Security News > 2022 > November
Europol has arrested hundreds of fraudsters, money launderers and cocaine kingpins, and shut down thousands of websites selling pirated and counterfeit products in a series of raids over the past month. Cops across several continents seized 127,365 fake designer watches, shoes, accessories, clothes, perfumes, electronics, phone cases and other counterfeit products worth more than Є3.8 million.
In this interview with Help net Security, Brad Jones, VP of Information Security at Seagate Technology, talks about cybersecurity trends organizations will be dealing with soon, particlularly concerning cloud misconfiguration, data classification, software vulnerabilities, and the cybersecurity skills gap. In a traditional on-prem data storage environment, only a few security team members controlled a firewall that prevented adversaries from exposing sensitive information and prevented employees from accidentally exposing data.
In this Help Net Security video, Frank Kim, CISO-in-Residence at YL Ventures, discusses the growing role of CISOs in investment firms and how their role as advisors helps drive cybersecurity startups. Frank works closely with cybersecurity startup founders on ideation, product-market-fit, and value realization, on an in-house and regular basis.
Since the early stages of the pandemic, account takeover fraud has significantly transformed, quickly becoming one of the fastest-growing cybersecurity threats with 22% of adults in the US falling victim to this attack. With new user fraud, synthetic ID, IRSF and promo abuse increasing rapidly, the new avenues for account takeover have turned this scheme into a beast that feels unstoppable.
The U.S. Cybersecurity and Infrastructure Security Agency on Monday added a critical flaw impacting Oracle Fusion Middleware to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2021-35587, carries a CVSS score of 9.8 and impacts Oracle Access Manager versions 11.1.2.3.0, 12.2.1.3.0, and 12.2.1.4.0.
The U.S. Cybersecurity and Infrastructure Security Agency on Monday added a critical flaw impacting Oracle Fusion Middleware to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2021-35587, carries a CVSS score of 9.8 and impacts Oracle Access Manager versions 11.1.2.3.0, 12.2.1.3.0, and 12.2.1.4.0.
Cashing stolen credit cards: Carding groups sell stolen credit card details to carry out illegal and unauthorized transactions. Selling fake Hayya cards: Due to the importance of Hayya cards during the World Cup, threat actors are selling fake Hayya Cards to unsuspecting fans, who are willing to pay any amount to get one.
India's Telecom Regulatory Authority has announced a fresh crackdown on TXT spam - this time using artificial intelligence, after a previous blockchain-powered effort delivered mixed results. The TRAI's approach to managing spam - or Unsolicited Commercial Communication as it prefers to describe it - saw the regulator create a mandatory register of telemarketers and telecoms service providers, and require them to secure opt-ins from message recipients.
Acer has fixed a high-severity vulnerability affecting multiple laptop models that could enable local attackers to deactivate UEFI Secure Boot on targeted systems. Attackers with high privileges can abuse it in low-complexity attacks that require no user interaction to alter UEFI Secure Boot settings by modifying the BootOrderSecureBootDisable NVRAM variable to disable Secure Boot.
A fake Android SMS application, with 100,000 downloads on the Google Play store, has been discovered to secretly act as an SMS relay for an account creation service for sites like Microsoft, Google, Instagram, Telegram, and Facebook. "Fake app I just download this app 4-5 times of OTP by Google, Airtel payment, Bank OTP, dream11 OTP, etc. Type of OTP comes at the time of login," reads one of the reviews.