The Security Bench
179 followers
- Report this post
Privacy Lawsuit Settlement Resulted in Google Deleting Billions of Incognito Mode Browsing RecordsTheclass actionfiled in 2020 against Google, accusing the tech giant of tracking their internet browsing activities as resulted in the tech giant agreeing to delete billions of data records reflecting users’ browsing activities.According to a court filing on the 1st April 2024, "the settlement provides broad relief regardless of any challenges presented by Google's limited record keeping." This implies deleting lots of private browsing data in these logs. Further details about the situation revealed Google is also asked to delete information making private browsing data identifiable by reducing data points such as IP addresses, generalizing user-Agent String and removing detailed URLs within a specific website. Google is also requested to delete X-Client-Data header field known to capture the installation state of Chrome, including active variations, as well as server-side experiments affecting installation.Latin America suffers Massive Phishing AttackCybersecurity researchers have identified TA558 as the mastermind behind the ongoing huge phishing aimed at deployingVenom RATin the Latin American region. Situation report reveled Spain, Mexico, Colombia, United States, Portugal, Dominican Republic, Brazil and Argentina have suffered most of the attacks with sectors such as hotel, finance, manufacturing, industries, trading, travel, and government organization feeling most of the heat. The attackers mode of attack includes dropping Venom RAT with sensitive data and commandeering systems remotelycapabilities.Further detailsshows the threat actor leverages DarkGate malware loader for his actions."Ransomware groups utilizeDarkGateto create an initial foothold and to deploy various types of malware in corporate networks, these include, but are not limited to, info-stealers, ransomware, and remote management tools. The objective of these threat actors is to increase the number of infected devices and the volume of data exfiltrated from a victim."Linux Users at the Risk of Remote Code Execution Due to Malicious Code in XZ UtilsA vulnerability tracked asCVE-2024-3094with CVSS score of 10.0 which was discovered earlier this week as an audacious supply chain compromise promotes creation of abackdoorin the data compression utility that help remote attackers bypass secure shell authentication and achieve complete access to an affected system. https://lnkd.in/dGPqDZpe#DarkWeb #CyberSecurity#cyberattack #Password #AI #Hacked #Thesecuritybench #cyberattacks #ArtificialIntelligence #DataSecurity
2
To view or add a comment, sign in
More Relevant Posts
-
Visakh Vijayan
Associate Technical Lead @ JTC | MERN | Blogger | Minimalist | Traveller
- Report this post
🌐 Google Expands Dark Web Monitoring to All Users! 🔐Google has just announced a game-changing move: its Dark Web monitoring feature is now available to all Google account users for free! Previously exclusive to Google One premium users, this tool scans the dark web for sensitive personal information like names, emails, phone numbers, and more. If any data is found, users will receive an alert with steps to secure it.By democratizing access to cybersecurity tools, Google is making a big leap in the fight against identity theft and data breaches. No extra software, no multiple accounts—just seamless protection.This sets a new standard for cybersecurity in the tech world and puts pressure on other companies to level up their offerings. Excited to see where this goes!#Cybersecurity #DarkWebMonitoring #Google #OnlineSecurity #DataProtection #TechInnovation #IdentityTheft #Cybercrime #DigitalSafety #GoogleOne #TechNews #PrivacyMatters
2
Like CommentTo view or add a comment, sign in
-
Yair Solow
- Report this post
As the summer heats up, so does cyber security. 🔥🔥Vulnerabilities and ExploitsThis week saw several critical vulnerabilities and exploits come to light. A severe flaw in ServiceNow has been actively exploited by threat actors who are chaining together vulnerabilities to steal credentials. Meanwhile, a new vulnerability in WhatsApp for Windows allows Python and PHP scripts to execute without any warning. Microsoft's July security updates for Windows Server have disrupted remote desktop connections for organizations using the legacy RPC over HTTP protocol. Apple has also rolled out security patches addressing dozens of vulnerabilities across its various operating systems, including iOS, macOS, and watchOS.Data Breaches and Cyber IncidentsA series of high-profile data breaches have impacted millions of individuals and numerous organizations. HealthEquity disclosed that a cybersecurity incident has compromised the