🚨 CISA KEV 1[−]
22 Jan KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2023-34048 VMware vCenter Server Out-of-Bounds Write Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber ac…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 8[−]
22 Jan KEVApache ActiveMQ Flaw Exploited in New Godzilla Web Shell AttacksA critical vulnerability in Apache ActiveMQ (CVE-2023-46604) is being actively exploited by threat actors to deploy various malicious payloads, including ransomware and DDoS botnets.THEHACKERNEWS.COM
22 JanChinese Spies Exploited VMware vCenter Server Vulnerability Since 2021CVE-2023-34048, a vCenter Server vulnerability patched in October 2023, had been exploited as zero-day for a year and a half. The post Chinese Spies Exploited VMware vCenter Server Vulnerability Since 2021 appeared first on SecurityWeek .SECURITYWEEK.COM
22 Jan KEVPatched Apache ActiveMQ bug abused to drop Godzilla web shellsA patched critical remote code execution (RCE) vulnerability in Apache ActiveMQ messaging systems is being widely exploited by attackers, according to TrustWave research. The vulnerability, tracked as CVE-2023-46604 , is used by attackers to insert and run malicious Java Server P…CSOONLINE.COM
22 JanHackers start exploiting critical Atlassian Confluence RCE flawSecurity researchers are observing exploitation attempts for the CVE-2023-22527 remote code execution flaw vulnerability that affects outdated versions of Atlassian Confluence servers. [...]BLEEPINGCOMPUTER.COM
22 JanLimiting remote access exposure in hybrid work environmentsRemote work began as a temporary measure during the pandemic but has long been a permanent fixture in our new way of working. Organizations have shifted to remote desktop work environments at an increasing speed since then – simultaneously expanding their attack surface and expos…CSOONLINE.COM
22 Jan KEVHackers Targeting Critical Atlassian Confluence Vulnerability Days After DisclosureThe Atlassian Confluence vulnerability CVE-2023-22527 is being exploited in the wild just days after it was disclosed. The post Hackers Targeting Critical Atlassian Confluence Vulnerability Days After Disclosure appeared first on SecurityWeek .SECURITYWEEK.COM
22 JanScans/Exploit Attempts for Atlassian Confluence RCE Vulnerability CVE-2023-22527, (Mon, Jan 22nd)Last week (January 16th), Atlassian released it&#;x26;#;39;s January 2024 Security Bulletin. Included with the bulletin was a patch for CVE-2023-22527, a remote code execution vulnerability in Confluence Data Center and Confluence Server. Atlassian ass…ISC.SANS.EDU
22 JanMany CVE Records Are Listing the Wrong Versions of Software as Being Affectedsubmitted by L4s to secops 1 points | 0 comments https://www.pluginvulnerabilities.com/2024/01/22/many-cve-records-are-listing-the-wrong-versions-of-software-as-being-affected/ Many CVE Records Are Listing the Wrong Versions of Software as Being Affected::undefinedPLUGINVULNERABILITIES.COM
⚠️ VULNERABILITY DISCLOSURE 21[−]
22 JanApache ActiveMQ Flaw Exploited in New Godzilla Web Shell AttacksCybersecurity researchers are warning of a "notable increase" in threat actor activity actively exploiting a now-patched flaw in Apache ActiveMQ to deliver the Godzilla web shell on compromised hosts. "The web shells are concealed within an unknown binary format and are designed …THEHACKERNEWS.COM
22 JanTop 4 LLM threats to the enterpriseAs CISO for the Vancouver Clinic, Michael Bray gushes about the infinite ways large language models (LLMs) will improve patient care. “DNA-based predictive studies, metabolic interactions, lab services, diagnostics and other medicine will be so advanced that today’s medical p…CSOONLINE.COM
22 JanIT Consultant in Germany Fined for Exposing Shoddy SecurityA security researcher in Germany was fined €3,000 ($3,300) for uncovering and reporting a serious e-commerce database vulnerability. The vulnerability exposed almost 700,000 customer records due to a plaintext password stored in the software.THEREGISTER.COM
