Security

Pierluigi Paganini November 30, 2022
Attackers abused the popular TikTok Invisible Challenge to spread info-stealer

Threat actors are exploiting interest in a popular TikTok challenge, dubbed Invisible Challenge, to trick users into downloading info-stealing malware. Threat actors are exploiting the popularity of a TikTok challenge, called Invisible Challenge, to trick users into downloading information-stealing malware, Checkmarx researchers warn. People participating in the Invisible Challenge have to apply a filter called Invisible […]

Pierluigi Paganini November 30, 2022
ENC Security, the encryption provider for Sony and Lexar, leaked sensitive data for over a year

CyberNews experts discovered that ENC Security, a Netherlands software company, had been leaking critical business data since May 2021. Original post at https://cybernews.com/security/encsecurity-leaked-sensitive-data/ When you buy a Sony, Lexar, or Sandisk USB key or any other storage device, it comes with an encryption solution to keep your data safe. The software is developed by a […]

Pierluigi Paganini November 29, 2022
Threat actors are offering access to corporate networks via unauthorized Fortinet VPN access

Cyble observed Initial Access Brokers (IABs) offering access to enterprise networks compromised via a critical flaw in Fortinet products. Researchers at Cyble have observed initial access brokers (IABs) selling access to enterprise networks likely compromised via a recently patched critical flaw, tracked as CVE-2022-40684, in Fortinet products. In early October, Fortinet addressed the critical authentication bypass flaw, […]

Pierluigi Paganini November 29, 2022
CISA adds Oracle Fusion Middleware flaw to its Known Exploited Vulnerabilities Catalog

CISA added a critical flaw impacting Oracle Fusion Middleware, tracked as CVE-2021-35587, to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical vulnerability impacting Oracle Fusion Middleware, tracked as CVE-2021-35587 (CVSS 3.1 Base Score 9.8), to its Known Exploited Vulnerabilities Catalog. An unauthenticated attacker with network access via HTTP can […]

Pierluigi Paganini November 29, 2022
Tips for Gamifying Your Cybersecurity Awareness Training Program

In today’s technological world, educating people about cybersecurity awareness is an absolute necessity. According to one report, 82% of data breaches involved the human element, from social attacks to misuse of technologies. These errors are not always entirely preventable, as some level of human error is inevitable, but proper training in cybersecurity awareness can greatly […]

Pierluigi Paganini November 29, 2022
Irish data protection commission fines Meta over 2021 data-scraping leak

Irish data protection commission (DPC) fined Meta for not protecting Facebook’s users’ data from scraping. Meta has been fined â‚Ź265 million ($275.5 million) by the Irish data protection commission (DPC) for the data leak suffered by Facebook in 2021 that exposed the data belonging to millions of Facebook users. The Data Protection Commission is also imposing […]

Pierluigi Paganini November 28, 2022
A flaw in some Acer laptops can be used to bypass security features

ESET announced the discovery of a vulnerability impacting Acer laptops that can allow an attacker to deactivate UEFI Secure Boot. ESET researchers announced in a series of tweets the discovery of a vulnerability impacting Acer laptops, the issue can allow an attacker to deactivate UEFI Secure Boot. The experts explained that the flaw, tracked as […]

Pierluigi Paganini November 27, 2022
US FCC bans the import of electronic equipment from Chinese firms

The U.S. Federal Communications Commission announced it will completely ban the import of electronic equipment from Huawei, ZTE, Hytera, Hikvision, and Dahua. The U.S. Federal Communications Commission (FCC) announced the total ban for telecom and surveillance equipment from Chinese companies Huawei, ZTE, Hytera, Hikvision, and Dahua due to an “unacceptable” national security threat. The US […]

Pierluigi Paganini November 26, 2022
Data from 5.4M Twitter users obtained from multiple threat actors

The massive data breach suffered by Twitter that exposed emails and phone numbers of its customers may have impacted more than five million users. At the end of July, a threat actor leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. The threat actor offered […]

Pierluigi Paganini November 26, 2022
Devices from Dell, HP, and Lenovo used outdated OpenSSL versions

Researchers discovered that devices from Dell, HP, and Lenovo are still using outdated versions of the OpenSSL cryptographic library. Binarly researchers discovered that devices from Dell, HP, and Lenovo are still using outdated versions of the OpenSSL cryptographic library. The OpenSSL software library allows secure communications over computer networks against eavesdropping or need to identify the party at the other end. […]