personal information of 4.3 million people. Similarly, FBCS increased its estimate of the impact of its February data breach, now affecting 4.2 million individuals. IBM's latest report highlighted the average cost of data breach recovery, pegging it at $4.88 million per incident. OneBlood, a major blood center, is grappling with an IT systems outage, while a bug in Chrome's Password Manager temporarily caused user credentials to disappear.Malware and ThreatsMalware continues to be a significant threat, with new strains and attack vectors emerging. The BingoMod Android RAT has been identified. A phishing campaign has exploited a security gap in Proofpoint's email protection service. North Korean hackers, identified as DEV#POPPER, are targeting developers worldwide with spyware delivered through fake job offers. Additionally, a malicious inauthentic Falcon Crash Reporter installer has been distributed to a German entity via a spearphishing website.Regulatory and Government ActionsGovernments and regulatory bodies are taking action against cyber threats. French authorities and Europol have launched a "disinfection operation" to eradicate PlugX malware from infected hosts. In a geopolitical cyber conflict, Ukraine's cyber operation successfully shut down ATM services of major Russian banks. U.S. senators have called for federal scrutiny over car manufacturers' practices of sharing and reselling driver data.Financial and Industry ImpactsThe financial and industry impacts of cyber incidents are becoming increasingly evident. CrowdStrike reported that outages have led to an estimated $5.4 billion in losses, with the healthcare sector experiencing the biggest financial hit.#cybertrends #weeklydigest #securityawarenesshttps://hubs.li/Q02JRP_S0
13
See AlsoPACAUD, ÉDOUARD-LOUIS (baptized Louis-Édouard) – Dictionary of Canadian BiographyGoogle sued over 'Incognito Mode' tracking | The Intect posted on the topic | LinkedIn3 Comments
Like CommentTo view or add a comment, sign in
-
Centraleyes
2,019 followers
- Report this post
As the summer heats up, so does cyber security. 🔥🔥Vulnerabilities and ExploitsThis week saw several critical vulnerabilities and exploits come to light. A severe flaw in ServiceNow has been actively exploited by threat actors who are chaining together vulnerabilities to steal credentials. Meanwhile, a new vulnerability in WhatsApp for Windows allows Python and PHP scripts to execute without any warning. Microsoft's July security updates for Windows Server have disrupted remote desktop connections for organizations using the legacy RPC over HTTP protocol. Apple has also rolled out security patches addressing dozens of vulnerabilities across its various operating systems, including iOS, macOS, and watchOS.Data Breaches and Cyber IncidentsA series of high-profile data breaches have impacted millions of individuals and numerous organizations. HealthEquity disclosed that a cybersecurity incident has compromised the personal information of 4.3 million people. Similarly, FBCS increased its estimate of the impact of its February data breach, now affecting 4.2 million individuals. IBM's latest report highlighted the average cost of data breach recovery, pegging it at $4.88 million per incident. OneBlood, a major blood center, is grappling with an IT systems outage, while a bug in Chrome's Password Manager temporarily caused user credentials to disappear.Malware and ThreatsMalware continues to be a significant threat, with new strains and attack vectors emerging. The BingoMod Android RAT has been identified. A phishing campaign has exploited a security gap in Proofpoint's email protection service. North Korean hackers, identified as DEV#POPPER, are targeting developers worldwide with spyware delivered through fake job offers. Additionally, a malicious inauthentic Falcon Crash Reporter installer has been distributed to a German entity via a spearphishing website.Regulatory and Government ActionsGovernments and regulatory bodies are taking action against cyber threats. French authorities and Europol have launched a "disinfection operation" to eradicate PlugX malware from infected hosts. In a geopolitical cyber conflict, Ukraine's cyber operation successfully shut down ATM services of major Russian banks. U.S. senators have called for federal scrutiny over car manufacturers' practices of sharing and reselling driver data.Financial and Industry ImpactsThe financial and industry impacts of cyber incidents are becoming increasingly evident. CrowdStrike reported that outages have led to an estimated $5.4 billion in losses, with the healthcare sector experiencing the biggest financial hit.#cybertrends #weeklydigest #securityawarenesshttps://hubs.li/Q02JRTxp0
1
Like CommentTo view or add a comment, sign in
-
M H.
