Fri.Nov 25, 2022

article thumbnail

Update Chrome Browser Now to Patch New Actively Exploited Zero-Day Flaw

The Hacker News

Google on Thursday released software updates to address yet another zero-day flaw in its Chrome web browser. Tracked as CVE-2022-4135, the high-severity vulnerability has been described as a heap buffer overflow in the GPU component. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the flaw on November 22, 2022.

Software 126
article thumbnail

142 Arrests in the Biggest-Ever Counter-Fraud Operation Involving a Spoofing Shop

Heimadal Security

On Thursday, November 24, Europol and the United Kingdom’s police announced they stopped a criminal network specialized in mass spoofing attacks. 142 arrests were made in the biggest-ever counter-fraud operation carried out by the two authorities. Details About the Police Operation Law enforcement authorities in Europe, Australia, the United States, Ukraine, and Canada took down […].

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Twitter data breach leaking phone numbers and email ID were seriously concerning

CyberSecurity Insiders

A Cyber Attack that took place on Twitter is now being considered more serious than what was reported in the 3Q of this year. Going by the details, a hacker reported in July this year that he/she has access to data related to 5 million accounts of Twitter users and includes phone numbers and email ids. FYI, both these details are enough to access the twitter ID of a user just by sieving the database.

article thumbnail

Spyware posing as VPN apps – Week in security with Tony Anscombe

We Live Security

The Bahamut APT group distributes at least eight malicious apps that pilfer victims' data and monitor their messages and conversations. The post Spyware posing as VPN apps – Week in security with Tony Anscombe appeared first on WeLiveSecurity.

Spyware 114
article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

An international police operation dismantled the spoofing service iSpoof

Security Affairs

An international law enforcement operation has dismantled an online phone number spoofing service called iSpoof. An international law enforcement operation that was conducted by authorities in Europe, Australia, the United States, Ukraine, and Canada, with the support of Europol, has dismantled online phone number spoofing service called iSpoof. The iSpoof service allowed fraudsters to impersonate trusted corporations or contacts in an attempt to gain access to sensitive information from victims

Retail 110
article thumbnail

Know your payment options: How to shop and pay safely this holiday season

We Live Security

'Tis the season for shopping and if you too are scouting for bargains, make sure to keep your money safe when snapping up those deals. The post Know your payment options: How to shop and pay safely this holiday season appeared first on WeLiveSecurity.

107
107

LifeWorks

More Trending

article thumbnail

Voice-scamming site “iSpoof” seized, 100s arrested in massive crackdown

Naked Security

Those numbers or names that pop up when a call comes up? They're OK as a hint of who's calling, but THEY PROVE NOTHING.

Scams 105
article thumbnail

Devices from Dell, HP, and Lenovo used outdated OpenSSL versions

Security Affairs

Researchers discovered that devices from Dell, HP, and Lenovo are still using outdated versions of the OpenSSL cryptographic library. Binarly researchers discovered that devices from Dell, HP, and Lenovo are still using outdated versions of the OpenSSL cryptographic library. The OpenSSL software library allows secure communications over computer networks against eavesdropping or need to identify the party at the other end.

Firmware 102
article thumbnail

Who tracked internet users in 2021–2022

SecureList

Every time you go online, someone is watching over you. The services you use, the websites you visit, the apps on your phone, smart TVs, gaming consoles, and any networked devices collect data on you with the help of trackers installed on web pages or in software. The websites and services send this data to their manufacturers and partners whose trackers they use.