22 JanRussia-based group hacked emails of Microsoft’s senior leadershipA Russia-based group, Midnight Blizzard, also known as Nobelium, has hacked Microsoft’s employee emails, including those of senior staff, Microsoft revealed in a recent blog post . “Beginning in late November 2023, the threat actor used a password spray attack to compromise a leg…CSOONLINE.COM
22 JanAdmin of the BreachForums Hacking Forum Sentenced to 20 Years Supervised ReleaseThe hacking forum facilitated the exchange of illicit data and access devices, leading to the arrest of Pompompurin and the closure of RaidForums in a law enforcement operation.SECURITYAFFAIRS.COM
22 JanChina remains the biggest threat, according to the defense security communityIn mid-December, the United States Defense Intelligence Agency (DIA) hosted its annual Department of Defense Intelligence Information System Worldwide conference, known as DoDIIS. The event brought together various Department of Defense (DoD) and DIA department heads, leaders fro…CSOONLINE.COM
22 JanCyberattack Hits Three English Councils at Once, as Outsourcer Civica Denies BlameThe incident is suspected to be linked to the outsourcing of IT and HR services to Civica through the East Kent Services partnership, raising concerns about the potential impact on data and services.THERECORD.MEDIA
22 Jan52% of Serious Vulnerabilities We Find are Related to Windows 10We analyzed 2,5 million vulnerabilities we discovered in our customer’s assets. This is what we found. Digging into the data The dataset we analyze here is representative of a subset of clients that subscribe to our vulnerability scanning services. Assets scanned include those re…THEHACKERNEWS.COM
22 JanCybercriminals Leaked Massive Volumes of Stolen PII Data From Thailand in Dark WebCybercriminals, including one known as Naraka, are targeting Thai e-commerce, fintech, and government bodies to obtain PII for fraudulent activities. The frequency of attacks has this year, with 14 significant data breaches reported in January alone.SECURITYAFFAIRS.COM
22 JanNorth Korea’s ScarCruft APT group targets infosec prosCybersecurity researchers and threat analysts are high on the list of valuable targets for nation-state advanced persistent threat (APT) actors. Not only can information security personnel provide access to non-public intelligence regarding malware and mitigations, but they can a…CSOONLINE.COM
22 JanNew NTLM Hash Leak Attacks Target Outlook, Windows ProgramsVaronis finds one vulnerability and three attack methods that can be used to obtain NTLM hashes via Outlook and two Windows programs. The post New NTLM Hash Leak Attacks Target Outlook, Windows Programs appeared first on SecurityWeek .SECURITYWEEK.COM
22 JanloanDepot says ransomware gang stole data of 16.6 million peopleMortgage lender loanDepot says that approximately 16.6 million people had their personal information stolen in a ransomware attack disclosed earlier this month. [...]BLEEPINGCOMPUTER.COM
22 JanSafeguarding AI: The path to trustworthy technologyThe pace of technology adoption is accelerating. Whereas users once took years to broadly adopt new technologies, now they’re jumping on new trends in a matter of months. Take the evolution of phones, the internet, and social media, for example. It took 16 years for smartphones…CSOONLINE.COM
22 JanMultiple Vulnerabilities in VMware Products Could Allow for Remote Code ExecutionMultiple vulnerabilities have been discovered in VMware vCenter Server and Cloud Foundation, the most severe of which could allow for remote code execution. VMware vCenter Server is the centralized management utility for VMware. VMware Cloud Foundation is a multi-cloud platform t…CISECURITY.ORG
22 JanIvanti: VPN appliances vulnerable if pushing configs after mitigationIvanti warned admins to stop pushing new device configurations to appliances after applying mitigations because this will leave them vulnerable to ongoing attacks exploiting two zero-day vulnerabilities. [...]BLEEPINGCOMPUTER.COM
