• Skip to main content
  • Skip to header right navigation
  • Skip to site footer
  • X
  • Facebook
  • YouTube
  • LinkedIn
Support
Screen Connect
Pay Online
SWK logo.

SWK Technologies

Software Solutions & Services

  • Accounting & ERP Software
      • Acumatica Cloud ERP
        • Overview
        • Construction
        • Distribution
        • Field Service
        • Financial Management
        • Manufacturing
        • Professional Services
        • Project Accounting
        • Retail-Commerce
      • Sage Intacct
        • Overview
        • Construction and Real Estate (CRE)
        • Distribution Operations for Sage Intacct
        • Financial Services
        • Healthcare
        • Manufacturing Operations for Sage Intacct
        • Nonprofits
        • Professional Services
        • Sage Intacct Payroll powered by ADP
      • Sage 100
        • Overview
        • Business Intelligence
        • Core Accounting & Financials
        • Distribution
        • Manufacturing
        • Payroll
        • Sage 100 Contractor
      • More Accounting Products
        • QuickBooks
        • Sage 50
        • Sage 300
        • Sage 500
        • Sage BusinessWorks
      • ERP Add-ons
        • ADP Workforce Now
        • Altec
        • Avalara
        • AvidXchange
        • BigCommerce
        • CIMCloud
        • Cloud Hosting
        • DataSelf
        • Fortis
        • FreightPOP
        • Microsoft 365
        • Netstock
        • Ottimate
        • Sage Fixed Assets
        • Sage HRMS
        • Sage Intacct Payroll powered by ADP
        • Savant WMS
        • Scanco
        • ScanForce
        • Solver
        • SPS Commerce
        • Velixo
        • Workforce Go!
      • More ERP Add-ons
        • Bizinsight
        • Concur
        • Crystal Reports
        • Fraxion
        • Fusion RMS
        • FYISoft
        • JobOps
        • KnowledgeSync
        • Lockstep Collect
        • Nectari
        • Pacejet
        • Planning Maestro
        • Sage CRM
        • Sage Intelligence
        • Scissortail HCM
        • Service Pro
        • ShipStation
        • Shopify
        • Starship
        • Sugar CRM
        • Time & Billing Pro
        • Timekeeper
        • True Sky
      • Industries
        • Construction
        • Distribution
        • Financial Services
        • Healthcare
        • Manufacturing
        • Nonprofit
        • Professional Services
        • Retail
  • Managed Cloud Services
      • Managed Services
        • IT Support
        • Cloud Hosting
        • Infrastructure-as-a-Service
        • Managed Cloud Services
        • vCIO
        • Acumatica Infrastructure
      • IT Solutions
        • Backup & Continuity
        • Cybersecurity
        • Email Hosting
        • Microsoft 365 Services
        • Virtualization
  • Consulting & Implementation
    • Business Technology Consulting
    • eCommerce
    • Financing
    • Human Capital Management
    • Managed Cloud & IT Services
    • Partner Program
    • Software Development
    • Software Implementation
  • Resources
    • Help Desk
    • Blog Posts
    • Payments Portal
    • Webinars
    • YouTube Channels
    • Acumatica Resources
    • Sage Intacct Resources
    • Sage 100 Resources
    • IT Resource Pages
  • About
    • About SWK
    • Awards & Recognition
    • Life@SWK
    • Careers
    • Success Stories
    • SWK Gives
  • Contact
    • Contact Us
    • Support
    • Our Locations

SWK Cybersecurity News Recap November 2022

November 8, 2022 by Hector

Home » Blog » SWK Cybersecurity News Recap November 2022

cybersecurity-news-november-2022-breach-malware-vulnerability-cisa news text over newspaper

Early November 2022 saw a continuation of many of the same trends in cybersecurity news as in late October, with a handful of stories still developing throughout the weeks in-between and even from earlier in the year. SWK’s recap below will consolidate some of the top headlines and ongoing topics from the past two months, and highlight the most noteworthy takeaways:

Top Breach, Malware & Vulnerability News for October – November

There have been many developments across all types of cyber incident between October and November 2022, with quite a few critical vulnerabilities uncovered in addition to more individual and sustained series of cyber attacks revealed. Amongst these incidents are also several retaliatory actions from customers and regulatory agencies in response to episodes that occurred between the past year and as far back as 2020. Here are some of the top stories in these categories from this news cycle:

OpenSSL

In an announcement that threatened to outpace the panic created by the infamous Log4J bug of 2021, the open-source OpenSSL Project alerted the public to a critical vulnerability found in their widely-used software. Thankfully, a follow-up notice confirmed a security patch that would resolve at least part of the issue, but observers have noted that the potential exploit the error remains.

