CyberSecure Specialist

04 Jan

Synology Patches Severe Vulnerabilities in VPN Product

Attacks, Malware

Synology urges all VPN Plus Server for SRM (Synology Router Manager) users patch as soon as possible to the latest version. Users can apply updates by: 1. Logging into Synology Desktop environment2. Opening the Package Center app3. Click Update on the left panel to see available updates. Click the Update buttons or Update All to update packages. https://www.bleepingcomputer.com/news/security/synology-fixes-maximum-severity-vulnerability-in-vpn-routers/ https://nvd.nist.gov/vuln/detail/CVE-2022-43931 https://www.synology.com/en-us/security/advisory/Synology_SA_22_26 https://kb.synology.com/en-nz/SRM/help/SRM/PkgManApp/manage?version=1_2

Read More
04 Jan

Ongoing Flipper Zero Phishing Attacks Target Infosec Community

Attacks, Malware

As long as the interest and shortages continue, cybercriminals will continue to attempt to impersonate Flipper Zero through fake shops to trick security enthusiasts into giving up their personal information and crypto. Due to this, it is vital to be on the lookout for these promotions and shops claiming immediate product availability and only buy from the official store. https://www.bleepingcomputer.com/news/security/ongoing-flipper-zero-phishing-attacks-target-infosec-community/

Read More
04 Jan

Meta Hit With 390 Million Euro Fine Over EU Data Breaches

Information, News

US social media giant Meta was slapped Wednesday with fines totaling 390 million euros ($413 million) for breaching EU personal data laws on Facebook and Instagram, Ireland’s data regulator said. Meta and other US Big Tech firms have been hit by huge fines over their business practices in the European Union in recent years and the bloc has also tightened online regulation. The Irish Data Protection Commission said in a statement that Meta breached “its…

Read More
04 Jan

Meta hit with $413 million fine in EU for breaking GDPR rules

Data Breaches, Malware, Social Engineering

The Irish Data Protection Commission announced Wednesday that it would fine Meta Ireland a total of $413 million for breaches of the EU’s GDPR (General Data Protection Regulation) related to the company’s handling of personal information on Facebook and Instagram. Under the GDPR, companies looking to process users’ personal information must do so under one of six identified legal bases, which include the consent of the user, necessity to the performance of a contract, and…

Read More
04 Jan

Fortinet Releases Security Updates for FortiADC

Attacks, Insights, Malware

Original release date: January 4, 2023 Fortinet has released a security advisory to address a vulnerability in multiple versions of FortiADC. This vulnerability may allow a remote attacker “to execute unauthorized code or commands via specifically crafted HTTP requests.” CISA encourages users and administrators to review Fortinet security advisory FG-IR-22-061 and apply the recommended updates. This product is provided subject to this Notification and this Privacy & Use policy.

Read More
04 Jan

Investigation launched into Twitter after 400m user details posted on hacking fo…

Attacks, Data Breaches

A dataset allegedly containing the email addresses and phone numbers of more than 400 million Twitter users has been put up for sale on hacking forum Breached Forums. The dataset was uploaded to Breached Forums on December 23, 2022, by a hacker going by the screen name ‘Ryushi’. The hacker claimed to have collected the data using data scraping techniques and a now-patched vulnerability in the social media site’s software in 2021 and demanded US$200,000…

Read More
04 Jan

Why it might be time to consider using FIDO-based authentication devices

Data Breaches, Malware, Social Engineering

Every business needs a secure way to collect, manage, and authenticate passwords. Unfortunately, no method is foolproof. Storing passwords in the browser and sending one-time access codes by SMS or authenticator apps can be bypassed by phishing. Password management products are more secure, but they have vulnerabilities as shown by the recent LastPass breach that exposed an encrypted backup of a database of saved passwords. For organizations with high security requirements, that leaves hardware-based login…

Read More
03 Jan

The world’s most common passwords: What to do if yours is on the list

Information

Do you use any of these extremely popular – and eminently hackable – passwords? If so, we have a New Year’s resolution for you. Security experts have been predicting the death of the password for well over a decade. But it’s still the main way we log-in to our online accounts and mobile applications. Why? Because we all know exactly how to use them. And many of us are reluctant to learn new ways. It…

Read More
03 Jan

Inside a scammers’ lair: Ukraine busts 40 in fake bank call-centre raid

Information

by Naked Security writer It looks like the sort of meeting room you might find in startups all over the world: diffuse lighting from windows down one wall, alongside a giant poster cityscape of New York’s Brooklyn Bridge, with the Manhattan skyline towering behind it. The difference in this case is that that the computer workstations around the room are there for a different sort of “entrepreneurial” venture, and the room is empty not because…

Read More
03 Jan

New Malware Campaign Uses Stolen Bank Information as Lure

Attacks, Malware

Threat actors with access to stolen, sensitive data have many options to utilize this data in a malicious manner. In this case, the threat group decided to use confidential data as lures in phishing emails to carry out a second attack against victims. Whenever a company is alerted to a breach and makes it public, all customers who believe they may have had data compromised should remain vigilant to the use of this data in…

Read More