Internet 100
article thumbnail

U.S. Bans Chinese Telecom Equipment and Surveillance Cameras Over National Security Risk

The Hacker News

The U.S. Federal Communications Commission (FCC) formally announced it will no longer authorize electronic equipment from Huawei, ZTE, Hytera, Hikvision, and Dahua, deeming them an "unacceptable" national security threat. All these Chinese telecom and video surveillance companies were previously included in the Covered List as of March 12, 2021.

article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

The 12 Online Scams of Christmas

Heimadal Security

Whether you are a Christmas lover or more of a Grinch, chances are you’re going to do some online shopping whether you like it or not. Consequently, everybody is, by default, vulnerable to winter holiday scams or, more specifically, Christmas scams. Learn what they are and how to stay safe from this extensive guide! What […]. The post The 12 Online Scams of Christmas appeared first on Heimdal Security Blog.

Scams 98
article thumbnail

Experts investigate WhatsApp data leak: 500M user records for sale

Security Affairs

Cybernews investigated a data sample available for sale containing up-to-date mobile phone numbers of nearly 500 million WhatsApp users. Original post published by Cybernews: [link]. On November 16, an actor posted an ad on a well-known hacking community forum, claiming they were selling a 2022 database of 487 million WhatsApp user mobile numbers. The dataset allegedly contains WhatsApp user data from 84 countries.

Mobile 98
article thumbnail

Dell, HP, and Lenovo Devices Found Using Outdated OpenSSL Versions

The Hacker News

An analysis of firmware images across devices from Dell, HP, and Lenovo has revealed the presence of outdated versions of the OpenSSL cryptographic library, underscoring a supply chain risk.

article thumbnail

Google fixed the eighth actively exploited #Chrome #zeroday this year

Security Affairs

Google on Thursday released security updates to address a new zero-day vulnerability, tracked as CVE-2022-4135, impacting the Chrome web browser. Google rolled out an emergency security update for the desktop version of the Chrome web browser to address a new zero-day vulnerability, tracked as CVE-2022-4135, that is actively exploited. The CVE-2022-4135 vulnerability is a heap buffer overflow issue in GPU.

article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Cybersecurity Insights with Contrast CISO David Lindner | 11/25

Security Boulevard

Insight #1. ". The recent FTX and Twitter debacles should really have people thinking about the security and privacy of their data. It proves that nothing is forever and the more times we enter personal information into a site, the more likely it will be lost or stolen in the future. How often do you scrub your data or delete accounts you are no longer using?".

CISO 98
article thumbnail

New Windows Server updates cause domain controller freezes, restarts

Bleeping Computer

Microsoft is investigating LSASS memory leaks (caused by Windows Server updates released during the November Patch Tuesday) that might lead to freezes and restarts on some domain controllers. [.].

98
article thumbnail

Over 1,600 Docker Hub Repositories Were Found to Hide Malware

Heimadal Security

More than 1,600 publicly available images on Docker Hub were found to hide malicious behavior, including DNS hijackers, cryptocurrency miners, website redirectors, and embedded secrets that can be used as backdoors. Docker images serve as templates for quickly and easily building containers with pre-built code and applications. As a result, those looking to launch new […].

Malware 98
article thumbnail

Custom and variant licenses: What’s in the fine print?

Security Boulevard

See examples of custom and variant licenses and how Black Duck Audits flag these licenses to help legal teams evaluate software risk. The post Custom and variant licenses: What’s in the fine print? appeared first on Security Boulevard.

article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

INTERPOL: $130 Million Seized and 1,000 Suspects Arrested in Operation “HAECHI III”

Heimadal Security

INTERPOL announced the results of a five-month operation codenamed “HAECHI III”: almost 1,000 suspects were arrested and USD 129,975,440 worth of virtual assets were confiscated for various cybercrimes and money laundering schemes. Between June 28 and November 23, fraud investigators from around the world collaborated to intercept the cybercrimes and assist countries to recover and […].

article thumbnail

How to Start Learning Ethical Hacking – Hacking Beginners Guide

Security Boulevard

Hacking is an interesting and challenging activity that can be both fun and educational. There are many different ways to learn Ethical hacking, but the best way to learn is to get your hands dirty and try it out for yourself. In this article, we will show you some of the best ways to learn […]. The post How to Start Learning Ethical Hacking – Hacking Beginners Guide appeared first on Security Boulevard.