🚢Sr. Tech & Info Enablement ✈️🏥Ex-BI for Healthcare💊🗣️I talk about #Data #AI #EVs🎤👨🏻🏫MCSA, MTA, MCPS, MSc, BSc🎓
- Report this post
In the world of cybersecurity, SMS messages for two-factor authentication codes have come under scrutiny for their susceptibility to interception and compromise. Security experts caution against relying solely on this method for verification. Recently, a security researcher discovered an unsecured database online housing millions of these codes, highlighting the potential risks associated with using SMS messages as a security measure. Malicious actors can easily access these messages, posing a significant threat to sensitive information and data privacy. To safeguard against such vulnerabilities and potential breaches, it is imperative for individuals and organizations to adopt more secure and robust authentication methods. Stay vigilant and take steps to protect your data. Consider alternative methods such as Google Authenticator, WhatsApp, or other secure authentication tools. Let's prioritize data security and information privacy to keep our digital lives safe. #google #whatsapp #datasecurity #informationsecurityawareness #techtalks
Like CommentTo view or add a comment, sign in
-
Centraleyes
2,019 followers
- Report this post
Weekly Trends: Just when we thought we'd seen it all, news broke of a cyber breach into the internal network of Trans-Northern Pipelines (TNPI), a critical infrastructure operator responsible for vast pipeline systems in Ontario, Quebec, and Alberta. CISA has confirmed active exploitation of a critical remote code execution (RCE) bug patched by Fortinet, emphasizing the need for heightened security measures. Meanwhile, Chinese hackers from the Volt Typhoon group infiltrated a US critical infrastructure network, remaining undetected for a staggering five years.On the malware front, Bitdefender researchers linked a new macOS backdoor, RustDoor, to Black Basta and Alphv/BlackCat ransomware operations. Additionally, LastPass warns of a fake version of its app on the Apple App Store, posing a phishing threat to users.Data breaches continue to make waves, with breaches at Viamedis and Almerys impacting over 33 million individuals in France. Meanwhile, the Black Basta gang claims to have hacked Hyundai Motor Europe, seizing three terabytes of sensitive data.Zoom has patched critical vulnerabilities in its Windows applications, and Adobe's Patch Tuesday addressed over 30 vulnerabilities, including critical issues in Magento, Acrobat, and Reader. SAP also released security patches, including one addressing a critical vulnerability exposing user and business data.In cybersecurity incidents, the LockBit ransomware gang claims responsibility for a recent cyberattack on Fulton County, Georgia, while Varta AG halted production due to a cyberattack. South Korea reports presumed North Korean hackers breaching the personal emails of a presidential staffer.Regulatory-wise, Prudential voluntarily filed a breach notice with the SEC after a hack, signaling proactive measures. Windows users can breathe easier with the KB5034763 update, featuring new fixes and compliance changes.In other news, a data broker aided an anti-abortion group in targeting Planned Parenthood visitors.Additionally, reports reveal a ransomware attack that forced 21 Romanian hospitals offline, underscoring the critical impact of cyber threats on essential services. Moreover, the KeyTrap DNS attack could potentially disable large parts of the internet, highlighting ongoing vulnerabilities.That wraps up this week's cyber roundup! Stay tuned for more insights on the evolving cyber landscape.https://lnkd.in/dhfhSJy#StaySafeOnline #digitalresilience#vulnerabilitymanagement#cyberawareness