22 JanApple fixes first zero-day bug exploited in attacks this yearApple released security updates to address this year's first zero-day vulnerability exploited in attacks that could impact iPhones, Macs, and Apple TVs. [...]BLEEPINGCOMPUTER.COM
22 JanloanDepot cyberattack causes data breach for 16.6 million peopleMortgage lender loanDepot says that approximately 16.6 million people had their personal information stolen in a ransomware attack disclosed earlier this month. [...]BLEEPINGCOMPUTER.COM
22 JanNews alert: Deloitte, Memcyco partner to deliver real-time ‘digital impersonation’ solutionsNew York, NY, Jan. 22, 2024 — Memcyco Inc , the real-time digital impersonation detection and prevention solution provider, and Deloitte , the leading consulting, advisory, and audit services firm, today announced their strategic partnership in the cybersecurity sector. The…LASTWATCHDOG.COM
22 JanApple Ships iOS 17.3, Warns of WebKit Zero-Day ExploitationApple pushes out fresh versions of its iOS and macOS platforms to fix WebKit vulnerabilities being exploited as zero-day in the wild. The post Apple Ships iOS 17.3, Warns of WebKit Zero-Day Exploitation appeared first on SecurityWeek .SECURITYWEEK.COM
22 JanTrello - 15,111,945 breached accountsIn January 2024, data was scraped from Trello and posted for sale on a popular hacking forum . Containing over 15M email addresses, names and usernames, the data was obtained by enumerating a publicly accessible resource using email addresses from previous breach corpuses. Trello…HAVEIBEENPWNED.COM
📢 SECURITY ADVISORIES 10[−]
22 JanCISA’s 1,200 Pre-Ransomware Alerts Saved Organizations Millions in DamagesThe agency's Joint Cyber Defense Collaborative gathers information to alert potential ransomware victims early on. CISA also assisted a Fortune 500 company and a mass transit operator in preventing significant ransomware attacks.CYBERSECURITYDIVE.COM
22 JanNew Guidance Urges US Water Sector to Boost Cyber ResilienceThe U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Environmental Protection Agency (EPA) and the FBI, has issued a warning about increased cyberthreats targeting water and wastewater systems.BANKINFOSECURITY.COM
22 JanSay Easy, Do Hard, Hiring a CISO, Part 2 - BSW #335Inspired by my co-host, Jason Albuquerque, we get our hands dirty and discuss the challenges of hiring a CISO. How will the new SEC regulations impact the role for both organizations and individuals? In part 2, we get our hands dirty by addressing CISO hiring from the individual …YOUTUBE.COM
22 JanBoardroom cyber expertise comes under scrutinyWhy are companies concerned about cybersecurity? Some of the main drivers are data protection, compliance, risk management and ensuring business continuity. None of these are minor issues. Then why do board members frequently keep their distance when it comes to cyber concerns? A…SECURITYINTELLIGENCE.COM
22 JanDeloitte Partners with Memcyco to Combat ATO and Other Online Attacks with Real-Time Digital Impersonation Protection SolutionsMemcyco will showcase its solutions at Deloitte’s annual Cyber iCON event, demonstrating how organizations can build effective defenses to protect their customers against digital impersonation fraud Memcyco Inc, the real-time digital impersonation detection and prevention s…GBHACKERS.COM
22 JanWhat Smart CISOs and Mature Orgs Get That Others Don’t About Cyber Compliance | News - PSW8146:00pm ET - Matt Coose 7:00pm ET - Security News This week, we start things off by discussing What Smart CISOs and Mature Orgs Get That Others Don’t About Cyber Compliance with Matt Coose, Founder and CEO at Qmulos. Then we discuss the security news for the week. →Full Show Notes…YOUTUBE.COM
🔥 INCIDENT REPORTING 25[−]
22 JanUpdate: Ransomware Gang Claims Responsibility for Christmas Attack on Massachusetts HospitalThe Money Message ransomware gang claimed responsibility for stealing 600GB of data from Anna Jaques Hospital, highlighting the ongoing threat to healthcare institutions.THERECORD.MEDIA