Hacking 98
article thumbnail

RansomExx2 Released – Linux Users, Watch Out For a New Ransomware Variant!

Heimadal Security

Linux users should be on guard for the new variant of RansomExx ransomware that was recently presented by threat group Hive0091. Just like BlackCat, Hive, or Luna, RansomExx2 was rewritten in Rust, which seems to be the trend right now among cyber criminals. RansomExx2 was developed to run on Linux systems, but will probably soon […]. The post RansomExx2 Released – Linux Users, Watch Out For a New Ransomware Variant!

article thumbnail

Three business trends that will determine how cloud technology develops in the UAE

Security Boulevard

Businesses are quickly adopting cloud computing services across all industries from BFSI and IT to the energy and utility sectors. The demand for edge computing and data centers has increased due to the development of smart cities in Saudi Arabia and the United Arab Emirates. As we get closer to the cloud-based world, organizations looking […]. The post Three business trends that will determine how cloud technology develops in the UAE appeared first on PeoplActive.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

What Is a Privileged Access Management (PAM) Policy?

Heimadal Security

Cybersecurity technology goes hand in hand with policy-based governance, but simply developing a password policy to protect company data and information is not enough. One of the first steps to successfully implementing a privileged access management (PAM) solution is defining clear and consistent policies that everyone who uses and manages privileged accounts understands and accepts. […].

article thumbnail

What Is Remote Access and How Does It Work?

Security Boulevard

Remote access eliminates the need for users to be present in the office to access a network or file or Read More. The post What Is Remote Access and How Does It Work? appeared first on Kaseya. The post What Is Remote Access and How Does It Work? appeared first on Security Boulevard.

article thumbnail

What Are Mobile Device Threats and How to Avoid Them

Heimadal Security

Mobile device threats are menaces over your mobile device that can manifest at the network level, can be application-based, system-based vulnerabilities, or even physical. These risks are wide spreading now, as we use these devices for sensitive business. Smartphones and tablets bring a plus in your and your company’s life: they are reliable when you […].

Mobile 97
article thumbnail

The Ultimate Guide to GitHub Backups

Security Boulevard

In such a fast-developing world, it becomes more and more important to make sure the source code and its metadata are backed up in case of an emergency. Learn everything you need to know about how to backup a GitHub repository. The post The Ultimate Guide to GitHub Backups appeared first on Security Boulevard.

Backups 98
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Redacted Documents Are Not as Secure as You Think

WIRED Threat Level

Popular redaction tools don’t always work as promised, and new attacks can reveal hidden information, researchers say.

97
article thumbnail

CyberStrong’s Executive Dashboard

Security Boulevard

With an increasing interest in cyber as a business function, it is vital that non-technical leaders are tuned into the cyber posture of their organization. Non-technical visualizations of data are in demand for these non-technical leaders to understand what’s happening in cyber. Cybersecurity dashboards aggregate and consolidate data into functional, presentable, easy-to-understand images that visualize cybersecurity posture in real-time.

article thumbnail

Russia-based RansomBoggs Ransomware Targeted Several Ukrainian Organizations

The Hacker News

Ukraine has come under a fresh onslaught of ransomware attacks that mirror previous intrusions attributed to the Russia-based Sandworm nation-state group. Slovak cybersecurity company ESET, which dubbed the new ransomware strain RansomBoggs, said the attacks against several Ukrainian entities were first detected on November 21, 2022. "While the malware written in.

article thumbnail

Cybercriminals are increasingly using info-stealing malware to target victims

CSO Magazine

Cybercriminals are increasingly shifting from automated scam-as-a-service to more advanced info stealer malware distributors as the competition for resources increases, and they look for new way to make profits, according to a report by Group-IB. The cybersecurity company has identified 34 Russian-speaking groups distributing info-stealing malware under the stealer-as-a-service model.

Malware 90
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!