Attacks

Prior to downloading any apps from the Play store, users should read reviews to help verify their legitimacy. It is important to make sure Play Protect is active and being used as well. If users identify any of the apps mentioned above on their devices, they should be deleted immediately. https://www.bleepingcomputer.com/news/security/android-malware-apps-with-2-million-installs-spotted-on-google-play/?&web_view=true

Read More

Gift card email scams still work as cyber criminals know how to exploit users’ emotions. Therefore, be cautious of such unsolicited emails that carry an emotionally charged plea to help someone who does not exist. Having good email security measures also helps block such emails from reaching inboxes. https://cyware.com/news/newly-discovered-lilac-wolverine-associated-with-gift-card-scams-8827ee76

Read More

Vietnam has been the most affected country from these apps, but Android users in any country could have downloaded them. Android apps are constantly being used by threat actors because of the availability of third-party app stores and the lack of strict app guidelines for apps published within those stores. Android users should only download apps through the official Google Play Store and only from trusted developers. https://www.bleepingcomputer.com/news/security/android-malware-infected-300-000-devices-to-steal-facebook-accounts/

Read More

It is highly recommended for all users of the Quarkus Java framework to update to versions 2.14.2.Final and 2.13.5.Final (LTS) to fix the exploit as soon as possible. This fix forces the Dev UI to check the origin header of the request and only accept requests where the value is localhost. Since this header is set by the browser and is not modifiable by JavaScript run within the browser, exploitation of this vulnerability cannot be…

Read More

LastPass reminded customers their master password should be extremely strong and unique, and should never be reused. Additionally, users should set up multi-factor authentication (MFA). MFA combines biometric and contextual factors to establish identity – something you know (a password), something you have (a mobile device), and something you are (a biometric). LastPass provided the following instructions to ensure customer accounts are set up properly and secured. https://blog.lastpass.com/2022/01/how-to-set-up-your-new-lastpass-account/ https://www.bleepingcomputer.com/news/security/lastpass-says-hackers-accessed-customer-data-in-new-breach/

Read More

Free credit and identity monitoring has been offered to those impacted by the event; it is highly recommended that affected users should take advantage of these services. Throughout the investigation process, no evidence of misuse or redistribution of the information was found by Southampton County. However, this assertion of low impact was proven to be false after snippets of data were posted, demonstrating the uncertainty and risks that emerge in the aftermath of ransomware attacks.…

Read More