CyberSecure Specialist

04 Jan

Meta Hit With 390 Million Euro Fine Over EU Data Breaches

Information, News

US social media giant Meta was slapped Wednesday with fines totaling 390 million euros ($413 million) for breaching EU personal data laws on Facebook and Instagram, Ireland’s data regulator said. Meta and other US Big Tech firms have been hit by huge fines over their business practices in the European Union in recent years and the bloc has also tightened online regulation. The Irish Data Protection Commission said in a statement that Meta breached “its…

Read More
04 Jan

Meta hit with $413 million fine in EU for breaking GDPR rules

Data Breaches, Malware, Social Engineering

The Irish Data Protection Commission announced Wednesday that it would fine Meta Ireland a total of $413 million for breaches of the EU’s GDPR (General Data Protection Regulation) related to the company’s handling of personal information on Facebook and Instagram. Under the GDPR, companies looking to process users’ personal information must do so under one of six identified legal bases, which include the consent of the user, necessity to the performance of a contract, and…

Read More
04 Jan

Fortinet Releases Security Updates for FortiADC

Attacks, Insights, Malware

Original release date: January 4, 2023 Fortinet has released a security advisory to address a vulnerability in multiple versions of FortiADC. This vulnerability may allow a remote attacker “to execute unauthorized code or commands via specifically crafted HTTP requests.” CISA encourages users and administrators to review Fortinet security advisory FG-IR-22-061 and apply the recommended updates. This product is provided subject to this Notification and this Privacy & Use policy.

Read More
04 Jan

Investigation launched into Twitter after 400m user details posted on hacking fo…

Attacks, Data Breaches

A dataset allegedly containing the email addresses and phone numbers of more than 400 million Twitter users has been put up for sale on hacking forum Breached Forums. The dataset was uploaded to Breached Forums on December 23, 2022, by a hacker going by the screen name ‘Ryushi’. The hacker claimed to have collected the data using data scraping techniques and a now-patched vulnerability in the social media site’s software in 2021 and demanded US$200,000…

Read More
04 Jan

Why it might be time to consider using FIDO-based authentication devices

Data Breaches, Malware, Social Engineering

Every business needs a secure way to collect, manage, and authenticate passwords. Unfortunately, no method is foolproof. Storing passwords in the browser and sending one-time access codes by SMS or authenticator apps can be bypassed by phishing. Password management products are more secure, but they have vulnerabilities as shown by the recent LastPass breach that exposed an encrypted backup of a database of saved passwords. For organizations with high security requirements, that leaves hardware-based login…

Read More
03 Jan

The world’s most common passwords: What to do if yours is on the list

Information

Do you use any of these extremely popular – and eminently hackable – passwords? If so, we have a New Year’s resolution for you. Security experts have been predicting the death of the password for well over a decade. But it’s still the main way we log-in to our online accounts and mobile applications. Why? Because we all know exactly how to use them. And many of us are reluctant to learn new ways. It…

Read More
03 Jan

Inside a scammers’ lair: Ukraine busts 40 in fake bank call-centre raid

Information

by Naked Security writer It looks like the sort of meeting room you might find in startups all over the world: diffuse lighting from windows down one wall, alongside a giant poster cityscape of New York’s Brooklyn Bridge, with the Manhattan skyline towering behind it. The difference in this case is that that the computer workstations around the room are there for a different sort of “entrepreneurial” venture, and the room is empty not because…

Read More
03 Jan

New Malware Campaign Uses Stolen Bank Information as Lure

Attacks, Malware

Threat actors with access to stolen, sensitive data have many options to utilize this data in a malicious manner. In this case, the threat group decided to use confidential data as lures in phishing emails to carry out a second attack against victims. Whenever a company is alerted to a breach and makes it public, all customers who believe they may have had data compromised should remain vigilant to the use of this data in…

Read More
03 Jan

Recently Discovered Linux Malware Packs 30 Plugin Exploits for WordPress

Attacks, Malware

WordPress is a very common website platform because it is free and easy to use, but this also makes it a more desirable target for threat actors. Keeping a WordPress site up to date is crucial. Fortunately, WordPress does have an automatic update feature which Binary Defense strongly recommends that users enable. Because many plug-ins are community created and distributed, often times critical updates can be slow to release, if an update comes at all.…

Read More
03 Jan

Netgear WiFi Routers Receive Update For Critical Vulnerability

Attacks, Malware

Users of the above Netgear devices should update their firmware as soon as possible. Netgear support documentation provides update instructions for affected users: 1. Visit NETGEAR Support: https://www.netgear.com/support/2. Start typing your model number in the search box, then select your model from the drop-down menu as soon as it appears.3. If you do not see a drop-down menu, make sure that you entered your model number correctly, or select a product category to browse for…

Read More