ConnectWise

IT solutions provider ConnectWise gave notice of a critical vulnerability found in two of their backup systems that could allow remote code execution (RCE) by bad actors. They released an update shortly after with a security patch addressing the exploit.

Dropbox

Dropbox reported that their GitHub accounts had been breached after a phishing scam on an employee and 130 code repositories stolen in mid-October 2022. The repositories also included personal data for employees, current and past customers, vendors and more.

Bed, Bath & Beyond

In a SEC filing, Bed, Bath & Beyond alerted authorities that they had discovered that their system had been breached and traced the credentials back to a phished employee. Though they stated they could not find direct evidence that any data had been stolen, their CTO resigned shortly after the breach.

Twilio

Communication tool provider Twilio previously reported on a breach they suffered in August; however, a deeper investigation by the cybersecurity firm they contracted revealed the same attackers were responsible for a previously attempted intrusion and both incidents could be traced to phishing campaigns against Twilio employees.

Multi-Color Corporation

International label printer the Multi-Color Corporation simultaneously reported a breach to authorities and began sending notification letters to all affected parties in late October 2022. Their filing with the California AG’s office reveals that they discovered signs of an intrusion a month prior and brought on a forensic firm to investigate while they quarantined systems.

Facebook

Facebook and its parent company Meta have come under scrutiny for the privacy implications of their pixel trackers, but it seems that several healthcare organizations who included this tool in their websites have accidentally exposed the data of millions of patients through its misuse. At least three organizations – Advocate Aurora Health, Novant Health, and WakeMed – have had to alert almost 5 million patients cumulatively that their PHI had been leaked to Facebook through tracking pixels, with WakeMed facing two lawsuits as a result at the time of this writing.

Drizly

The Federal Trade Commission (FTC) filed a complaint against alcohol delivery service Drizly and its CEO based on a 2020 breach that exposed the data of about 2.5 million customers. The compliant alleges that the Uber subsidiary was aware of the security gap that allowed the breach yet did not take steps to secure it based on uncovered evidence, and orders both Drizly and the CEO to follow certain data security guidelines which includes a limit on what can be collected from customers as oblige the CEO to follow these guidelines at any future employer.

Chegg

Education solutions provider Chegg, Inc. was sued by the FTC over the exposure of millions of customers and employees in at least four data breaches between 2017 and 2020. Chegg has stated that they intend to comply with the complaint’s orders to improve their data security practices and implement specific cybersecurity tools, including MFA.

SocGholish

A research team discovered that a cybercriminal gang known as TA569 had infected websites belonging to over 250 news outlets across the US with the SocGholish malware. The attackers injected malicious JavaScript code into the files of a company that provided media content to those newspapers, which could also potentially allow them to spread the malware to other victims through those websites.

Daixin Team

The FBI, CISA and HHS issued a joint warning to the healthcare sector on the activities of a ransomware gang called Daixin Team. The group has been specifically targeting servers that host electronic patient records and other files for healthcare organizations through legacy VPN exploits.

Dormant Colors

Security researchers uncovered a data mining malware they termed “Dormant Colors” hidden among dozens of Google Chrome browser extensions, all of which had been downloaded by millions of users. The infection payloads seem to have been part of a larger campaign aiming to create a network of compromised machines.

cyber-security-news-2022-malware-data-privacy-tracking-security

Regulatory & Other Government Initiatives in 2022

Federal agencies and local governments continued on the regulatory momentum for 2022 from October through November. Here are some of the most noteworthy recent examples:

International Counter Ransomware Initiative Summit

The White House hosted representatives from 37 countries, the European Union member states and 13 private sector companies for the Second International Counter Ransomware Initiative (CRI) Summit from October 31 to November 1, 2022. The Summit produced several agreements and proposals for developing solutions for all participant nations within the next year.

Infrastructure Security Month

CISA and the Biden administration proclaimed the first national Infrastructure Security and Resilience Month on November 1, 2022, following up on previous actions to raise awareness of the cybersecurity needs of the US’s critical infrastructure sectors. CISA announced it would be providing educational resources through channels such as its new Infrastructure Security Month webpage.

