Did you know that your Ring doorbell video footage could be part of police surveillance? Ring saw search warrants increase 33 percent in 2022 from the previous year. The lack of legal controls on what police can ask for, and judges failing to properly scrutinize these warrants, opens the door for even indoor home footage […]
The Bundesamt für Sicherheit in der Informationstechnik (BSI), part of the German Ministry of Internal Affairs, has investigated web shops which show that they are often unsafe. Seven out of ten researched webshop platforms use vulnerable JavaScript libraries. In addition, almost all solutions had inadequate password policies and nearly half of the products use end-of-life […]
A cybersecurity insurer predicts that a 13% growth to 1,900 CVEs monthly would include 270 high-severity and 155 critical-severity vulnerabilities. The predictions are based on data collected over the last ten years. For most CVEs, the time to exploit is within 90 days of public disclosure, while the majority of exploits take place within the […]
Irish university MTU Cork has decided to close all four campuses for two days and cancel all classes due to an intrusion into its IT systems. The attack took place last weekend and would have been detected at an early stage. The university gives no details about what kind of attack it is exactly and […]
According to a PayPal notice of security incident dated January 18, attackers got unauthorized access to the accounts of thousands of users between December 6 and 8, 2022. The total number of accounts that were accessed by threat actors using a credential stuffing attack is reported as being 34,942.
The hacker copied information from backup that contained basic customer account information and related metadata, including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service. The threat actor was also able to copy a backup of customer vault data from the encrypted […]
The records of Twitter contain either a private email address or phone number, and public scraped data, including the account’s Twitter ID, name, screen name, verified status, location, URL, description, follower count, account creation date, friends count, favorites count, statuses count, and profile image URLs.
Worldwide, a total of 890,000 computers were infected and more than fifty million passwords were stolen. This is the conclusion of security company Group-IB based on its own research. Investigators from the company identified 34 gangs behind the attacks using known malware such as RedLine and Raccoon Infostealer. This malware is capable of stealing login […]
Analysts see an uptick in token theft from authenticated users, allowing threat actors to bypass MFA protections. Stealing session cookies has become one of the most common ways that attackers circumvent multifactor authentication. For unmanaged devices, they recommend conditional access policies and strong controls.
Due to the large number of vulnerabilities in software, the continuous stream of cyber attacks and the conflict in Ukraine, the threat situation in cyberspace is higher than ever before, according to the German government in a new management report for 2022. The annual report of the Bundesamt für Sicherheit in der Informationstechnik (BSI), part […]