Continuous Monitoring and Protection
Gift card email scams still work as cyber criminals know how to exploit users’ emotions. Therefore, be cautious of such unsolicited emails that carry an emotionally charged plea to help someone who does not exist. Having good email security measures also helps block such emails from reaching inboxes. https://cyware.com/news/newly-discovered-lilac-wolverine-associated-with-gift-card-scams-8827ee76
Read MoreVietnam has been the most affected country from these apps, but Android users in any country could have downloaded them. Android apps are constantly being used by threat actors because of the availability of third-party app stores and the lack of strict app guidelines for apps published within those stores. Android users should only download apps through the official Google Play Store and only from trusted developers. https://www.bleepingcomputer.com/news/security/android-malware-infected-300-000-devices-to-steal-facebook-accounts/
Read MoreCyber crime is an ever-evolving problem, with an estimated cost of US$10trn by 2025. In 2021, there were over 4,100 publicly disclosed data breaches, which represents approximately 22 billion records exposed. The figures for 2022 are expected to at least match this, or potentially exceed it by as much as five percent. Cyber Security Hub is dedicated to delivering breaking news from the cyber security sector. With this in mind, here are the news stories…
Read MoreIt is highly recommended for all users of the Quarkus Java framework to update to versions 2.14.2.Final and 2.13.5.Final (LTS) to fix the exploit as soon as possible. This fix forces the Dev UI to check the origin header of the request and only accept requests where the value is localhost. Since this header is set by the browser and is not modifiable by JavaScript run within the browser, exploitation of this vulnerability cannot be…
Read MoreLastPass reminded customers their master password should be extremely strong and unique, and should never be reused. Additionally, users should set up multi-factor authentication (MFA). MFA combines biometric and contextual factors to establish identity – something you know (a password), something you have (a mobile device), and something you are (a biometric). LastPass provided the following instructions to ensure customer accounts are set up properly and secured. https://blog.lastpass.com/2022/01/how-to-set-up-your-new-lastpass-account/ https://www.bleepingcomputer.com/news/security/lastpass-says-hackers-accessed-customer-data-in-new-breach/
Read MoreFree credit and identity monitoring has been offered to those impacted by the event; it is highly recommended that affected users should take advantage of these services. Throughout the investigation process, no evidence of misuse or redistribution of the information was found by Southampton County. However, this assertion of low impact was proven to be false after snippets of data were posted, demonstrating the uncertainty and risks that emerge in the aftermath of ransomware attacks.…
Read MoreOriginal release date: December 1, 2022 Today, the Federal Bureau of Investigation (FBI) and CISA released a joint Cybersecurity Advisory (CSA) #StopRansomware: Cuba Ransomware to provide network defenders tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with Cuba ransomware. FBI investigations identified these TTPs and IOCs as recently as August 2022. This CSA updates the December 2021 FBI Flash: Indicators of Compromise Associated with Cuba Ransomware. Key updates include: FBI has identified a…
Read MorePassword manager LastPass has continued to maintain the security of its customers’ passwords despite suffering its second data breach of 2022. The breach was discovered on November 30 after LastPass detected “unusual activity” within a third-party cloud storage solution that it uses. Following its the detection, LastPass launched an investigation into the cyber security incident and alerted the authorities. It was determined by the password management company that the malicious actor gained access to the…
Read MoreApple and Google allow micro-loan apps on their app stores but have stringent policies regulating their operation. The guidelines dictate that the minimum repayment period should be 60 days, and the maximum annual percentage rate of charge should be 36%. The above apps claimed terms that complied with these guidelines, but in practice, they followed a very different, much more aggressive approach, so the app stores removed them for term violations. Unfortunately, there needs to…
Read MoreNvidia has not released any detail rich information of the specifics of these security flaws in order to allow users time to update their drivers before proof-of-concept exploitation tools are developed.Nvidia users can reference Nvidia’s security bulletin to identify their GPU or other product and the appropriate driver version to patch these vulnerabilities here: https://nvidia.custhelp.com/app/answers/detail/a_id/5415Users can then download the appropriate driver for their device from Nvidia’s download center here: https://www.nvidia.com/download/index.aspxUsers of Nvidia’s GeForce Experience software…
Read More