22 JanResearchers Link 3AM Ransomware to Conti, Royal Cybercrime GangsResearchers have found strong links between the 3AM ransomware and the Conti syndicate through analysis of their infrastructure, communication channels, and attack tactics.BLEEPINGCOMPUTER.COM
22 JanCyber Security Today, Jan. 22, 2024 - the LockBit ransomware gang hits the Subway fast food chain, and this is the start of Data Privacy WeekThis episode reports on ransomware attacks, an undetected attack on a VMware hole and moreCYBERSECURITYTODAY.LIBSYN.COM
22 JanLockBit Gang Claims New Attack on the Sandwich Chain SubwaySubway's internal system, containing hundreds of gigabytes of data, has allegedly been compromised by the ransomware group. The group has given Subway a deadline to protect the stolen data, and it is currently unknown what ransom they have demanded.SECURITYAFFAIRS.COM
22 JanDarkGate Malware Abuses AutoIT Scripting For Payload ObfusticationDarkGate is a type of malware that employs Auto-It compiled loaders that cause a considerable threat because of its advanced evasion strategies and persistence within compromised systems. By using obfuscated AutoIt scripting and multi-stage payloads, the malware makes it more dif…GBHACKERS.COM
22 JanOwner of Cybercrime Website BreachForums Sentenced to Supervised ReleaseConor Brian Fitzpatrick, the owner of the cybercrime website BreachForums, was sentenced to time served and supervised release. The post Owner of Cybercrime Website BreachForums Sentenced to Supervised Release appeared first on SecurityWeek .SECURITYWEEK.COM
22 JanNS-STEALER Uses Discord Bots to Exfiltrate Your Secrets from Popular BrowsersCybersecurity researchers have discovered a new Java-based "sophisticated" information stealer that uses a Discord bot to exfiltrate sensitive data from compromised hosts. The malware, named NS-STEALER, is propagated via ZIP archives masquerading as cracked software, Trellix…THEHACKERNEWS.COM
22 JanTietoevry Ransomware Attack Causes Outages for Swedish Firms, CitiesFinnish IT services and cloud hosting provider Tietoevry was hit by a ransomware attack, affecting a data center in Sweden and causing outages for multiple customers, including Filmstaden, Rusta, Moelven, and Grangnården.BLEEPINGCOMPUTER.COM
22 JanLoanDepot says 16.6 million customers had ‘sensitive personal’ information stolen in cyberattackAbout 16.6 million LoanDepot customers had their “sensitive personal” information” stolen in a cyberattack earlier this month, which the loan and mortgage giant has described as ransomware. The loan company said in a filing with federal regulators on Monday that…TECHCRUNCH.COM
22 JanWith hackers poisoning water systems, US agencies issue incident response guide to boost cybersecurityUS federal agencies have teamed up to release a cybersecurity best practice guidance for the water and wastewater sector (WWS). Read more in my article on the Tripwire State of Security blog.TRIPWIRE.COM
22 JanRansomware Hit on Tietoevry Causes IT Outages Across SwedenFinnish IT Services Previews Days or Weeks of Disruption, Ties Attack to Akira An Akira ransomware attack that hit a data center run by Finnish IT software and services firm Tietoevry has led to widespread outages across Sweden. Healthcare, local governments, retail outlets and t…DATABREACHTODAY.CO.UK
22 JanTrezor support site breach exposes personal data of 66,000 customersTrezor issued an alert following a security breach on January 17, 2024, when unauthorized access was gained to their third-party support ticketing portal. [...]BLEEPINGCOMPUTER.COM
22 JanDENHAM the Jeanmaker Confirms CyberattackThe renowned denim brand DENHAM the Jeanmaker confirmed that it fell victim to a cyberattack by the Akira ransomware group, with the incident being discovered on December 27, 2023.THECYBEREXPRESS.COM
