❌ Novel Malware Hijacks Facebook Business Accounts ❌
📖 Read
via "Threat Post".
Newly discovered malware linked to Vietnamese threat actors targets users through a LinkedIn phishing campaign to steal data and admin privileges for financial gain.📖 Read
via "Threat Post".
Threat Post
Novel Malware Hijacks Facebook Business Accounts
Newly discovered malware linked to Vietnamese threat actors targets users through a LinkedIn phishing campaign to steal data and admin privileges for financial gain.
🕴 AI Can Help Fintechs Fight Fraud-as-a-Service 🕴
📖 Read
via "Dark Reading".
Artificial intelligence tools can help companies strike the right balance between preventing financial crime and maintaining customer service and satisfaction.📖 Read
via "Dark Reading".
Dark Reading
AI Can Help Fintechs Fight Fraud-as-a-Service
Artificial intelligence tools can help companies strike the right balance between preventing financial crime and maintaining customer service and satisfaction.
🕴 Discord, Telegram Services Hijacked to Launch Array of Cyberattacks 🕴
📖 Read
via "Dark Reading".
Attackers are easily turning popular messaging apps and their associated services — like bots, cloud infrastructure, and CDNs — against users, researchers warn.📖 Read
via "Dark Reading".
Dark Reading
Discord, Telegram Services Hijacked to Launch Array of Cyberattacks
Attackers are easily turning popular messaging apps and their associated services — like bots, cloud infrastructure, and CDNs — against users, researchers warn.
🕴 Economic Downturn Raises Risk of Insiders Going Rogue 🕴
📖 Read
via "Dark Reading".
Insiders could become more vulnerable to cybercrime recruitment efforts, new report says.📖 Read
via "Dark Reading".
Dark Reading
Economic Downturn Raises Risk of Insiders Going Rogue
Insiders could become more vulnerable to cybercrime recruitment efforts, new report says.
🕴 LockBit 3.0: Significantly Improved Ransomware Helps the Gang Stay on Top 🕴
📖 Read
via "Dark Reading".
Just ahead of its headline-grabbing attack on the Italian tax agency, the infamous ransomware group debuted an improved version of the malware featuring parts from Egregor and BlackMatter.📖 Read
via "Dark Reading".
Dark Reading
LockBit 3.0: Significantly Improved Ransomware Helps the Gang Stay on Top
Just ahead of its headline-grabbing attack on the Italian tax agency, the infamous ransomware group debuted an improved version of the malware featuring parts from Egregor and BlackMatter.
🕴 Microsoft Tops Brands Phishers Prefer 🕴
📖 Read
via "Dark Reading".
Wide use of Microsoft 365 applications by business lets phishers easily launch data theft, BEC, ransomware, and other attacks, new report finds.📖 Read
via "Dark Reading".
Dark Reading
Microsoft Tops Brands Phishers Prefer
Wide use of Microsoft 365 applications by business lets phishers easily launch data theft, BEC, ransomware, and other attacks, new report finds.
🕴 Norton Consumer Cyber Safety Pulse Report: Phishing for New Bait on Social Media 🕴
📖 Read
via "Dark Reading".
Year-long analysis from Norton Labs finds nearly three-quarters of phishing sites imitate Facebook.📖 Read
via "Dark Reading".
Dark Reading
Norton Consumer Cyber Safety Pulse Report: Phishing for New Bait on Social Media
Year-long analysis from Norton Labs finds nearly three-quarters of phishing sites imitate Facebook.
🕴 Craig Newmark Gives UC Berkeley $2 Million for University Cybersecurity Clinics 🕴
📖 Read
via "Dark Reading".
.📖 Read
via "Dark Reading".
Dark Reading
Craig Newmark Gives UC Berkeley $2 Million for University Cybersecurity Clinics
.
‼ CVE-2022-29953 ‼
📖 Read
via "National Vulnerability Database".
The Bently Nevada 3700 series of condition monitoring equipment through 2022-04-29 has a maintenance interface on port 4001/TCP with undocumented, hardcoded credentials. An attacker capable of connecting to this interface can thus trivially take over its functionality.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1636 ‼
📖 Read
via "National Vulnerability Database".
Use after free in Performance APIs in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40180 ‼
📖 Read
via "National Vulnerability Database".
In the WeChat application 8.0.10 for Android and iOS, a mini program can obtain sensitive information from a user's address book via wx.searchContacts.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1637 ‼
📖 Read
via "National Vulnerability Database".
Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1499 ‼
📖 Read
via "National Vulnerability Database".
Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass same origin policy via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1492 ‼
📖 Read
via "National Vulnerability Database".
Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to inject arbitrary scripts or HTML via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1633 ‼
📖 Read
via "National Vulnerability Database".
Use after free in Sharesheet in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interactions.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29951 ‼
📖 Read
via "National Vulnerability Database".
JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol (configurable on ports 1024-65534 on either TCP or UDP) for a wide variety of engineering purposes such as starting and stopping the PLC, downloading and uploading projects, and changing configuration settings. This protocol does not have any authentication features, allowing any attacker capable of communicating with the port in question to invoke (a subset of) desired functionality.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1494 ‼
📖 Read
via "National Vulnerability Database".
Insufficient data validation in Trusted Types in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass trusted types policy via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27105 ‼
📖 Read
via "National Vulnerability Database".
InMailX Outlook Plugin < 3.22.0101 is vulnerable to Cross Site Scripting (XSS). InMailX Connection names are not sanitzed in the Outlook tab, which allows a local user or network administrator to execute HTML / Javascript in the Outlook of users.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1501 ‼
📖 Read
via "National Vulnerability Database".
Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1485 ‼
📖 Read
via "National Vulnerability Database".
Use after free in File System API in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1479 ‼
📖 Read
via "National Vulnerability Database".
Use after free in ANGLE in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.📖 Read
via "National Vulnerability Database".