2
Like CommentTo view or add a comment, sign in
-
Mahesh CG
Senior Consultant - Information Security | Data Privacy Enthusiast | CIPM | CISA | CEH v11 | CCNA |
- Report this post
Here are some of the top headlines from this week in cyber security: Apr 06, 2024 – Apr 12, 2024🚨#Phishing Attacks Targeting Political Parties, #Germany Warns🚨"An increase of attacks can currently be assumed, particularly in light of the upcoming European elections. These may include #phishingattacks to publish stolen data or documents," a BSI spokesperson told Information Security Media Group.- Healthcare Info Security - Threat Intel & Info Sharing🚨New HTTP/2 #DoS Attack can Crash Web Servers with a Single #TCP Connection🚨Newly discovered HTTP/2 protocol #vulnerabilities called "CONTINUATION Flood" can lead to denial of service (DoS) attacks, crashing web servers with a single TCP connection in some implementations.- Bleeping Computer - #Malware and Vulnerabilities🚨#Google Sues Crypto Investment App Makers Over Alleged Massive “Pig Butchering” #Scam🚨Two China-based Android app developers are being sued by Google for an alleged scam targeting 100,000 users worldwide through fake #cryptocurrency and other investment apps.- Bit #Defender - #IncidentResponse, Learnings🚨Microsoft Two-Step #Phishing Campaign Targets #LinkedIn Users🚨A new LinkedIn threat combines breached users’ accounts and an evasive 2-step phishing attack. A recent Python-based infostealer called Snake targets #Facebook users with malicious messages.- Perception Point - Identity Theft, Fraud, Scams🚨New #ThreatActor Starry Addax Targets Human Rights Defenders in North Africa🚨According to Cisco’s Talos threat research team, Starry Addax has been active since January 2024, orchestrating #spear-phishing campaigns aimed at individuals sympathetic to the Sahrawi Arab Democratic Republic (SADR) cause.- #Cybersecurity Help - Malware and Vulnerabilities🚨New #Google Workspace Feature Prevents Sensitive Security Changes if Two Admins Don’t Approve Them🚨If the feature is enabled, certain sensitive admin actions can be taken only if approved by an admin who did not initiate them and thus, in theory, preventing accidental or unauthorized changes made by either malicious insiders or outsiders- Help Net Security - Security Products & Services🚨Rust Addresses Critical #Vulnerability on Windows🚨The vulnerability, which carries a perfect 10 base severity score, is tracked as CVE-2024-24576. It affects the Rust standard library, which was found to be improperly escaping arguments when invoking batch files on Windows using the Command API.- The Register - Malware and Vulnerabilities🚨IT Pros Targeted with #Malicious Google Ads for PuTTY, FileZilla🚨An ongoing #malvertising campaign is targeting IT administrators looking to download system utilities such as PuTTY (a free SSH and Telnet client) and FileZilla (a free cross-platform FTP application).- Help Net Security - Malware and Vulnerabilities
2
Like CommentTo view or add a comment, sign in
-
Ishraq Uddin
IT Director | IT Manager | vCIO | 365 Migration
- Report this post
