There’s some bad news for Meta, in the form of a $277 million fine related to a data breach which impacted no fewer than 500 million users. The fine, issued by the Irish Data Protection Commission, is a result of the fallout from scraped data posted to a hacking forum in 2019. As The Guardian notes, this brings the current…
Search giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser. The high-severity flaw, tracked as CVE-2022-4262, concerns a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google’s Threat Analysis Group (TAG) has been credited with reporting the issue on November 29, 2022. Type confusion…
LastPass maintains that passwords remain safely encrypted. Password manager LastPass announced Wednesday it had suffered its second data breach in three months. CEO Karim Toubba said the company recently detected unusual activity within a third-party cloud storage service that is shared by LastPass and affiliate GoTo. He said an investigation was immediately launched into the incident by security firm Mandiant…
The new ‘AXLocker’ ransomware family is not only encrypting victims’ files and demanding a ransom payment but also stealing the Discord accounts of infected users. When a user logs into Discord with their credentials, the platform sends back a user authentication token saved on the computer. This token can then be used to log in as the user or…
A threat group tracked as ‘Worok’ hides malware within PNG images to infect victims’ machines with information-stealing malware without raising alarms. This has been confirmed by researchers at Avast, who built upon the findings of ESET, the first to spot and report on Worok’s activity in early September 2022. ESET warned that Worok targeted high-profile victims, including government entities in…
The Federal Bureau of Investigation (FBI) says Americans who share their phone number online are being targeted by Google Voice authentication scams. As the federal law enforcement agency explains, the fraudsters are targeting those who have posted their phone number as a form of contact when trying to sell various items on online marketplaces or social media apps. “Recently, we…
Wordfence analysts report having detected a massive wave of attacks in the last couple of days, originating from 16,000 IPs and targeting over 1.6 million WordPress sites. The threat actors target four WordPress plugins and fifteen Epsilon Framework themes, one of which has no available patch. Some of the targeted plugins were patched all the way back in 2018, while others…
Keeping a close eye on your online accounts is incredibly important with scams, hacks, and breaches as common as they are. Your hardware is at risk as well, which is why we always recommend keeping your devices updated. In fact, one of the most indispensable devices in your home can also be one of the most vulnerable. Cyber Security researchers recently examined a…
If you are an AT&T enterprise customer with some older technology on the edge of your network, your infrastructure may be under attack by a Russian botnet dubbed EwDoor. In late October this year, researchers at 360 Netlab discovered a threat actor attacking Edgewater Networks’ devices using the four-year-old CVE-2017-6079. This vulnerability, when exploited, could allow the attacker to…
Security researchers analyzed nine popular WiFi routers and found a total of 226 potential vulnerabilities in them, even when running the latest firmware. The tested routers are made by Asus, AVM, D-Link, Netgear, Edimax, TP-Link, Synology, and Linksys, and are used by millions of people. The front-runners in terms of the number of vulnerabilities are the TP-Link Archer AX6000,…
There’s some bad news for Meta, in the form of a…
Search giant Google on Friday released an out-of-band security update to…
LastPass maintains that passwords remain safely encrypted. Password manager LastPass announced Wednesday…