22 JanLoanDepot Breach: 16.6 Million People ImpactedLending giant LoanDepot (NYSE: LDI) said that roughly 16.6 million individuals were impacted as a result of a ransomware attack. The post LoanDepot Breach: 16.6 Million People Impacted appeared first on SecurityWeek .SECURITYWEEK.COM
22 JanFacebook Phishing Scams Target Concerned Friends and FamilyBleepingComputer describes a phishing scam that’s been running rampant on Facebook for the past several months, in which threat actors use hacked accounts to post links to phony articles implying that someone has been killed in an accident.KNOWBE4.COM
22 JanAI Does Not Scare Me, But It Will Make The Problem Of Social Engineering Much WorseI am not scared of AI. What I mean is that I do not think AI is going to kill humanity Terminator-style. I think AI is going to be responsible for more cybercrime and more realistic phishing messages, but it is already pretty bad. Social engineering, without AI, is already involv…KNOWBE4.COM
22 JanLoanDepot Ransomware Attack: 16.6 Million Customers AffectedCustomers 'Sensitive Personal Information' Stolen, Large Mortgage Lender Reports Non-bank mortgage lending giant LoanDepot says hackers stole "sensitive personal information" pertaining to 16.6 million customers when they breached its systems earlier this month as part of a ranso…DATABREACHTODAY.CO.UK
22 JanMalicious web redirect scripts stealth up to hide on hacked sitesSecurity researchers looking at more than 10,000 scripts used by the Parrot traffic direction system (TDS) noticed an evolution marked by optimizations that make malicious code stealthier against security mechanisms. [...]BLEEPINGCOMPUTER.COM
22 JanFrance's OFAC to Tackle Cyberthreats Ahead of OlympicsFrench Police Office for Cybercrime Has a Staff of 180 A dedicated cybercrime unit under the French National Police is set to scale up operations ahead of the upcoming Olympics as authorities warn that cyberattacks are among the greatest threats to the event. Authorities on Frida…DATABREACHTODAY.CO.UK
22 JanReport: Hackers Scammed $7.5M From HHS Grant Payment SystemMoney Meant for Poor Communities Stolen as Authorities Issued Phishing Scam Alerts Hackers have reportedly stolen about $7.5 million from a Department of Health and Human Services grant payment system in a series of cyberattacks last year. The news comes in the midst of HHS and o…DATABREACHTODAY.CO.UK
22 JanSEC confirms X account was hacked in SIM swapping attackThe U.S. Securities and Exchange Commission confirmed today that its X account was hacked through a SIM-swapping attack on the cell phone number associated with the account. [...]BLEEPINGCOMPUTER.COM
22 JanMother of all breaches - a historic data leak reveals 26 billion recordssubmitted by ylai to cybersecurity 1 points | 0 comments https://cybernews.com/security/billions-passwords-credentials-leaked-mother-of-all-breaches/CYBERNEWS.COM
22 JanMicrosoft's Latest Hack Sparks Major Security ConcernsExperts Warn Tech Giant Faces Potential for Future Cyberattacks After Email Hacking Security experts told ISMG they were concerned Microsoft could suffer future cyberattacks and threats to its customers after a Russian state hacking group managed to evade detection for several we…DATABREACHTODAY.CO.UK
🕵️ THREAT INTELLIGENCE 13[−]
22 JanISC Stormcast For Monday, January 22nd, 2024 https://isc.sans.edu/podcastdetail/8818, (Mon, Jan 22nd)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
22 JanFrance Fines Yahoo 10 Mn Euros Over Cookie AbusesFrance's data protection watchdog fines Yahoo 10 million euros for not respecting users' refusals of internet-tracking "cookies" The post France Fines Yahoo 10 Mn Euros Over Cookie Abuses appeared first on SecurityWeek .SECURITYWEEK.COM
22 JanAI Bots on X (Twitter)You can find them by searching for OpenAI chatbot warning messages, like: “I’m sorry, I cannot provide a response as it goes against OpenAI’s use case policy.” I hadn’t thought about this before: identifying bots by searching for distinctive bot phra…SCHNEIER.COM
