Risk

WhatsApp Hit with €5.5m fine for GDPR Violations
Resources, Risk, Security

WhatsApp Hit with €5.5m fine for GDPR Violations

The Irish Data Protection Commission has fined WhatsApp €5.5 million ($5.9 million) for violating the GDPR (DPC). WhatsApp Ireland has been ordered to bring its data processing operations into compliance within six months in addition to paying the penalties. Significant differences amongst European data protection authorities regarding WhatsApp's level of responsibility were on display in this case. The fine pertains to a revision to WhatsApp's terms of service that was made on May 25, 2018, the day the EU's GDPR took effect. This advised both current and new users that they had to click "agree and continue" to confirm their acceptance of the amended Terms of Service if they wished to continue using the WhatsApp service after the implementation of the new rules read the complete...
Massive Ad Fraud Scheme Targeted Over 11 Million Devices with 1,700 Spoofed Apps
Risk, Security

Massive Ad Fraud Scheme Targeted Over 11 Million Devices with 1,700 Spoofed Apps

An "expansive" ad fraud operation that spoofs over 1,700 programs from 120 publishers and affects around 11 million devices has been stopped by researchers. The fraudulent actors were able to stack several invisible video ad players behind one another and log ad views thanks to the "VASTFLUX" malvertising attack, according to the fraud detection company HUMAN. Fast Flux, a DNS evasion method, and VAST, a digital video ad serving template, which is used to display ads to video players, are what give the operation its name. The smart operation placed bids for the display of ad banners specifically in the constrained in-app contexts that run adverts on iOS read the complete article Massive Ad Fraud Scheme Targeted Over 11 Million Devices with 1,700 Spoofed Apps. Stay informed on ...
New Chinese Malware Spotted Exploiting Recent Fortinet Firewall Vulnerability
Risk, Security

New Chinese Malware Spotted Exploiting Recent Fortinet Firewall Vulnerability

In assaults against a European government organization and an African managed service provider (MSP), a suspected China-nexus threat actor used a recently fixed Fortinet FortiOS SSL-VPN vulnerability as a zero-day. The exploitation took place as early as October 2022, at least over two months before updates were made, according to telemetry data acquired by Google-owned Mandiant. Researchers from Mandiant claimed in a technical analysis that the event "continues China's trend of targeting internet-facing devices, notably those used for managed security purposes (e.g., firewalls, IPSIDS appliances, etc.)." In order to carry out the attacks, a sophisticated backdoor known as BOLD MOVE was used. This backdoor is a Linux variant that has been optimized to run on Fortinet's FortiGate ...
T-Mobile says hacker accessed personal data of 37 million customers
Risk, Security

T-Mobile says hacker accessed personal data of 37 million customers

T-Mobile disclosed that a hacker gained access to a treasure trove of personal information belonging to 37 million users in a financial statement on Thursday. The telecommunications behemoth claimed that the data theft began on November 25 and that the "bad actor" stole "name, billing address, email, phone number, date of birth, T-Mobile account number, information such as the number of lines on the account and plan features." T-Mobile claimed in the SEC filing that it discovered the breach on January 5—more than a month after it occurred—and that a day later it had addressed the issue of the hacker taking advantage of it. According to T-Mobile, the hackers misused an application programming interface (API) rather than breaking into any business system read more T-Mobile says hac...
Over a Third of Recent ICS Bugs Still Have No Vendor Patch
Risk, Security

Over a Third of Recent ICS Bugs Still Have No Vendor Patch

Operators of industrial control systems (ICS) are being let down by their vendors, according to new data that shows 35% of CVEs announced in the second half of 2022 still lack a fix. The 926 CVEs identified via ICS Advisories from the Cybersecurity and Infrastructure Security Agency (CISA) were examined in SynSaber's ICS Vulnerabilities report for H2 2022. It was discovered that many ICS asset owners' systems are vulnerable as a result of a lack of vendor updates, in addition to the rise in disclosed CVEs (up 36% from the 681 revealed in the first half of the year). According to SynSaber, "Original Equipment Manufacturer (OEM) providers often have tight patch testing, approval, and installation processes," which is why delays frequently occur read the complete article Over a Thir...
New Microsoft Azure Vulnerability Uncovered EmojiDeploy for RCE Attacks
Risk, Security

