• Skip to main content
  • Skip to header right navigation
  • Skip to site footer
  • X
  • Facebook
  • YouTube
  • LinkedIn
Support
Screen Connect
Pay Online
SWK logo.

SWK Technologies

Software Solutions & Services

  • Accounting & ERP Software
      • Acumatica Cloud ERP
        • Overview
        • Construction
        • Distribution
        • Field Service
        • Financial Management
        • Manufacturing
        • Professional Services
        • Project Accounting
        • Retail-Commerce
      • Sage Intacct
        • Overview
        • Construction and Real Estate (CRE)
        • Distribution Operations for Sage Intacct
        • Financial Services
        • Healthcare
        • Manufacturing Operations for Sage Intacct
        • Nonprofits
        • Professional Services
        • Sage Intacct Payroll powered by ADP
      • Sage 100
        • Overview
        • Business Intelligence
        • Core Accounting & Financials
        • Distribution
        • Manufacturing
        • Payroll
        • Sage 100 Contractor
      • More Accounting Products
        • QuickBooks
        • Sage 50
        • Sage 300
        • Sage 500
        • Sage BusinessWorks
      • ERP Add-ons
        • ADP Workforce Now
        • Altec
        • Avalara
        • AvidXchange
        • BigCommerce
        • CIMCloud
        • Cloud Hosting
        • DataSelf
        • Fortis
        • FreightPOP
        • Microsoft 365
        • Netstock
        • Ottimate
        • Sage Fixed Assets
        • Sage HRMS
        • Sage Intacct Payroll powered by ADP
        • Savant WMS
        • Scanco
        • ScanForce
        • Solver
        • SPS Commerce
        • Velixo
        • Workforce Go!
      • More ERP Add-ons
        • Bizinsight
        • Concur
        • Crystal Reports
        • Fraxion
        • Fusion RMS
        • FYISoft
        • JobOps
        • KnowledgeSync
        • Lockstep Collect
        • Nectari
        • Pacejet
        • Planning Maestro
        • Sage CRM
        • Sage Intelligence
        • Scissortail HCM
        • Service Pro
        • ShipStation
        • Shopify
        • Starship
        • Sugar CRM
        • Time & Billing Pro
        • Timekeeper
        • True Sky
      • Industries
        • Construction
        • Distribution
        • Financial Services
        • Healthcare
        • Manufacturing
        • Nonprofit
        • Professional Services
        • Retail
  • Managed Cloud Services
      • Managed Services
        • IT Support
        • Cloud Hosting
        • Infrastructure-as-a-Service
        • Managed Cloud Services
        • vCIO
        • Acumatica Infrastructure
      • IT Solutions
        • Backup & Continuity
        • Cybersecurity
        • Email Hosting
        • Microsoft 365 Services
        • Virtualization
  • Consulting & Implementation
    • Business Technology Consulting
    • eCommerce
    • Financing
    • Human Capital Management
    • Managed Cloud & IT Services
    • Partner Program
    • Software Development
    • Software Implementation
  • Resources
    • Help Desk
    • Blog Posts
    • Payments Portal
    • Webinars
    • YouTube Channels
    • Acumatica Resources
    • Sage Intacct Resources
    • Sage 100 Resources
    • IT Resource Pages
  • About
    • About SWK
    • Awards & Recognition
    • Life@SWK
    • Careers
    • Success Stories
    • SWK Gives
  • Contact
    • Contact Us
    • Support
    • Our Locations

SWK Cybersecurity News Recap October 2022

October 21, 2022 by Hector

Home » Blog » SWK Cybersecurity News Recap October 2022

swk-cybersecurity-news-october-2022-updates-awareness-month-reading

This Cybersecurity news recap for October 2022 will dive into a few more varied topics than previous months’ focus on high-profile data beaches. While there are still plenty of cyber incidents to cover over the start of Q4, the past month proved (and continues to prove as of this writing) to be more give-and-take when it comes to cyber news. While there remain plenty of reasons to be pessimistic about the significant amount of bad news this cycle, there is still room to be optimistic on the ability of the private and public sectors to adapt and respond to the growing cyber crisis, and improve upon these efforts.

Continue reading below to see some of the top cybersecurity news topics from October 2022 and how they may affect your business:

October is Cybersecurity Awareness Month

Since 2004, the White House has designated every October as Cybersecurity Awareness Month, in which the Cybersecurity and Infrastructure Security Agency (CISA) and other organizations provide education and resources promoting better cyber hygiene and network security. A lot of the information delivered via public channels is typically inundated with only basic tips and pitches, but CISA offered a significant amount of materials and guidance to both individuals and businesses. The Biden administration also took advantage of the month to quantify and reaffirm its continued focus on nationwide cybersecurity improvements (more on this below).

