Security News

Metaverse poses risks for users and creators While cybersecurity leaders see risk, they're forging ahead Same as it ever was, but in 3D Like the web, metaverse comes with caveat emptor for users Brand reputation risks in 3D. The metaverse is evolving into a 3D digital world for buying, selling, recruiting and training, unbound by geography and currently without clear rules and regulations. There are two main security threats in the metaverse and web 3.0, according to John Tsangaris, technical security leader at infosec company Optiv.

Cybercrime groups are increasingly running their operations as a business, promoting jobs on the dark web that offer developers and hackers competitive monthly salaries, paid time off, and paid sick leaves. In a new report by Kaspersky, which analyzed 200,000 job ads posted on 155 dark websites between March 2020 and June 2022, hacking groups and APT groups seek to hire mainly software developers, offering very competitive packages to entice them.

Today, the Hive ransomware Tor payment and data leak sites were seized as part of an international law enforcement operation involving the US Department of Justice, FBI, Secret Service, Europol, and Germany's BKA and Polizei. The seizure notice on the Tor sites also lists a wide range of other countries involved in the law enforcement operation, including Canda, France, Lithuania, Netherlands, Norway, Portugal, Romania, Spain, Sweden, and the United Kingdom.

A New York resident has pleaded guilty to charges of conspiracy to commit bank fraud using stolen credit cards purchased on dark web cybercrime marketplaces. According to the indictment shared in the U.S. Department of Justice announcement, Osagie purchased thousands of credit and debit card data from dark web markets.

Hackers are actively exploiting a critical vulnerability patched recently in Control Web Panel, a tool for managing servers formerly known as CentOS Web Panel. On January 3, researcher Numan Türle at Gais Cyber Security, who had reported the issue around October last year, published a proof-of-concept exploit and a video showing how it works.

Malicious actors are actively attempting to exploit a recently patched critical vulnerability in Control Web Panel that enables elevated privileges and unauthenticated remote code execution on susceptible servers. Control Web Panel, formerly known as CentOS Web Panel, is a popular server administration tool for enterprise-based Linux systems.

Pakistan's government has warned its agencies that the dark web exists, is home to all sorts of unpleasant people, and should be avoided. Linking the dark web to terrorism therefore associates the networks with threats to national security.

Google announced on Friday that it's adding end-to-end encryption to Gmail on the web, allowing enrolled Google Workspace users to send and receive encrypted emails within and outside their domain.The company says that the feature is not yet available to users with personal Google Accounts or Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Education Fundamentals, Frontline, and Nonprofits, as well as legacy G Suite Basic and Business customers.

Most startup CTOs have an excellent understanding of how to build highly functional SaaS businesses but need to gain more knowledge of how to secure the web application that underpins it. According to recent research from Verizon, web application attacks are involved in 26% of all breaches, and app security is a concern for of enterprises.

The dark web is getting darker as cybercrime gangs increasingly shop their malware, phishing, and ransomware tools on illegal cybercrime markets. In 2022, threat actors preferred joining a RaaS for ransomware attacks as they tend to have more freedom and can deploy faster than private ransomware.