28 September 2022

Cybersecurity News

Cyber Security News, Information Security News, CyberSecurity Analysis, Breaking Cyber Security News. Exploit & Vulnerability News. Data Breach News Today.

Most Attackers Need Less Than 10 Hours to Find Weaknesses infosec
4 min read

Most Attackers Need Less Than 10 Hours to Find Weaknesses

RiSec.n0tst3 28 September 2022
Vulnerable configurations, software flaws, and exposed Web services allow hackers to find exploitable weaknesses in companies’ perimeters in just hours, not days. The average ethical hacker can find a vulnerability that allows the breach of the network perimeter and then exploit the environment in less than 10 hours, with penetration testers focused on cloud security gaining access most quickly to targeted assets. And further, once a vulnerability or weakness is found, about 58% of ethical hackers can break into an environment in less than five hours. That’s according to a...
Continue Reading
The Evolution of Vulnerability Scanning and Pentesting Vulnerability
5 min read

The Evolution of Vulnerability Scanning and Pentesting

RiSec.Mitch 28 September 2022
An awareness of unprotected vulnerabilities and risks is the starting point for determining the best way to align resources with cybersecurity. By conducting regular real-world attack testing, security operations can illuminate weaknesses while gaining control over risks. Cybersecurity testing is deployed to eliminate risk, improve business continuity and meet compliance requirements. At a minimum, cybersecurity testing should be conducted whenever there are new network changes or user groups, new system configurations or app releases. An organization’s security risk tolerances must be aligned with a testing solution that finds, scans, exploits...
Continue Reading
UK may fine TikTok $29 million for failing to protect children’s privacy tiktok
2 min read

UK may fine TikTok $29 million for failing to protect children’s privacy

RiSec.Mitch 28 September 2022
Sept 26 (Reuters) – Britain could fine TikTok 27 million pounds ($28.91 million) following an investigation that found the short-form video app may have breached UK’s data protection law by failing to safeguard privacy of children using the platform. The investigation found that TikTok could have processed data of children under the age of 13 without appropriate parental consent and failed to provide proper information to its users in a transparent way. The Information Commissioner’s Office (ICO) has issued TikTok and TikTok Information Technologies UK Ltd with a “notice...
Continue Reading
5+ Things to teach your kids about Social Media teach your kids about Social Media
8 min read

5+ Things to teach your kids about Social Media

RiSec.n0tst3 26 September 2022
With children now back at school, it’s time to think about social media, and their use of it. Are they already firing out tweets, chatting in Discord channels, or even just looking to set up a Tik-Tok account? Now is the time to consider giving your kids some security and privacy tips for all their social media needs. 1. Get to grips with default settings Most sites are in the business of making your data their business. EULAs and privacy policies are frequently terribly confusing for grown ups. Expecting...
Continue Reading
New WhatsApp 0-Day Bug Let Hackers Execute Code & Take Full App Control Remotely WhatsApp 0-Day Bug
4 min read

New WhatsApp 0-Day Bug Let Hackers Execute Code & Take Full App Control Remotely

RiSec.Mitch 26 September 2022
WhatsApp silently fixed two critical zero-day vulnerabilities that affect both Android & iOS versions allowing attackers to execute an arbitrary code remotely. Facebook-owned privacy-oriented messenger WhatsApp is one of the Top-ranked Messenger apps with more than Billion users around the world in both Android and iPhone. Both vulnerabilities are marked under “critical” severity with a CVE Score of 10/10 and found by the WhatsApp internal security Team. Simplifying these following vulnerabilities, Whatsapp could cause your device to be hacked by receiving a Video File or When on a Video...
Continue Reading
RCE in Sophos Firewall is being exploited in the wild (CVE-2022-3236) Fixing indirect vulnerabilities without breaking your dependency tree
2 min read

RCE in Sophos Firewall is being exploited in the wild (CVE-2022-3236)

RiSec.n0tst3 26 September 2022
Sophos has patched an actively exploited remote code execution vulnerability (CVE-2022-3236) in its Firewall solutions, and has pushed the fix to customers who have an automatic installation of hotfixes enabled. If this news triggers a feeling of déjà vu, there’s a good reason: earlier this year, another zero-day (CVE-2022-1040) in the same component was leveraged by attackers against “a small set of specific organizations, primarily in the South Asia region” – and this time around is the same. About CVE-2022-3236 CVE-2022-3236 is a code injection vulnerability in the User Portal and...
Continue Reading
Revolut hack exposes data of 50,000 users, fuels new phishing wave Revolut
3 min read

