CyberSecurity Updates

28 Nov

500 million WhatsApp mobile numbers up for sale on the dark web

Data Breaches, Malware, Social Engineering

A database of 487 million WhatsApp users’ mobile numbers has been put up for sale on the Breached.vc hacking community forum. The data set contains information on WhatsApp users from more than 84 countries, the post shows. The story was first reported by Cybernews. The seller of the leaked data is also offering it through the controversial messaging app Telegram, where the person or the group goes by handle “Palm Yunn.” On the hacking community forum,…

Read More
28 Nov

Hacker attempts to sell data of 500m WhatsApp users on dark web

Attacks, Data Breaches

A hacker has allegedly posted a dataset to the dark web containing the personal information of almost 500 million WhatsApp users. In the post, which was uploaded to hacking forum BreachForums on November 16, the hacker claimed to be selling up-to-date personal information of 487 million WhatsApp users from 84 countries. In the post, the alleged hacker said those who bought the datasets would recieve “very recent mobile numbers” of WhatsApp users. The leak was…

Read More
28 Nov

Top 7 CIAM tools

Data Breaches, Malware, Social Engineering

Customer identity and access management (CIAM), a subset of identity access management (IAM), is used to manage authentication and authorization of account creation and login process for public facing applications. To helps organizations compare their needs against the options in the market, CSO prepared a list with the top seven vendors in the market. To decide for the right CIAM product, organizations must balance the ease of the login experience with a kaleidoscope of business…

Read More
28 Nov

Here is why you should have Cobalt Strike detection in place

Data Breaches, Malware, Social Engineering

Google recently released a list of YARA detection rules for malicious variants of the legitimate Cobalt Strike penetration testing framework that are being used by hackers in the wild. Cobalt Strike is a commercial attack framework designed for red teams that has also been adopted by many threat actors, from APT groups to ransomware gangs and other cybercriminals. Living off the land is a common tactic The abuse by attackers of system administration, forensic, or…

Read More
27 Nov

Chrome fixes 8th zero-day of 2022 – check your version now

Information

by Paul Ducklin Google has just patched Chrome’s eighth zero-day hole of the year so far. Zero-days are bugs for which there were zero days you could have updated proactively… …because cybercriminals not only found the bug first, but also figured out how to exploit it for nefarious purposes before a patch was prepared and published. So, the quick version of this article is: go to Chrome’s Three-dot menu (⋮), choose Help > About Chrome,…

Read More
25 Nov

Know your payment options: How to shop and pay safely this holiday season

Information

‘Tis the season for shopping and if you too are scouting for bargains, make sure to keep your money safe when snapping up those deals The day has come: it’s Black Friday, and once-in-a-year promotions, discounts and deals are everywhere. The rush to grab a bargain has started in earnest, and in times of soaring inflation many deal-hungry shoppers are ready to make big purchases, perhaps the kinds of purchases they didn’t get to make…

Read More
25 Nov

Spyware posing as VPN apps – Week in security with Tony Anscombe

Information

The Bahamut APT group distributes at least eight malicious apps that pilfer victims’ data and monitor their messages and conversations This week, ESET researchers published their analysis of a malicious campaign where the Bahamut APT group targets Android users via trojanized versions of two legitimate VPN apps – SoftVPN and OpenVPN. Since January 2022, Bahamut has distributed at least eight malicious apps in order to pilfer sensitive user data and actively spy on victims’ messaging…

Read More
25 Nov

Voice-scamming site “iSpoof” seized, 100s arrested in massive crackdown

Information

by Naked Security writer These days, most of us have telephones that display the number that’s calling before we answer. This “feature” actually goes right back to the 1960s, and it’s known in North American English as Caller ID, although it doesn’t actually identify the caller, just the caller’s number. Elsewhere in the English-speaking world, you’ll see the name CLI used instead, short for Calling Line Identification, which seems at first glance to be a…

Read More
25 Nov

US Bans Huawei, ZTE Telecoms Gear Over Security Risk

Information, News

US authorities announced a ban Friday on the import or sale of communications equipment deemed “an unacceptable risk to national security” — including gear from Chinese giants Huawei Technologies and ZTE. Both firms have been on a roster of companies listed as a threat by the Federal Communications Commission (FCC), and the new rules bar future authorizations of their equipment. The move is the latest in a series of actions to limit the access of…

Read More
25 Nov

Google Pushes Emergency Chrome Update to Fix Zero-Day

Attacks, Malware

Chrome users are recommended to upgrade to version 107.0.5304.121/122 for Windows and 107.0.5304.122 for Mac and Linux, which addresses CVE-2022-4135. To update Chrome, click on Settings → About Chrome, then wait for the download of the latest version to finish → Restart the program. https://www.bleepingcomputer.com/news/security/google-pushes-emergency-chrome-update-to-fix-8th-zero-day-in-2022/

Read More