New Microsoft Azure Vulnerability Uncovered EmojiDeploy for RCE Attacks

An attacker might use a newly found major remote code execution (RCE) weakness that affects numerous Microsoft Azure services to take complete control of a target application. According to Liv Matan, an Ermetic researcher, "the vulnerability is achieved by CSRF (cross-site request forgery) on the widely used SCM provider Kudu." Attackers are able to send malicious ZIP files with a payload to a victim's Azure application by taking advantage of the vulnerability. The Israeli company that specializes in protecting cloud infrastructure called the flaw EmojiDeploy and warned that it might make it easier for hackers to steal sensitive information and move it to other Azure services read the complete article New Microsoft Azure Vulnerability Uncovered EmojiDeploy for RCE Attacks. Stay ...
Bitwarden acquires Passwordless.dev to help companies authenticate users without passwords
Risk, Security

Bitwarden acquires Passwordless.dev to help companies authenticate users without passwords

Bitwarden, an open-source password management platform, has made its first known purchase by purchasing Passwordless. dev, a young Swedish firm that focuses on assisting software developers in integrating passwordless authentication technology. The information was released shortly after Bitwarden, a competitor of 1Password and LastPass said that it had received $100 million from PSG and Battery Ventures, its first outside investment since its founding in 2015. At that time, the business also confirmed that it had raised a previously unreported Series A investment in 2019. Bitwarden is intended to make it simpler for consumers and businesses to automatically create difficult-to-guess passwords, much like other password management services read the complete article Bitwarden acquires ...
Mailchimp Suffers Another Security Breach Compromising Some Customers Information
Resources, Risk, Security

Mailchimp Suffers Another Security Breach Compromising Some Customers Information

Mailchimp, a well-known email marketing and newsletter service provider, has revealed yet another security breach that gave threat actors access to an internal support and account admin tool and allowed them to get data on 133 clients. The Intuit-owned company claimed in a report that "the unauthorized actor performed a social engineering assault against Mailchimp employees and contractors, and got access to select Mailchimp accounts using employee credentials compromised in that attack." There is no proof that the unauthorized party compromised Intuit systems or other consumer information beyond the 133 accounts read the complete article Mailchimp Suffers Another Security Breach Compromising Some Customers' Information. Stay informed on the latest cyber threats and trends, and l...
FinServ Firms See 81% Surge in Attacks Since Russia-Ukraine War
Resources, Risk, Security

FinServ Firms See 81% Surge in Attacks Since Russia-Ukraine War

Since Russia's invasion of Ukraine, the UK's financial services sector has experienced a wave of cyberattacks, but firms are generally confident in their abilities to reduce these risks, finds a new Bridewell study. For its most recent research, Cyber Security in Critical National Infrastructure Organizations: Financial Services, the cybersecurity services provider surveyed more than 100 IT decision-makers from UK financial services companies. It was discovered that since the invasion of Ukraine, attacks on the sector have increased by 81%, the second-highest growth of any critical infrastructure (CNI) sector and evidence of the growing cyber danger brought on by geopolitics read the complete article FinServ Firms See 81% Surge in Attacks Since Russia-Ukraine War. If you love to ...
Vice Society Claims Ransomware Attack Against University of Duisburg-Essen
Risk, Security

Vice Society Claims Ransomware Attack Against University of Duisburg-Essen

The University of Duisburg-Essen (UDE) was the target of a ransomware attack in November 2022. The threat actor Vice Society has admitted involvement and is said to have posted some stolen information on the dark web. The data disclosure, according to UDE's declaration over the weekend, was caused by the institution refusing to pay the attackers' demanded ransom. At the same time, the institution made it clear that all of its security precautions were based on the guidelines set forth by the Federal Office for Information Security (BSI) and the methodology for BSI IT baseline protection read the complete article Vice Society Claims Ransomware Attack Against University of Duisburg. For these types of trending and recent cybersecurity news follow ReconBee.com and keep yourself upda...