22 JanMentorship Monday - Discussions for career and learning!submitted by shellsharks to cybersecurity 1 points | 0 comments Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? …INFOSEC.PUB
22 JanDomain Escalation – Backup Operatorsubmitted by Blaze to cybersecurity 2 points | 0 comments https://pentestlab.blog/2024/01/22/domain-escalation-backup-operator/PENTESTLAB.BLOG
22 JanBeware of Pirated MacOS Apps That Install Chinese MalwareSimilar to ZuRu malware, a new malware has been found embedded in pirated macOS applications, which downloads and executes several payloads to compromise devices in the background. Specifically, these apps are hosted on Chinese pirate websites to entice more victims. The malware …GBHACKERS.COM
22 JanNorth Korean Hackers Weaponize Fake Research to Deliver RokRAT BackdoorMedia organizations and high-profile experts in North Korean affairs have been at the receiving end of a new campaign orchestrated by a threat actor known as ScarCruft in December 2023. "ScarCruft has been experimenting with new infection chains, including the use of a …THEHACKERNEWS.COM
22 JanSecurity Experts Describe AI Technologies They Want to SeeSecurityWeek interviews a wide spectrum of security experts on AI-driven cybersecurity use-cases that are worth immediate attention. The post Security Experts Describe AI Technologies They Want to See appeared first on SecurityWeek .SECURITYWEEK.COM
22 JanRussian State-Sponsored Threat Actor Targets High Profile Individuals in Phishing CampaignThe Russian state-sponsored threat actor “COLDRIVER” is launching phishing campaigns against “high profile individuals in NGOs, former intelligence and military officers, and NATO governments,” according to researchers at Google’s Threat Analysis Group (TAG).KNOWBE4.COM
22 JanProsecutors Add to Evidence Against Alleged Vastaamo HackerExtortion Money Found in Bank Account of Aleksanteri Kivimaki, Prosecutors Say Prosecutors trying the case of a Finnish national accused of attempting to extort tens of thousands of psychotherapy patients and of later posting therapy notes online said Monday that they have traced…DATABREACHTODAY.CO.UK
22 JanRoboJoe | Apple | VMWare | AI | Confluence | Scarcruft | Microsoft | Jason Wood & More! – SWN356This week Doug talks: RoboJoe, Apple, VMWARE, AI, Confluence, Scarcruft, Microsoft, Jason Wood, and more are on this edition of the Security Weekly News. →Full Show Notes: https://securityweekly.com/swn356 →Join the Security Weekly Discord Server: https://discord.gg/pqSwWm4 →Visi…YOUTUBE.COM
22 Jan2024: The Year Cross-Platform Endpoint Management Finally Gets Good? | News - ESW347This week, we kick things off with an interview with Zach Wasserman, Co-Founder and CTO at Fleet Device Management, Inc., about 2024: The Year Cross-Platform Endpoint Management Finally Gets Good? Then, we finish off with the weekly enterprise news. →Full Show Notes: https://www.…YOUTUBE.COM
22 JanVeolia | FeverWarn | SystemK | Fortra | Gitlab | Ring | Trickbot | Aaran Leyland & More! – SWN357This week, Doug Talks: Veolia, FeverWarn, SystemK, Fortra, GitLab, Ring, Trickbot , Aaran Leyland, and More News on the Security Weekly News. →Full Show Notes: https://securityweekly.com/swn357 →Join the Security Weekly Discord Server: https://discord.gg/pqSwWm4 →Visit our websit…YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 4[−]
22 JanParrot TDS: A Persistent and Evolving Malware CampaignThe Parrot TDS consists of landing scripts and payload scripts, with the former profiling the victim's web browser and the latter directing the browser to malicious content.UNIT42.PALOALTONETWORKS.COM
22 JanMavenGate Attack Could Let Hackers Hijack Java and Android via Abandoned LibrariesSeveral public and popular libraries abandoned but still used in Java and Android applications have been found susceptible to a new software supply chain attack method called MavenGate. "Access to projects can be hijacked through domain name purchases and since most default build…THEHACKERNEWS.COM
