Monthly Archives: October 2022

Modified WhatsApp App Caught Infecting Android Devices with Malware

An unofficial version of the popular WhatsApp messaging app called YoWhatsApp has been observed deploying...

13
Oct
Researchers Uncover Custom Backdoors and Spying Tools Used by Polonium Hackers

A threat actor tracked as Polonium has been linked to over a dozen highly targeted...

13
Oct
Nine months on from the Cyber Essentials update – debunking some myths
October 12, 2022

Anne W takes stock of where we are following the changes to Cyber Essentials in...

Hackers Using Vishing to Trick Victims into Installing Android Banking Malware

Malicious actors are resorting to voice phishing (vishing) tactics to dupe victims into installing Android...

12
Oct
Scribe Platform: End-to-end Software Supply Chain Security

As software supply chain security becomes more and more crucial, security, DevSecOps, and DevOps teams...

12
Oct
Google Rolling Out Passkey Passwordless Login Support to Android and Chrome

Google on Wednesday officially rolled out support for passkeys, the next-generation authentication standard, to both...

12
Oct
64,000 Additional Patients Impacted by Omnicell Data Breach – What is Your Data Breach Action Plan?

In April 2022, Omnicell reported a data breach affecting nearly 62,000 patients. The company has...

12
Oct
Critical Bug in Siemens SIMATIC PLCs Could Let Attackers Steal Cryptographic Keys

A vulnerability in Siemens Simatic programmable logic controller (PLC) can be exploited to retrieve the...

12
Oct
Over 1.2 million credit card numbers leaked on hacking forum
October 12, 2022

The free release contains credit card numbers, along with personal details of credit card holders...

Microsoft Patch Tuesday Fixes New Windows Zero-Day; No Patch for Exchange Server Bugs

Microsoft’s Patch Tuesday update for the month of October has addressed a total of 85 security...

12
Oct
Supply chain cyber security: new guidance from the NCSC
October 11, 2022

Guidance describes practical steps to help organisations assess cyber security in their supply chains....

BazarCall Callback Phishing Attacks Constantly Evolving Its Social Engineering Tactics

The operators behind the BazaCall call back phishing method have continued to evolve with updated...

11
Oct
Researchers Detail Critical RCE Flaw Reported in Popular vm2 JavaScript Sandbox

A now-patched security flaw in the vm2 JavaScript sandbox module could be abused by a...

11
Oct
The Latest Funding News and What it Means for Cyber Security in 2023

The White House has recently announced a $1 billion cyber security grant program that is...

11
Oct
Researchers Warn of New Phishing-as-a-Service Being Used by Cyber Criminals

Cyber criminals are using a previously undocumented phishing-as-a-service (PhaaS) toolkit called Caffeine to effectively scale up their...

11
Oct
Fortinet Warns of Active Exploitation of Newly Discovered Critical Auth Bypass Bug

Fortinet on Monday revealed that the newly patched critical security vulnerability impacting its firewall and...

11
Oct
Researchers Detail Malicious Tools Used by Cyberespionage Group Earth Aughisky

A new piece of research has detailed the increasingly sophisticated nature of the malware toolset...

10
Oct
New Report Uncovers Emotet’s Delivery and Evasion Techniques Used in Recent Attacks

Threat actors associated with the notorious Emotet malware are continually shifting their tactics and command-and-control...

10
Oct
Intel Confirms Leak of Alder Lake BIOS Source Code

Chipmaker Intel has confirmed that proprietary source code related to its Alder Lake CPUs has...

10
Oct
Hackers Steal $100 Million Cryptocurrency from Binance Bridge

BNB Chain, a blockchain linked to the Binance cryptocurrency exchange, disclosed an exploit on a...

10
Oct
Hackers Exploiting Unpatched RCE Flaw in Zimbra Collaboration Suite

A severe remote code execution vulnerability in Zimbra’s enterprise collaboration software and email platform is...

08
Oct
Microsoft Issues Improved Mitigations for Unpatched Exchange Server Vulnerabilities

Microsoft on Friday disclosed it has made more improvements to the mitigation method offered as a means to prevent...

08
Oct
Fortinet Warns of New Auth Bypass Flaw Affecting FortiGate and FortiProxy

Fortinet has privately warned its customers of a security flaw affecting FortiGate firewalls and FortiProxy...

07
Oct
Facebook Detects 400 Android and iOS Apps Stealing Users Log-in Credentials

Meta Platforms on Friday disclosed that it had identified over 400 malicious apps on Android...

07
Oct
The essentials of GRC and cybersecurity — How they empower each other

Understanding the connection between GRC and cybersecurity When talking about cybersecurity, Governance, Risk, and Compliance...

07
Oct
LofyGang Distributed ~200 Malicious NPM Packages to Steal Credit Card Data

Multiple campaigns that distributed trojanized and typosquatted packages on the NPM open source repository have...

07
Oct
Hackers Can Use ‘App Mode’ in Chromium Browsers’ for Stealth Phishing Attacks

In what’s a new phishing technique, it has been demonstrated that the Application Mode feature...

07
Oct
Former CSO of Uber found guilty of covering up data breach
October 7, 2022

Joe Sullivan now awaits sentencing after being found guilty of obstruction of justice...

BlackByte Ransomware Abuses Vulnerable Windows Driver to Disable Security Solutions

In yet another case of bring your own vulnerable driver (BYOVD) attack, the operators of...

07
Oct
Ferrari denies breach following 7GB of data posted online
October 7, 2022

The car manufacturer was allegedly targeted by ransomware group RansomEXX...