Sun.Dec 25, 2022

article thumbnail

Weekly Update 327

Troy Hunt

It's my last weekly update on the road for a while! As enjoyable as travel is, I'm looking forward to getting back to a normal routine and really starting to smash out some of the goals I have for the coming year. For now though, I've published this a couple of days after recording, and a day after an awesome hot, beachside Christmas.

article thumbnail

Hacker wants Elon Musk or Twitter to buy back stolen data

CyberSecurity Insiders

A hacker who is super-active on the hacking forum Ryushi is urging interested prospects to buy sensitive details that were stolen from over 400 million Twitter account users. The hacker claims to have obtained access to the data through a vulnerability on the database and is ready to sell it for a hefty price of $400,000,000. What appears strange in the incident is the hacker is also inviting Elon Musk or any of the Twitter staff to buy back the data to avoid penalties imposed by GDPR lawsuits r

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Critical Linux Kernel flaw affects SMB servers with ksmbd enabled

Security Affairs

Experts warn of a critical Linux Kernel vulnerability (CVSS score of 10) impacting SMB servers that can lead to remote code execution. A critical Linux kernel vulnerability (CVSS score of 10) exposes SMB servers with ksmbd enabled to hack. KSMBD is a Linux kernel server that implements SMB3 protocol in kernel space for sharing files over the network.

Hacking 98
article thumbnail

Cyber Crime fraudsters to make £80m during Christmas 2022

CyberSecurity Insiders

Cyber Crime, also synonymously referred to as online fraud, is reported to surge in this Christmas 2022 festive season and so online users are reported to lose around £80 million pounds over the next 10-15 days. UK’s Labour party conducted a survey and revealed the above stated stats as facts and warned that the number might go double fold as the hackers were hitting families that are already jostling to meet daily expenses with the rising bills.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

The Year in Review and 2023 Predictions

Security Boulevard

In our last episode of the year, we discuss the year that was 2022. What did we get right? What did we get wrong? And what are our cybersecurity and privacy predictions for 2023? Thank you to all of our listeners for a great year! We’re looking forward to bringing you more content, news, tips, […]. The post The Year in Review and 2023 Predictions appeared first on The Shared Security Show.

article thumbnail

Experts warn of attacks exploiting WordPress gift card plugin

Security Affairs

Threat actors are actively exploiting a critical flaw in the YITH WooCommerce Gift Cards Premium WordPress plugin installed by over 50,000 websites. Hackers are actively exploiting a critical vulnerability, tracked as CVE-2022-45359 (CVSS v3: 9.8), affecting the WordPress plugin YITH WooCommerce Gift Cards Premium. The YITH WooCommerce Gift Cards Premium plugin allows websites of online stores to sell gift cards, a WordPress plugin used on over 50,000 websites.

More Trending

article thumbnail

Security Affairs newsletter Round 399 by Pierluigi Paganini

Security Affairs

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Expert found Backdoor credentials in ZyXEL LTE3301 M209 Raspberry Robin malware used in attacks against Telecom and Governments TikTok parent company ByteDance revealed the use of TikTok data to track journalists BetMGM discloses security breach imp

article thumbnail

CISO's Challenges Involved with Business Leader & SOC

Trend Micro

Yohei Ishihara, IoT security evangelist at Trend Micro, discussed the challenges CISOs facing within organizations driving industrial IoT.

CISO 83
article thumbnail

Microsoft fined €60 million in France for using advertising cookies without consent?

Security Affairs

France’s privacy watchdog fines €60 million Microsoft for using advertising cookies without explicit customer consent. France’s privacy watchdog fines €60 million Microsoft’s Ireland subsidiary for using advertising cookies without the explicit consent of its customers. The practice violated the European data protection law. The CNIL received a complaint relating to the conditions for the deposit of cookies on “bing.com,” and investigated the issue in September 2020

article thumbnail

Everyone Is Using Google Photos Wrong

WIRED Threat Level

Ever-expanding cloud storage presents more risks than you might think.

Risk 96
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Microsoft fined €60 million in France for using advertising cookies without consent?

Security Affairs

France’s privacy watchdog fines €60 million Microsoft for using advertising cookies without explicit customer consent. France’s privacy watchdog fines €60 million Microsoft’s Ireland subsidiary for using advertising cookies without the explicit consent of its customers. The practice violated the European data protection law. The CNIL received a complaint relating to the conditions for the deposit of cookies on “bing.com,” and investigated the issue in September 2020

article thumbnail

Happy Hanukkah!

Security Boulevard

Originally Published in December 2019: United State's NASA Astronaut Jessica Meir's Hanukkah Wishes from the International Space Station : Happy Hanukkah to all those who celebrate it on Earth! #HappyHanukkah pic.twitter.com/FKC2M5iXni Our Very Best Wishes to Family and Friends Celebrating Hanukkah 2022. United State's NASA Astronaut Jessica Meir. The post Happy Hanukkah!

52
article thumbnail

Security Affairs newsletter Round 399 by Pierluigi Paganini

Security Affairs

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Expert found Backdoor credentials in ZyXEL LTE3301 M209 Raspberry Robin malware used in attacks against Telecom and Governments TikTok parent company ByteDance revealed the use of TikTok data to track journalists BetMGM discloses security breach imp

article thumbnail

A Merry Little Christmas And A Happy New Year

Security Boulevard

The post A Merry Little Christmas And A Happy New Year appeared first on Security Boulevard.

52
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Experts warn of attacks exploiting WordPress gift card plugin

Security Affairs

Threat actors are actively exploiting a critical flaw in the YITH WooCommerce Gift Cards Premium WordPress plugin installed by over 50,000 websites. Hackers are actively exploiting a critical vulnerability, tracked as CVE-2022-45359 (CVSS v3: 9.8), affecting the WordPress plugin YITH WooCommerce Gift Cards Premium. The YITH WooCommerce Gift Cards Premium plugin allows websites of online stores to sell gift cards, a WordPress plugin used on over 50,000 websites.

article thumbnail

Joyeux Noël et Bonne Année

Security Boulevard

The post Joyeux Noël et Bonne Année appeared first on Security Boulevard.

52
article thumbnail

Critical Linux Kernel flaw affects SMB servers with ksmbd enabled

Security Affairs

Experts warn of a critical Linux Kernel vulnerability (CVSS score of 10) impacting SMB servers that can lead to remote code execution. A critical Linux kernel vulnerability (CVSS score of 10) exposes SMB servers with ksmbd enabled to hack. KSMBD is a Linux kernel server that implements SMB3 protocol in kernel space for sharing files over the network.

Hacking 52
article thumbnail

Data of 400 Million Twitter users up for sale

Security Affairs

A threat actor is claiming they have obtained data of 400,000,000 Twitter users and is offering it for sale. A threat actor claims they have obtained data of 400,000,000 Twitter users and is attempting to sell it. The seller claims the database is private, he provided a sample of 1,000 accounts as proof of claims which included the private information of prominent users such as Donald Trump JR, Brian Krebs, and many more.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Updated: Data of 400 Million Twitter users up for sale

Security Affairs

A threat actor is claiming they have obtained data of 400,000,000 Twitter users and is offering it for sale. A threat actor claims they have obtained data of 400,000,000 Twitter users and is attempting to sell it. The seller claims the database is private, he provided a sample of 1,000 accounts as proof of claims which included the private information of prominent users such as Donald Trump JR, Brian Krebs, and many more.