❌
There are new articles available, click to refresh the page.
Today β€” 30 November 2022The Hacker News

Australia Passes Bill to Fine Companies up to $50 Million for Data Breaches

30 November 2022 at 09:33
The Australian government has passed a bill that markedly increases the penalty for companies suffering from serious or repeated data breaches. To that end, the maximum fines have been bumped up from the current AU$2.22 million to AU$50 million, 30% of an entity's adjusted turnover in the relevant period, or three times the value of any benefit obtained through the misuse of information,

3 New Vulnerabilities Affect OT Products from German Companies Festo and CODESYS

30 November 2022 at 07:21
Researchers have disclosed details of three new security vulnerabilities affecting operational technology (OT) products from CODESYS and Festo that could lead to source code tampering and denial-of-service (DoS). The vulnerabilities, reported by Forescout Vedere Labs, are the latest in a long list of flaws collectively tracked under the nameΒ OT:ICEFALL. "These issues exemplify either an

Chinese Cyber Espionage Hackers Using USB Devices to Target Entities in Philippines

30 November 2022 at 06:21
A threat actor with a suspected China nexus has been linked to a set of espionage attacks in the Philippines that primarily relies on USB devices as an initial infection vector. Mandiant, which is part of Google Cloud, is tracking the cluster under its uncategorized monikerΒ UNC4191. An analysis of the artifacts used in the intrusions indicates that the campaign dates as far back as September
Yesterday β€” 29 November 2022The Hacker News

New Flaw in Acer Laptops Could Let Attackers Disable Secure Boot Protection

29 November 2022 at 16:39
Acer has released a firmware update to address a security vulnerability that could be potentially weaponized to turn off UEFI Secure Boot on affected machines. Tracked asΒ CVE-2022-4020, the high-severity vulnerability affects five different models that consist of Aspire A315-22, A115-21, and A315-22G, and Extensa EX215-21 and EX215-21G. <!--adsense--> The PC maker described the vulnerability as

Hackers Using Trending TikTok 'Invisible Challenge' to Spread Malware

29 November 2022 at 11:59
Threat actors are capitalizing on a popular TikTok challenge to trick users into downloading information-stealing malware, according to new research from Checkmarx. The trend, calledΒ Invisible Challenge, involves applying a filter known asΒ Invisible BodyΒ that just leaves behind a silhouette of the person's body. But the fact that individuals filming such videos could be undressed has led to a

7 Cyber Security Tips for SMBs

29 November 2022 at 11:30
When the headlines focus on breaches of large enterprises like the Optus breach, it’s easy for smaller businesses to think they’re not a target for hackers. Surely, they’re not worth the time or effort?Β  Unfortunately, when it comes to cyber security, size doesn’t matter.Β  Assuming you’re not a target leads to lax security practices in many SMBs who lack the knowledge or expertise to put simple

Irish Regulator Fines Facebook $277 Million for Leak of Half a Billion Users' Data

29 November 2022 at 08:25
Ireland's Data Protection Commission (DPC) hasΒ levied finesΒ of €265 million ($277 million) against Meta Platforms for failing to safeguard the personal data of more than half a billion users of its Facebook service, ramping up privacy enforcement against U.S. tech firms. The fines follow an inquiry initiated by the European regulator on April 14, 2021, close on the heels of a leak of a "collated

CISA Warns of Actively Exploited Critical Oracle Fusion Middleware Vulnerability

29 November 2022 at 04:20
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on MondayΒ addedΒ a critical flaw impacting Oracle Fusion Middleware to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation. The vulnerability, tracked asΒ CVE-2021-35587, carries a CVSS score of 9.8 and impacts Oracle Access Manager (OAM) versions 11.1.2.3.0, 12.2.1.3.0, and 12.2.1.4.0. <!--
Before yesterdayThe Hacker News

The 5 Cornerstones for an Effective Cyber Security Awareness Training

28 November 2022 at 11:45
It's not news that phishing attacks are getting more complex and happening more often. This year alone, APWG reported a record-breaking total ofΒ 1,097,811 phishing attacks.Β These attacks continue to target organizations and individuals to gain their sensitive information.Β  The hard news:Β they're often successful, have a long-lasting negative impact on your organization and employees, including:

Researchers Detail AppSync Cross-Tenant Vulnerability in Amazon Web Services

28 November 2022 at 11:56
Amazon Web Services (AWS) has resolved a cross-tenant vulnerability in its platform that could be weaponized by an attacker to gain unauthorized access to resources. The issue relates to aΒ confused deputy problem, a type of privilege escalation where a program that doesn't have permission to perform an action can coerce a more-privileged entity to perform the action. The shortcoming was reported

Over a Dozen New BMC Firmware Flaws Expose OT and IoT Devices to Remote Attacks

28 November 2022 at 10:07
Over a dozen security flaws have been discovered in baseboard management controller (BMC) firmware from Lanner that could expose operational technology (OT) and internet of things (IoT) networks to remote attacks. BMC refers to a specialized service processor, a system-on-chip (SoC), that's found in server motherboards and is used for remote monitoring and management of a host system, including

Elon Musk Confirms Twitter 2.0 will Bring End-to-End Encryption to Direct Messages

28 November 2022 at 05:25
Twitter chief executive Elon Musk confirmed plans for end-to-end encryption (E2EE) for direct messages on the platform. TheΒ featureΒ is part of Musk's vision for Twitter 2.0, which is expected to be what's called an "everything app." Other functionalities include longform tweets and payments, according to a slide deck shared by Musk over the weekend. <!--adsense--> The company's plans for

All You Need to Know About Emotet in 2022

26 November 2022 at 11:49
For 6 months, the infamous Emotet botnet has shown almost no activity, and now it's distributing malicious spam. Let's dive into details and discuss all you need to know about the notorious malware to combat it. Why is everyone scared of Emotet? EmotetΒ is by far one of the most dangerous trojans ever created. The malware became a very destructive program as it grew in scale and sophistication.

U.S. Bans Chinese Telecom Equipment and Surveillance Cameras Over National Security Risk

26 November 2022 at 04:52
The U.S. Federal Communications Commission (FCC) formally announced it will no longer authorize electronic equipment from Huawei, ZTE, Hytera, Hikvision, and Dahua, deeming them an "unacceptable" national security threat. All these Chinese telecom and video surveillance companies were previously included in theΒ Covered ListΒ as of March 12, 2021. "The FCC is committed to protecting our national

Russia-based RansomBoggs Ransomware Targeted Several Ukrainian Organizations

26 November 2022 at 04:28
Ukraine has come under a fresh onslaught of ransomware attacks that mirror previous intrusions attributed to the Russia-based Sandworm nation-state group. Slovak cybersecurity company ESET, which dubbed the new ransomware strainΒ RansomBoggs, said the attacks against several Ukrainian entities were first detected on November 21, 2022. "While the malware written in .NET is new, its deployment is
❌
❌