𝗛𝗼𝗹𝗱 𝗬𝗼𝘂𝗿 𝗛𝗼𝗿𝘀𝗲𝘀 𝗼𝗻 𝗖𝗮𝗹𝗹𝗶𝗻𝗴 𝘁𝗵𝗲 𝗙𝗮𝗰𝗲𝗯𝗼𝗼𝗸 𝗢𝘂𝘁𝗮𝗴𝗲 𝗮 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗥𝗶𝘀𝗸 (𝗝𝘂𝘀𝘁 𝗬𝗲𝘁)The recent Facebook outage, impacting millions globally, has understandably sparked concerns about security breaches. While it's crucial to remain vigilant, jumping to the conclusion of a cyberattack might be premature.Here's what we know so far:💠 𝗠𝗲𝘁𝗮, 𝗙𝗮𝗰𝗲𝗯𝗼𝗼𝗸'𝘀 𝗽𝗮𝗿𝗲𝗻𝘁 𝗰𝗼𝗺𝗽𝗮𝗻𝘆, 𝗵𝗮𝘀 𝗮𝘁𝘁𝗿𝗶𝗯𝘂𝘁𝗲𝗱 𝘁𝗵𝗲 𝗼𝘂𝘁𝗮𝗴𝗲 𝘁𝗼 𝗮 "𝘁𝗲𝗰𝗵𝗻𝗶𝗰𝗮𝗹 𝗶𝘀𝘀𝘂𝗲."While the specific cause remains undisclosed, technical glitches often lead to service disruptions.💠 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗿𝗲𝘀𝗲𝗮𝗿𝗰𝗵𝗲𝗿𝘀 𝗵𝗮𝘃𝗲𝗻'𝘁 𝗽𝗿𝗲𝘀𝗲𝗻𝘁𝗲𝗱 𝗮𝗻𝘆 𝗰𝗼𝗻𝗰𝗿𝗲𝘁𝗲 𝗲𝘃𝗶𝗱𝗲𝗻𝗰𝗲 𝘀𝘂𝗴𝗴𝗲𝘀𝘁𝗶𝗻𝗴 𝗮 𝗰𝘆𝗯𝗲𝗿𝗮𝘁𝘁𝗮𝗰𝗸.While some groups have claimed responsibility, their claims haven't been verified.💠 𝗪𝗵𝗶𝗹𝗲 𝗼𝘂𝘁𝗮𝗴𝗲𝘀 𝗰𝗮𝗻 𝗰𝗿𝗲𝗮𝘁𝗲 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝘃𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝗶𝗲𝘀, 𝘁𝗵𝗲𝗿𝗲'𝘀 𝗻𝗼 𝗶𝗻𝗱𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝘂𝘀𝗲𝗿 𝗱𝗮𝘁𝗮 𝘄𝗮𝘀 𝗰𝗼𝗺𝗽𝗿𝗼𝗺𝗶𝘀𝗲𝗱.However, it's important to stay informed and exercise caution:🔴 𝗠𝗼𝗻𝗶𝘁𝗼𝗿 𝗼𝗳𝗳𝗶𝗰𝗶𝗮𝗹 𝗰𝗵𝗮𝗻𝗻𝗲𝗹𝘀 𝗳𝗼𝗿 𝘂𝗽𝗱𝗮𝘁𝗲𝘀:Meta will likely provide official statements regarding the cause of the outage.🔴 𝗕𝗲𝘄𝗮𝗿𝗲 𝗼𝗳 𝗽𝗵𝗶𝘀𝗵𝗶𝗻𝗴 𝗮𝘁𝘁𝗲𝗺𝗽𝘁𝘀:Capitalizing on confusion, malicious actors might send phishing emails or messages. Be wary of unsolicited requests for login credentials or personal information.🔴 𝗖𝗼𝗻𝘀𝗶𝗱𝗲𝗿 𝘁𝗵𝗶𝘀 𝗮𝗻 𝗼𝗽𝗽𝗼𝗿𝘁𝘂𝗻𝗶𝘁𝘆 𝘁𝗼 𝗿𝗲𝘃𝗶𝗲𝘄 𝘆𝗼𝘂𝗿 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗽𝗿𝗮𝗰𝘁𝗶𝗰𝗲𝘀:Use strong passwords, enable two-factor authentication, and stay updated on security best practices.While the situation continues to unfold, 𝗹𝗲𝘁'𝘀 𝗮𝘃𝗼𝗶𝗱 𝘀𝗽𝗿𝗲𝗮𝗱𝗶𝗻𝗴 𝗺𝗶𝘀𝗶𝗻𝗳𝗼𝗿𝗺𝗮𝘁𝗶𝗼𝗻 𝗮𝗻𝗱 𝗿𝗲𝗹𝘆 𝗼𝗻 𝗼𝗳𝗳𝗶𝗰𝗶𝗮𝗹 𝘀𝗼𝘂𝗿𝗰𝗲𝘀 𝗳𝗼𝗿 𝘂𝗽𝗱𝗮𝘁𝗲𝘀. If the situation evolves and suggests a security breach, we can address it accordingly.#FacebookDown #SecurityAwareness #DigitalHygiene
2
Like CommentTo view or add a comment, sign in
-
Justine Castillo
Technology Development Associate | Cybersecurity Advocate | Transforming IT Landscapes
- Report this post
The recent revelation of millions of leaked two-factor authentication (2FA) security codes from Google, WhatsApp, and Facebook serves as a stark reminder of the vulnerabilities inherent in SMS-based authentication methods. Security experts have long cautioned against relying solely on SMS messages for 2FA, citing their susceptibility to interception and compromise.This incident underscores the importance of adopting more secure authentication measures, such as app-based authenticators or physical security keys, which provide an added layer of protection against unauthorized access. As technology evolves, so too must our approach to safeguarding sensitive information and digital assets.How can organizations and individuals alike prioritize security and implement robust authentication practices to mitigate the risk of data breaches and unauthorized access? I would love to hear your thoughts!#Cybersecurity #2FA #Authentication #DataSecurity #PrivacyProtection #DigitalSafety
2
Like CommentTo view or add a comment, sign in
-
JDAH CORP
96 followers
- Report this post
