](/email-security/top-data-breaches-of-the-year-and-lessons-for-2022/) at Nelnet Servicing, data from OSLA (Oklahoma Student Loan Authority) and EdFinancial has exposed the details of 2.5 million student loan accounts. The organizations used Nelnet Servicing and provided a web portal to students for **digital access** to loan accounts.

The threat artists exploited a vulnerability at Nelnet and exposed the data of 2,501,324 students. Nelnet blocked the attack **immediately** after discovering the breach and investigated the particulars that had been exposed.

The name, physical address, email address, phone number, and [social security numbers](https://therecord.media/social-security-numbers-stolen-in-ransomware-attack-on-maternal-health-org/) of those affected by the breach are exposed. Although **no financial information** was exposed, the law firm “Markovits, Stock, & DeMarco” launched an investigation into the incident on the grounds of the makings of a class action lawsuit.

EdFinancial and OSLA have offered those impacted by the data breach free access to a **2-year** [identity theft protection](https://www.bankrate.com/personal-finance/what-is-identity-theft-protection/) service through Experian. EdFinancial has also reassured its clients that not all of its clientele is hosted by Nelnet and is safe from exposure. Following the breach, **monitoring bank accounts**, and requesting a **credit report** are the best steps students can take.

[![Data Breach](https://media.mailhop.org/duocircle/images/2022/09/DMARC-reporting-service-1118.jpg)](https://media.mailhop.org/duocircle/images/2022/09/DMARC-reporting-service-1118.jpg)

## Privilege Escalation Vulnerability in VMware

VMware released patches to address a **severe vulnerability** in the VMware tools. Tracked as CVE-2022-31676, the vulnerability impacted the VMware Tools suite of utilities.

Any threat actor with local access to the **guest operating system** could trigger said [vulnerability](/email-security/cisco-email-appliance-vulnerability-causing-denial-of-service/) to escalate their privileges on the system. After escalating their privileges, threat actors could **access sensitive systems** and access managed data to perform malicious activities.

_VMware released a security [advisory](https://www.vmware.com/security/advisories/VMSA-2022-0024.html), and the vulnerability was given a score of 7.0 with no workarounds other than the **patched**, fixed version released._

The flaw impacted both **Windows and Linux** platforms and has been patched in [12.1.0](https://docs.vmware.com/en/VMware-Tools/12.1/rn/VMware-Tools-1210-Release-Notes.html) for Windows and [10.3.25](https://docs.vmware.com/en/VMware-Tools/10.3/rn/VMware-Tools-10325-Release-Notes.html) for Linux systems. Individuals should download the security patch and update VMware Tools for the best protection.

## Fake Chrome Extension Installed over 200,000 times

A google **chrome extension** called the “Internet Download Manager,” present on the [Chrome Web Store](https://www.bleepingcomputer.com/news/security/google-updates-chrome-web-store-policy-to-block-extension-spam/) since 2019, was reportedly installed by **over 200,000 users**.

_The extension installs a known and legitimate download manager with **unwanted behavior**, such as opening spam websites, default browser settings, and numerous pop-ups for patches and unwanted programs._ The [malicious extension](https://www.bleepingcomputer.com/news/security/malicious-extension-lets-attackers-control-google-chrome-remotely/) by “IDM Integration Module” imitated a similar extension by Tonec. The counterfeit Chrome extension is operated and maintained by “Puupnewsapp” and claims a **500% download speed boost**.

On installing the extension, users are prompted to install a **Windows patch** and an executable by Puupnewsapp. The executable contains 32 and 64-bit versions of NodeJS and executes code to **alter browser registry settings** on the victim’s system. Furthermore, the extension alters search engines, such as smartwebfinder\[.\]com, shows **frequent pop-ups** for installing additional extensions and launches third-party websites in the web browser.

Following Tonec’s website, the FAQ section [clarifies](http://www.internetdownloadmanager.com/register/new%5Ffaq/chrome%5Fextension.html) that all IDM extensions found on the Google Store are **fake** and should be avoided. The reviews for the extension make it clear that it is spam and **hijacks browsers**.