Revolut hack exposes data of 50,000 users, fuels new phishing wave

RiSec.n0tst3 26 September 2022
Revolut has suffered a cyberattack that gave unauthorized third-party access to the personal information of tens of thousands of clients. The incident occurred a week ago, on Sunday night, and has been described as “highly targeted.” Founded in 2015, Revolut is a financial technology company that has seen rapid growth, now offering banking, money management, and investment services to customers all over the world. In a statement, a company spokesperson said that an unauthorized party had access “for a short period of time” to details of only a 0.16% of its customers, BleepingComputer reports...
Continue Reading
UK: NCSC publishes new cybersecurity guidance for online retailers ncsc national cyber security
3 min read

UK: NCSC publishes new cybersecurity guidance for online retailers

RiSec.n0tst3 22 September 2022
UK online retailers can now benefit from tailored cybersecurity guidance on improving customer authentication and removing malicious websites. The UK National Cyber Security Centre (NCSC) has published two new pieces of guidance to support online retailers, hospitality providers and utility services in protecting themselves and their customers from cybercriminals. The advice encourages these organisations to add layers of security on top of passwords to authenticate customers and outlines how they can remove malicious websites and content spoofing their brand. The guidance is the latest addition to a suite of...
Continue Reading
Morgan Stanley fined $35M after unencrypted, unwiped hard drives are auctioned morgan stanley
3 min read

Morgan Stanley fined $35M after unencrypted, unwiped hard drives are auctioned

RiSec.Mitch 21 September 2022
“Astonishing failures” over a 5-year span. Morgan Stanley on Tuesday agreed to pay the Securities and Exchange Commission (SEC) a $35 million penalty for data security lapses that included unencrypted hard drives from decommissioned data centers being resold on auction sites without first being wiped. The SEC action said that the improper disposal of thousands of hard drives starting in 2016 was part of an “extensive failure” over a five-year period to safeguard customers’ data as required by federal regulations. The agency said that the failures also included the...
Continue Reading
USA adds two more Chinese carriers to ‘probably a national security threat’ list cybersecurity
2 min read

USA adds two more Chinese carriers to ‘probably a national security threat’ list

RiSec.Mitch 21 September 2022
Pacific Network Corp and China Unicom join the likes of Huawei, Hytera, Hikvision on list of dangerous suppliers The US Federal Communications Commission (FCC) has added two Chinese companies to its list of communications equipment suppliers rated a threat to national security: Pacific Network Corp, its wholly owned subsidiary ComNet (USA) LLC, and China Unicom (Americas). “Earlier this year the FCC revoked China Unicom America’s and PacNet/ComNet’s authorities to provide service in the United States because of the national security risks they posed to communications in the United States. Now, working with...
Continue Reading
en English
af Afrikaanssq Albanianam Amharicar Arabichy Armenianaz Azerbaijanieu Basquebe Belarusianbn Bengalibs Bosnianbg Bulgarianca Catalanceb Cebuanony Chichewazh-CN Chinese (Simplified)zh-TW Chinese (Traditional)co Corsicanhr Croatiancs Czechda Danishnl Dutchen Englisheo Esperantoet Estoniantl Filipinofi Finnishfr Frenchfy Frisiangl Galicianka Georgiande Germanel Greekgu Gujaratiht Haitian Creoleha Hausahaw Hawaiianiw Hebrewhi Hindihmn Hmonghu Hungarianis Icelandicig Igboid Indonesianga Irishit Italianja Japanesejw Javanesekn Kannadakk Kazakhkm Khmerko Koreanku Kurdish (Kurmanji)ky Kyrgyzlo Laola Latinlv Latvianlt Lithuanianlb Luxembourgishmk Macedonianmg Malagasyms Malayml Malayalammt Maltesemi Maorimr Marathimn Mongolianmy Myanmar (Burmese)ne Nepalino Norwegianps Pashtofa Persianpl Polishpt Portuguesepa Punjabiro Romanianru Russiansm Samoangd Scottish Gaelicsr Serbianst Sesothosn Shonasd Sindhisi Sinhalask Slovaksl Slovenianso Somalies Spanishsu Sudanesesw Swahilisv Swedishtg Tajikta Tamilte Teluguth Thaitr Turkishuk Ukrainianur Urduuz Uzbekvi Vietnamesecy Welshxh Xhosayi Yiddishyo Yorubazu Zulu