CyberSecurity Updates

27 Nov

Chrome fixes 8th zero-day of 2022 – check your version now

Information

by Paul Ducklin Google has just patched Chrome’s eighth zero-day hole of the year so far. Zero-days are bugs for which there were zero days you could have updated proactively… …because cybercriminals not only found the bug first, but also figured out how to exploit it for nefarious purposes before a patch was prepared and published. So, the quick version of this article is: go to Chrome’s Three-dot menu (⋮), choose Help > About Chrome,…

Read More
25 Nov

Know your payment options: How to shop and pay safely this holiday season

Information

‘Tis the season for shopping and if you too are scouting for bargains, make sure to keep your money safe when snapping up those deals The day has come: it’s Black Friday, and once-in-a-year promotions, discounts and deals are everywhere. The rush to grab a bargain has started in earnest, and in times of soaring inflation many deal-hungry shoppers are ready to make big purchases, perhaps the kinds of purchases they didn’t get to make…

Read More
25 Nov

Spyware posing as VPN apps – Week in security with Tony Anscombe

Information

The Bahamut APT group distributes at least eight malicious apps that pilfer victims’ data and monitor their messages and conversations This week, ESET researchers published their analysis of a malicious campaign where the Bahamut APT group targets Android users via trojanized versions of two legitimate VPN apps – SoftVPN and OpenVPN. Since January 2022, Bahamut has distributed at least eight malicious apps in order to pilfer sensitive user data and actively spy on victims’ messaging…

Read More
25 Nov

Voice-scamming site “iSpoof” seized, 100s arrested in massive crackdown

Information

by Naked Security writer These days, most of us have telephones that display the number that’s calling before we answer. This “feature” actually goes right back to the 1960s, and it’s known in North American English as Caller ID, although it doesn’t actually identify the caller, just the caller’s number. Elsewhere in the English-speaking world, you’ll see the name CLI used instead, short for Calling Line Identification, which seems at first glance to be a…

Read More
25 Nov

US Bans Huawei, ZTE Telecoms Gear Over Security Risk

Information, News

US authorities announced a ban Friday on the import or sale of communications equipment deemed “an unacceptable risk to national security” — including gear from Chinese giants Huawei Technologies and ZTE. Both firms have been on a roster of companies listed as a threat by the Federal Communications Commission (FCC), and the new rules bar future authorizations of their equipment. The move is the latest in a series of actions to limit the access of…

Read More
25 Nov

Google Pushes Emergency Chrome Update to Fix Zero-Day

Attacks, Malware

Chrome users are recommended to upgrade to version 107.0.5304.121/122 for Windows and 107.0.5304.122 for Mac and Linux, which addresses CVE-2022-4135. To update Chrome, click on Settings → About Chrome, then wait for the download of the latest version to finish → Restart the program. https://www.bleepingcomputer.com/news/security/google-pushes-emergency-chrome-update-to-fix-8th-zero-day-in-2022/

Read More
25 Nov

Most Common Passwords of 2022

Attacks, Malware

Information Security professionals should make use of these lists of common weak passwords to proactively test the accounts of employees, contractors, and other users of the information systems that they are responsible for protecting. The most effective way to use these lists is to trigger a test each time a user changes their password – take the hash of the newly changed password and automatically check it against the list of common weak passwords. For…

Read More
25 Nov

IOTW: Twitter accused of covering up data breach that affects millions

Attacks, Data Breaches

A Los Angeles-based cyber security expert has warned of a data breach at social media site Twitter that has allegedly affected “millions” across the US and EU. Chad Loder, who is the founder of cyber security awareness company Habitu8, took to the social media site on November 23 to warn users of the alleged data breach that Loder claims occurred “no earlier than 2021” and “has not been reported before”. In a series of tweets,…

Read More
25 Nov

Cybercriminals are increasingly using info-stealing malware to target victims

Data Breaches, Malware, Social Engineering

Cybercriminals are increasingly shifting from automated scam-as-a-service to more advanced info stealer malware distributors as the competition for resources increases, and they look for new way to make profits, according to a report by Group-IB.  The cybersecurity company has identified 34 Russian-speaking groups distributing info-stealing malware under the stealer-as-a-service model. Info stealer malware collects users’ credentials stored in browsers, gaming accounts, email services, social media, bank card details, and crypto wallet information from infected computers,…

Read More
24 Nov

Bahamut cybermercenary group targets Android users with fake VPN apps

Information

Malicious apps used in this active campaign exfiltrate contacts, SMS messages, recorded phone calls, and even chat messages from apps such as Signal, Viber, and Telegram ESET researchers have identified an active campaign targeting Android users, conducted by the Bahamut APT group. This campaign has been active since January 2022 and malicious apps are distributed through a fake SecureVPN website that provides only Android apps to download. Note that although the malware employed throughout this…

Read More