Some good tech news to end the week — Google has removed a significant barrier to enrollment into its Advanced Protection Program (APP). This free service protects high-risk users like activists, journalists, elected officials, business leaders, and IT admins from targeted cyber attacks. https://lnkd.in/dBpGzYksLaunched in 2017, APP enrollment initially required possession of two physical security keys. However, Google has now recognized that “users might not always have access to physical keys or the ability to buy one” and has amended that requirement to just a passkey that users can create using their mobile device. This latest change makes security much more accessible for individuals with sensitive data to ensure that their information, work, and personal safety are harder to compromise. If you work in infrastructure, healthcare, or security and this sounds like something your team needs, sign up here: https://lnkd.in/dvwSK8i — shoot us a message if you need help. #passkey #infrastructure #cybersecurity #phishing #MSP
5
Like CommentTo view or add a comment, sign in
-
Centraleyes
2,019 followers
- Report this post
Weekly TrendsIt's that time of week again—get your weekly dose of security trends and updates to keep you ahead! Let's dive into the exciting world of cybersecurity from March 2 to March 8.Cisco patched up vulnerabilities in its Data Center OS. JetBrains issued a critical patch for TeamCity, so update your systems ASAP.Lazarus Group is up to no good, exploiting a Windows zero-day in rootkit attacks. We (un)welcome a new player in town, Spikedwine. The APT Group is getting crafty with their wine-tasting invitations, targeting European officials. The BlackCat gang claimed responsibility for a massive data breach at Change Healthcare, causing chaos in prescription processing nationwide.CryptoChameleon attackers target Apple and Okta users with convincing impersonation techniques - always double-check those emails! Millions of malicious repositories are flooding GitHub, posing a severe threat to developers worldwide. And let's not forget about the FBI and CISA's hunt for Phobos Ransomware.Echoes of SolarWinds are sounding loud with the emergence of the Silver SAML attack technique. There you have it; cyber history repeating itself. Cyber attackers are getting sneakier, with tech support gambits and deceptive domain strategies on the rise. But Germany is taking a stand, shutting down the notorious Crimemarket and putting cybercrime on notice.In the retail world, Pepco got hit hard with a phishing attack, losing a hefty €15.5 million. Ouch!The Middle East is leading the charge in deploying DMARC email security, a step in the right direction for cyber defense.Ukraine made waves by claiming to hack into Russian Ministry of Defense servers. And the hits keep coming around the world. Hackers managed to steal sensitive data from Taiwan's Chunghwa Telecom, including military and government documents. Chinese threat actors are also developing exploits to target already patched Ivanti users. Meta, the parent company of Facebook, Instagram, and WhatsApp, is under fire from EU consumer groups for privacy breaches.Stay safe out there, and remember to keep your firewalls strong and your cyber resilience even stronger!#CyberSecurity #StaySafeOnline #WeeklyDigesthttps://hubs.li/Q02nGqYq0
3
Like CommentTo view or add a comment, sign in
179 followers
View Profile
FollowMore from this author
- Gatekeeper Controls Tightened to Block Unauthorized Software The Security Bench 2mo
- NIST publishes the expanded Cybersecurity Framework 2.0 The Security Bench 7mo
- Accountability for Chatbots The Security Bench 7mo
Explore topics
- Sales
- Marketing
- IT Services
- Business Administration
- HR Management
- Engineering
- Soft Skills
- See All