Still, over 200,000 users downloaded the extension. The same week, McAfee’s threat analysts [discovered](https://www.mcafee.com/blogs/other-blogs/mcafee-labs/malicious-cookie-stuffing-chrome-extensions-with-1-4-million-users/) five extensions downloaded 1.4 million times that **stole browsing activities**. _Users are advised to use legitimate software from authentic sources and follow the reviews before downloading any extension._

## Chrome OS Flaw Discovered by Microsoft

Microsoft shared specifics of a severe flaw in **Chrome OS**. The vulnerability in Chrome OS, tracked as CVE-2022-2587, was given a CVSS (Common Vulnerability Scoring System) score of 9.8.

_Any [threat actor](/email-security/threat-actors-are-using-google-ads-to-launch-sophisticated-phishing-campaigns/) could exploit the Chrome OS vulnerability to trigger a DoS (Denial of Service) condition and achieve RCE (Remote Code Execution) in particular cases._ The vulnerability is a **memory corruption** vulnerability in the Chrome OS component that can be triggered **remotely**. Microsoft discovered and reported the Chrome OS flaw to Google in April; Google [addressed](https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-chromeos.html) the cybersecurity issue in June.

The MSVR (Microsoft Security Vulnerability Research) **tracked** the vulnerability further and released a detailed report of its findings. Microsoft focuses on **research-driven protections** and collaboration and recommends close monitoring of all devices, operating systems, and platforms for discovering vulnerabilities.

## One-Click TikTok Account Hijacking in Android Devices

The Microsoft 365 Defender research team discovered a significant vulnerability in the popular **video sharing platform** TikTok’s application on **Android** phones. The vulnerability is a chained exploit to hijack [TikTok](https://www.business-standard.com/article/technology/tiktok-sets-new-default-time-limit-of-60-minute-daily-for-minor-users-123030101028%5F1.html) user accounts.

The threat actors could use the vulnerability to bypass TikTok’s [deeplink](https://blog.hidglobal.com/2021/12/deep-linking-power-one-step-activation-your-users) verification, allowing them to target users using crafted links and hijack their accounts. By forcing TikTok to load **arbitrary URLs** (Uniform Resource Locator) to the application’s WebView, and using the URL to access the WebView’s **JavaScript bridges** and grant functionality, threat actors could carry out account hijacking.

Threat actors could **bypass server-side checks** by adding just two parameters to the deeplink. TikTok has patched the vulnerability, but Microsoft made it clear in their [report](https://www.microsoft.com/security/blog/2022/08/31/vulnerability-in-tiktok-android-app-could-lead-to-one-click-account-hijacking/) that threat actors can utilize JavaScript interfaces to execute code using any application’s ID and privileges. 

The coordinated approach of this attack is a prime example of how threat actors work around security and employ sophisticated techniques for malicious purposes. Individuals are advised to open URLs in **default browsers** if they are absent from the approved lists and update these lists regularly.

[![Malware](https://media.mailhop.org/duocircle/images/2022/09/What-is-a-DMARC-1119.jpg)](https://media.mailhop.org/duocircle/images/2022/09/What-is-a-DMARC-1119.jpg)

## Australian Government Victim of Chinese ScanBox Malware

Chinese threat actors have been using the ScanBox [malware](/resources/malware-and-its-defense-mechanism) against Australian government agencies for quite some time. Chinese threat actors have also targeted **wind turbine fleets** in the South China Sea by directing victims to **fake** Australian news media portals.

The threat actors [employ](https://www.proofpoint.com/us/blog/threat-insight/chasing-currents-espionage-south-china-sea) the Scanbox reconnaissance framework to send [phishing emails](/content/email-phishing-prevention/how-to-investigate-phishing-emails) impersonating Gmail and Outlook in several waves. The emails come from “Australian Morning News” employees with **phishing URLs** with unique values for each target, leading victims to a fake news portal with a **malicious payload** in the form of a ScanBox framework.