Recap of Government Cybersecurity Efforts in October 2022

Since even before Biden’s May 2021 Executive Order on improving security standards in the public sector, the current White House has maintained a steady momentum in steering legislation and partnerships towards building a better cybersecurity net across the US. This has culminated in many proposals and agreements brought up for negotiation even while new directives are rolled out from the White House.

Airport Hack & New TSA Rules

A coordinated series of cyber attacks against multiple US airports prompted the TSA to impose stricter cybersecurity requirements for key aviation systems within only days. Though most of the victims recovered systems shortly (some within minutes), the speed of the regulatory response itself seems unprecedented, and was followed shortly by similar rule updates for critical rail systems. With the Biden administration also promising the arrival of new security standards for healthcare and other infrastructure sectors, businesses in these and similar industries should expect stricter compliance obligations in 2023.

National Cybersecurity Strategy

The White House released preliminary documentation for its national cybersecurity strategy in October 2022, the first publication of its kind since 2018, and which will be followed up by a finalized release by National Cyber Director Chris Inglis. The Director responded to rumors of the expanded role the federal government will be granted over private sector security standards by this final document, defending the perceived “toughness” of the new rules. At the same conference where he was questioned on the strategy, Inglis also expressed new optimism in the country’s direction for cybersecurity, citing Ukraine’s response to cyber attacks as a proof-of-concept for best practice.

airport-hack-cyber-attack-october-2022-russia-killnet-ukraine

Vulnerability Updates as of October 2022

October 2022 was another month of critical vulnerabilities being uncovered across key systems, exploits found being used in the wild, or vendors rushing to patch bugs.

Microsoft

Microsoft did not have the best month for cybersecurity, with several vulnerabilities and a potential breach uncovered recently (more on this below). Most of the critical vulnerabilities were discovered during a regular “Patch Tuesday” and were ostensibly being addressed by Microsoft; however, Ars Technica discovered an ever bigger flaw hidden in Windows OS for years. The bug essentially would let hackers get past a blocklist for external drivers and use it to download malware that give them greater control over more secure parts of the system – a technique that has been deployed in the real world by some of the most notorious ransomware strains.

Vulnerabilities List

Other vulnerabilities or exploits discovered in October 2022 include:

  • RCE flaw in Apache Commons Text
  • VMware vCenter Server bug (patched)
  • Multiple CVEs for Fortinet
  • Critical flaw found in Microsoft Azure (patched)
  • Vulnerabilities in Hitachi Energy APM Edge & Advantech R-SeeNet
  • List of exploits used by Chinese hackers, including Log4J & F5 Big-IP

Data Breaches & Exposures Continue into Q4

While there may be slightly less headline-dominating breaches as the Uber and Optus hacks this news cycle, there were still plenty of noteworthy incidents impacting a wide range of organizations, including:

  • Microsoft
  • Verizon
  • Snap
  • Palms Casino of Las Vegas
  • The Church of Jesus Christ of Latter-day Saints (i.e., the Mormon church)
  • Defense Health Agency
  • Advocate Aurora Health
  • CommonSpirit Health
  • MultiCare Health System
  • Keystone Health
  • iDealwine
  • Technoserv of Russia

Breach Penalties & Lawsuits (+ Criminal Charges)

Besides more recent breaches, quite a few past exposures are appearing in the news again for penalties and lawsuits brought against companies that were accused of failing to notify customers their data was compromised in time (or at all). In at least one high-profile story as well, an executive was convicted of criminal charges for failure to report on a breach, along with a few other arrests of hackers and even a resignation over cybersecurity rule breakage.

Here are some of the more noteworthy case headlines:

  • EyeMed fined $4.5 million by NYDFS
  • Zoetop fined $1.9 million by NY Attorney General
  • Office of Personnel Management ordered to pay $63 million settlement by court
  • The Home Secretary of the UK was forced to resign over violating security rules
  • Two Massachusetts residents arrested for stealing cryptocurrency
  • Another suspected Lapsus$ hacker arrested in Brazil
  • Ex-CISO of Uber is convicted of covering up the 2016 breach

Other Cyber News Stories

Here are some of the other cybersecurity news stories from October 2022:

Open Phishing Toolkit for Microsoft 365

A Phishing-as-a-Service (PhaaS) platform dubbed “Caffeine” specifically targeting Microsoft 365 accounts was discovered this year in the wild, and research on its capabilities and background confirm that it is effective at producing a spoofed Microsoft login page while avoiding detection. What is more concerning, however, is that it is relatively easier to access than other PhaaS toolkits for amateur cybercriminals who only need to sign up and pay a subscription instead of being vetted. The good news is that it seems to be mostly focused on victims in Russia and China currently, but there remains a possibility it could be modified for US targets in the future.

