• Data from 5.4M Twitter users obtained from multiple threat actors and combined with data from other breaches
    by Pierluigi Paganini on November 26, 2022 at 9:11 pm

    The massive data breach suffered by Twitter that exposed emails and phone numbers of its customers may have impacted more than five million users. At the end of July, a threat actor leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. The threat actor offered The post Data from 5.4M Twitter users obtained from multiple threat actors and combined with data from other breaches appeared first on Security Affairs.

  • Devices from Dell, HP, and Lenovo used outdated OpenSSL versions
    by Pierluigi Paganini on November 26, 2022 at 12:35 am

    Researchers discovered that devices from Dell, HP, and Lenovo are still using outdated versions of the OpenSSL cryptographic library. Binarly researchers discovered that devices from Dell, HP, and Lenovo are still using outdated versions of the OpenSSL cryptographic library. The OpenSSL software library allows secure communications over computer networks against eavesdropping or need to identify the party at the other end. The post Devices from Dell, HP, and Lenovo used outdated OpenSSL versions appeared first on Security Affairs.

  • ConnectWise Fixes XSS Vulnerability that Could Lead to Remote Code Execution
    on November 25, 2022 at 6:00 pm

    Threat actors could exploit the flaw to take complete control of the ConnectWise platform

  • Google Releases Chrome Patch to Fix New Zero-Day Vulnerability
    on November 25, 2022 at 5:15 pm

    The high-severity vulnerability refers to a heap buffer overflow in the GPU component

  • Remote Code Execution Vulnerability Found in Windows Internet Key Exchange
    on November 25, 2022 at 4:15 pm

    The discovered vulnerabilities could have been exploited to target almost 1000 systems

  • Google fixed the eighth actively exploited #Chrome #zeroday this year
    by Pierluigi Paganini on November 25, 2022 at 1:50 pm

    Google on Thursday released security updates to address a new zero-day vulnerability, tracked as CVE-2022-4135, impacting the Chrome web browser. Google rolled out an emergency security update for the desktop version of the Chrome web browser to address a new zero-day vulnerability, tracked as CVE-2022-4135, that is actively exploited. The CVE-2022-4135 vulnerability is a heap The post Google fixed the eighth actively exploited #Chrome #zeroday this year appeared first on Security Affairs.

  • Cybercriminals are increasingly using info-stealing malware to target victims
    by avenkat@idg.com on November 25, 2022 at 1:05 pm

    Cybercriminals are increasingly shifting from automated scam-as-a-service to more advanced info stealer malware distributors as the competition for resources increases, and they look for new way to make profits, according to a report by Group-IB.  The cybersecurity company has identified 34 Russian-speaking groups distributing info-stealing malware under the stealer-as-a-service model. Info stealer malware collects users’ credentials stored in browsers, gaming accounts, email services, social media, bank card details, and crypto wallet information from infected computers, and sends the data to the malware operator. This data is then sold or used for fraud on the dark web.  To read this article in full, please click here

  • Experts investigate WhatsApp data leak: 500M user records for sale
    by Pierluigi Paganini on November 25, 2022 at 12:20 pm

    Cybernews investigated a data sample available for sale containing up-to-date mobile phone numbers of nearly 500 million WhatsApp users. Original post published by Cybernews: https://cybernews.com/news/whatsapp-data-leak/ On November 16, an actor posted an ad on a well-known hacking community forum, claiming they were selling a 2022 database of 487 million WhatsApp user mobile numbers. The dataset The post Experts investigate WhatsApp data leak: 500M user records for sale appeared first on Security Affairs.

  • Experts Warn Remote Workers of Black Friday Security Threats
    on November 25, 2022 at 10:30 am

    Shared devices can present corporate security risk

  • An international police operation dismantled the spoofing service iSpoof
    by Pierluigi Paganini on November 25, 2022 at 10:27 am

    An international law enforcement operation has dismantled an online phone number spoofing service called iSpoof. An international law enforcement operation that was conducted by authorities in Europe, Australia, the United States, Ukraine, and Canada, with the support of Europol, has dismantled online phone number spoofing service called iSpoof. The iSpoof service allowed fraudsters to impersonate trusted corporations The post An international police operation dismantled the spoofing service iSpoof appeared first on Security Affairs.