Electric Vehicle Cybersecurity Regulation

The Office of the National Cyber Director (ONCD) held a forum on addressing the potential for cyber attack against electric vehicle (EV) charging stations and how this impacted connected systems. Though there is considerable debate between all parties on EV station rollouts, the White House is already looking at directing funds from the Bipartisan Infrastructure Law (BIL) towards building out this ecosystem with cybersecurity in mind.

Chemical Industry Receives Latest Round of Security Goals

CISA is following its “100-day sprints” with the electric, oil and gas, and water sectors with a new initiative for the chemical industry as part of the greater push for improving security standards among organizations that make up the US critical infrastructure.

Guidance on Software Supply Chain

The NSA, CISA and Office of the Director of National Intelligence (ODNI) and their private sector partners in the Enduring Security Framework (ESF) have released updated guidance on security best practices in the software supply chain, which obliges vendors to enforce better standards at their stage instead of relying solely on developers.

NY County Ups IT Budget to $36M After Breach

The government of Suffolk County in Long Island, New York have planned to increase their annual IT budget to a total of $36 million in 2023, up from $25 million in 2022. This proposal is in direct response to a breach that forced several county agencies to shutdown systems and is still being investigated at the time of this writing.

Get More Cybersecurity News for November 2022

There are many stories still developing in November and there will likely be more yet to pop up in the remainder of 2022. Get in touch with the experts at SWK Technologies to stay on top of the latest threats and discover what you can do to fight them.

Contact SWK today to learn more of the latest cybersecurity news from November 2022 and beyond, and ensure your business is prepared against emerging threats and regulations.

Get More Cybersecurity News


Category: Blog, Cybersecurity, IT Services

Sidebar

Recent Posts

  • How Your ERP Software Impacts Tariff Costs
  • How a Recreational Play Structure Builder Laid the Groundwork for Their Lasting Growth
  • Why Financial Services Firms Need Phishing Defense
  • Acumatica General Ledger Training – Key Tips & Tricks
  • Sage Intacct vs. Sage 500: Best ERP for CFOs and Financial Leaders
  • What is the Relationship Between Cybersecurity and Cyber Insurance? 
  • Guide for Sage Intacct Credit Card Management

Categories

Ready to take the next step?

Contact SWK today to get in touch with one of our experts. We’ll go over your business challenges and unique needs, and see where you can unlock new value from your technology and make your operations run easier.

Get in touch!

Our Latest Posts

Cargo ship "Tokyo Triumph" loaded with shipping containers in various colors, representing international trade and supply chains affected by tariffs impacting manufacturing operations.

How Your ERP Software Impacts Tariff Costs

Read moreHow Your ERP Software Impacts Tariff Costs
Recreational Play Structure

How a Recreational Play Structure Builder Laid the Groundwork for Their Lasting Growth

Read moreHow a Recreational Play Structure Builder Laid the Groundwork for Their Lasting Growth
Hands holding an open silver padlock over a laptop keyboard, symbolizing cybersecurity vulnerabilities that phishing attacks exploit in financial services firms

Why Financial Services Firms Need Phishing Defense

Read moreWhy Financial Services Firms Need Phishing Defense

Awards and Accreditations

Top work places in NJ 2020.
Acumatica the Cloud ERP gold certified partner.
The Gold Microsoft partner logo on a black background.
Sage business partner diamond logo.
Dell Technologies Gold Partner
Sage tech partner logo.

Stay in the know!

Subscribe for exclusive ERP, process automation, IT and cybersecurity news.

Twitter
  • Facebook
  • YouTube
  • LinkedIn

Home
About
Contact

Support
Screen Connect
Pay Online
Downloads

SWK logo.

Headquarters:
120 Eagle Rock Ave, Suite 330
East Hanover, NJ 07936

Contact:
info@swktech.com
(877) 979-5462

Copyright © 2025 · SWK Technologies, Inc. · All Rights Reserved · Terms of Use · Privacy Policy

This site uses cookies to collect information about your browsing activities in order to provide you with more relevant content and promotional materials, and help us understand your interests and enhance the site. By continuing to browse this site you agree to the use of cookies. Visit our privacy policy to learn more.I understand