The framework includes a **keylogger**, browser plugins, browser fingerprinting, peer connection, and security checks that are loaded once the framework is downloaded and assembled. It then set up [C2 (Command and Control)](https://www.optiv.com/cybersecurity-dictionary/c2-command-and-control#:~:text=What%20is%20C2%20%2D%20Command%20and,remote%20control%20or%20data%20mining%29.) communications and shared **victim data** for espionage activities.

Individuals should privy themselves to [phishing](/content/phishing-prevention/what-is-phishing) tactics and avoid opening malicious links to stay safe against such payload deliveries and always cross-check websites for their authenticity.

## Topics

NewsSecurityUpdates 

 D 

DuoCircle 

DuoCircle Team

The DuoCircle team covers email security, authentication, and infrastructure.

## Secure your email infrastructure

Protect, authenticate, and deliver. Contact our team to find the right solution.

[Contact Sales](/contact/) [Explore Products](/products/) 

## Related Articles

[  News 3m  Alert: Fix SPF & DKIM Settings For Your Email Forwarding Set Up Through Microsoft o365 SMTP Server Or Your Emails May End Up In Spam  Jul 20, 2021 ](/blog/announcements/alert-fix-spf-dkim-settings-for-your-email-forwarding-set-up-through-microsoft-o365-smtp-server-or-your-emails-may-end-up-in-spam/)[  News 6m  Cyber Security News Update, Week 1 of 2022  Jan 7, 2022 ](/blog/announcements/cyber-security-news-update-week-1-of-2022/)[  News 7m  Cybersecurity News Update, Week 1 of 2023  Jan 1, 2023 ](/blog/announcements/cyber-security-news-update-week-1-of-2023/)[  News 5m  EasyPark Data Breach, Ohio Lottery Cyberattack, GTA 5 Leak, Cybersecurity News \[December 25, 2023\]  Jan 4, 2024 ](/blog/announcements/cyber-security-news-update-week-1-of-2024/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Weekly Cyber News Updates, week 35 of 2022","description":"Keeping up with cybersecurity’s latest is key to avoiding becoming a victim of ever-evolving cyber threats.","url":"https://www.duocircle.com/blog/announcements/weekly-cyber-news-updates-week-35-of-2022/","datePublished":"2022-09-09T12:37:51.000Z","dateModified":"2025-04-23T13:49:09.000Z","dateCreated":"2022-09-09T12:37:51.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/duocircle/#person","name":"DuoCircle","url":"https://www.duocircle.com/authors/duocircle/","jobTitle":"DuoCircle Team","description":"The DuoCircle team publishes articles on email security, authentication, and infrastructure.","knowsAbout":["email security","content writing"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":[]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/weekly-cyber-news-updates-week-35-of-2022/"},"articleSection":"announcements","keywords":"News, Security, Updates","wordCount":1094,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2022/09/dkim-validation-1.jpg","caption":"cybersecurity updates","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"News"},{"@type":"ListItem","position":3,"name":"Weekly Cyber News Updates, week 35 of 2022","item":"https://www.duocircle.com/blog/announcements/weekly-cyber-news-updates-week-35-of-2022/"}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"News","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"Weekly Cyber News Updates, week 35 of 2022","item":"https://www.duocircle.com/blog/announcements/weekly-cyber-news-updates-week-35-of-2022/"}]}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Weekly Cyber News Updates, week 35 of 2022","description":"Keeping up with cybersecurity’s latest is key to avoiding becoming a victim of ever-evolving cyber threats.","url":"https://www.duocircle.com/blog/announcements/weekly-cyber-news-updates-week-35-of-2022/","datePublished":"2022-09-09T12:37:51.000Z","dateModified":"2025-04-23T13:49:09.000Z","dateCreated":"2022-09-09T12:37:51.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/duocircle/#person","name":"DuoCircle","url":"https://www.duocircle.com/authors/duocircle/","jobTitle":"DuoCircle Team","description":"The DuoCircle team publishes articles on email security, authentication, and infrastructure.","knowsAbout":["email security","content writing"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":[]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/weekly-cyber-news-updates-week-35-of-2022/"},"articleSection":"announcements","keywords":"News, Security, Updates","wordCount":1094,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2022/09/dkim-validation-1.jpg","caption":"cybersecurity updates","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```