Russia & Ukraine

The conflict over the Russian invasion of Ukraine earlier this year continues to spill over both locally and internationally, with cyber attacks such as the previously mentioned campaign against US airports being claimed by or attributed to pro-Russia hackers. Here are of some of the top cyber stories around the war and its impact:

  • Pro-Russia hacktivists urge supporters to hit US targets, prompting the airport hacks & other attacks
  • The same Russian hacking group also targets the websites of several state governments
  • Bulgaria is also targeted in retaliation for supporting Ukraine
  • Germany fires its cybersecurity chief over allegations of links to Russian spies
  • Microsoft attributes ransomware attacks against Ukraine & Poland to Russian hackers
  • Russian dissidents leak 1.2TB of data belonging to Russian security contractors

Cybersecurity for Gen Z & Millennials

A survey by Ernst & Young LLP (EY) revealed that employees from the digital native generations – “Gen Z” and “Millennials” – are more likely to disregard best practices and corporate guidelines for IT security, including when using work devices. The study’s results highlighted both an increased level of complacency among those who were more exposed to cyber risk growing up, and a failure of current cyber policies to match human behavior and make education personable.

Google Privacy Concerns & Response

The Texas Attorney General has filed a lawsuit against Google for the second time in 2022 over privacy concerns, riding a wave of increased scrutiny against tech giants and the data they collect. While Google has called the Texas AG’s suite “breathless,” it has taken note of these concerns among it user base in the US and seeks to address them with updated and new services such as My Ads Center that ostensibly introduced new data security controls.

Get More Cybersecurity News from SWK

2022 has been a heavy year for cybersecurity news and it can be difficult to wade through all the noise to uncover developments that could impact your business the most. Get in touch with SWK Technologies and we will help you sort through the chaos to narrow down the most important updates and changes that will affect how and where you need to protect your critical data.

Contact SWK today to get more specific cybersecurity updates and discover what you need to do to ensure you are protected against the latest threats.

Get in Touch with Our Cybersecurity Experts


Category: Blog, Cybersecurity, IT Services

Sidebar

Recent Posts

  • How Your ERP Software Impacts Tariff Costs
  • How a Recreational Play Structure Builder Laid the Groundwork for Their Lasting Growth
  • Why Financial Services Firms Need Phishing Defense
  • Acumatica General Ledger Training – Key Tips & Tricks
  • Sage Intacct vs. Sage 500: Best ERP for CFOs and Financial Leaders
  • What is the Relationship Between Cybersecurity and Cyber Insurance? 
  • Guide for Sage Intacct Credit Card Management

Categories

Ready to take the next step?

Contact SWK today to get in touch with one of our experts. We’ll go over your business challenges and unique needs, and see where you can unlock new value from your technology and make your operations run easier.

Get in touch!

Our Latest Posts

Cargo ship "Tokyo Triumph" loaded with shipping containers in various colors, representing international trade and supply chains affected by tariffs impacting manufacturing operations.

How Your ERP Software Impacts Tariff Costs

Read moreHow Your ERP Software Impacts Tariff Costs
Recreational Play Structure

How a Recreational Play Structure Builder Laid the Groundwork for Their Lasting Growth

Read moreHow a Recreational Play Structure Builder Laid the Groundwork for Their Lasting Growth
Hands holding an open silver padlock over a laptop keyboard, symbolizing cybersecurity vulnerabilities that phishing attacks exploit in financial services firms

Why Financial Services Firms Need Phishing Defense

Read moreWhy Financial Services Firms Need Phishing Defense

Awards and Accreditations

Top work places in NJ 2020.
Acumatica the Cloud ERP gold certified partner.
The Gold Microsoft partner logo on a black background.
Sage business partner diamond logo.
Dell Technologies Gold Partner
Sage tech partner logo.

Stay in the know!

Subscribe for exclusive ERP, process automation, IT and cybersecurity news.

Twitter
  • Facebook
  • YouTube
  • LinkedIn

Home
About
Contact

Support
Screen Connect
Pay Online
Downloads

SWK logo.

Headquarters:
120 Eagle Rock Ave, Suite 330
East Hanover, NJ 07936

Contact:
info@swktech.com
(877) 979-5462

Copyright © 2025 · SWK Technologies, Inc. · All Rights Reserved · Terms of Use · Privacy Policy

This site uses cookies to collect information about your browsing activities in order to provide you with more relevant content and promotional materials, and help us understand your interests and enhance the site. By continuing to browse this site you agree to the use of cookies. Visit our privacy policy to learn more.I understand