22 JanOn Point: Offensive Security for Mobile Network OperatorsBuild Resiliency by Simulating Real-World Attacks and Gaining Insight Into Threats As cyberthreats evolve, mobile network operators need offensive security to maintain resilience. Traditional security, such as firewalls and encryption, is not sufficient on its own. Offensive secu…DATABREACHTODAY.CO.UK
22 JanCracked macOS apps drain wallets using scripts fetched from DNS recordsHackers are using a stealthy method to deliver to macOS users information-stealing malware through DNS records that hide malicious scripts. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 16[−]
22 JanExperts Call for US Cyber Safety Review Board RethinkThere are differing opinions on whether the CSRB should be granted subpoena powers, with concerns about potential conflicts of interest and adversarial relationships with the private sector.THEREGISTER.COM
22 JanFTC Bans InMarket for Selling Precise User Location Without ConsentThe U.S. Federal Trade Commission (FTC) is continuing to clamp down on data brokers by prohibiting InMarket Media from selling or licensing precise location data. The settlement is part of allegations that the Texas-based company did not inform or seek consent from consumers befo…THEHACKERNEWS.COM
22 JanFTC Settles Second Case With Geolocation Data Broker in Two WeeksThe FTC has settled with a data broker, InMarket Media, for improperly collecting and selling consumers' location data without informed consent, signaling increased scrutiny of data brokers.THERECORD.MEDIA
22 JanGroups Urge FTC to Scrutinize Google Location Data PracticesTwo tech advocacy groups are urging the FTC to investigate Google for allegedly failing to delete sensitive location data as promised, potentially violating privacy and putting individuals at risk.BANKINFOSECURITY.COM
22 JanFrench CNIL Imposes Fine of $11 Million on YahooThe French regulator found that Yahoo had deposited at least 20 advertising cookies without obtaining proper consent, affecting more than 5 million consumers over 21 months.BANKINFOSECURITY.COM
22 JanBrave to End ‘Strict’ Fingerprinting Protection as it Breaks WebsitesThe 'Standard' fingerprinting protection mode in Brave Browser will be enhanced to provide strong privacy protection while maintaining better compatibility with websites.BLEEPINGCOMPUTER.COM
22 JanZloader: No Longer Silent in the NightThe Zloader static configuration is now encrypted using RC4 with a hardcoded alphanumeric key, and the network encryption employs 1,024-bit RSA with RC4 and the Zeus "visual encryption" algorithms.ZSCALER.COM
22 JanUK Expansion of Sophos Partnership with CowbellFacilitating Access to Coverage for Sophos Customers in the UKSOPHOS.COM
22 JanDDoS Barrage Hits Monobank, Ukraine’s Largest Mobile Bank, in Unprecedented AttackA series of denial of service (DDoS) attacks hit Monobank, Ukraine's largest mobile-only bank, with the CEO confirming a staggering 580 million service requests during one attack.THECYBEREXPRESS.COM
22 JanFTC orders Intuit to stop pushing "free" software that isn't really freeToday, the U.S. Federal Trade Commission (FTC) ordered Intuit to stop promoting its software products and services as "free" unless they're actually free for all consumers. [...]BLEEPINGCOMPUTER.COM
22 JanApple Updates Everything - New 0 Day in WebKit, (Mon, Jan 22nd)Today, Apple released significant "point releases" for all its operating systems. With new features, we also got patches for 29 different vulnerabilities. The table below shows how some vulnerabilities affect multiple operating systems across the Apple ecosystem.
ISC.SANS.EDU
22 Jan18X a Leader in Gartner Magic Quadrant for EPPExplore why Trend Micro is recognized—for the 18th time—as a Leader in the Gartner Magic Quadrant for Endpoint Protection Platforms.TRENDMICRO.COM
22 Jan18X a Leader in Gartner Magic Quadrant for EPPExplore why Trend Micro is recognized—for the 18th time—as a Leader in the Gartner Magic Quadrant for Endpoint Protection Platforms.TRENDMICRO.COM