<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>News Archives - HowToRemove.Guide</title>
	<atom:link href="https://howtoremove.guide/category/news/feed/" rel="self" type="application/rss+xml" />
	<link>https://howtoremove.guide/category/news/</link>
	<description>Virus &#38; Malware Removal</description>
	<lastBuildDate>Thu, 27 Jun 2024 11:09:48 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=6.7.5</generator>

<image>
	<url>https://howtoremove.guide/wp-content/uploads/2019/11/cropped-howtoremove-Fav-Icon-512-3-32x32.png</url>
	<title>News Archives - HowToRemove.Guide</title>
	<link>https://howtoremove.guide/category/news/</link>
	<width>32</width>
	<height>32</height>
</image> 
	<item>
		<title>Polyfill.io infects 100k websites with malware</title>
		<link>https://howtoremove.guide/polyfill-io-infects-100k-websites-with-malware/</link>
					<comments>https://howtoremove.guide/polyfill-io-infects-100k-websites-with-malware/#respond</comments>
		
		<dc:creator><![CDATA[Nathan Bookshire]]></dc:creator>
		<pubDate>Thu, 27 Jun 2024 10:57:20 +0000</pubDate>
				<category><![CDATA[News]]></category>
		<guid isPermaLink="false">https://howtoremove.guide/?p=217217</guid>

					<description><![CDATA[If you&#8217;ve been following the latest cybersecurity news, you might have heard about the recent supply chain attack involving Polyfill.io. I somehow missed this until today, due to, well, researching other malware. But the attack proved something we&#8217;ve been saying for years at Howtoremove.guide. Older, unpatched websites are susceptible to malware. And normal people are [&#8230;]]]></description>
										<content:encoded><![CDATA[
<p>If you&#8217;ve been following the latest cybersecurity news, you might have heard about the recent supply chain attack involving Polyfill.io. I somehow missed this until today, due to, well, researching other malware. But <strong>the attack proved something we&#8217;ve been saying for years</strong> at Howtoremove.guide. Older, unpatched websites are susceptible to malware. And normal people are always the ones to pay the bill, in the end.</p>



<figure class="wp-block-image size-large is-resized"><img fetchpriority="high" decoding="async" src="https://howtoremove.guide/wp-content/uploads/2024/06/blocks-1024x615.png" alt="Polyfill.io is currently blocked by all security sources." class="wp-image-217218" width="673" height="404" title="Polyfill.io is currently blocked by all security sources." srcset="https://howtoremove.guide/wp-content/uploads/2024/06/blocks-1024x615.png 1024w, https://howtoremove.guide/wp-content/uploads/2024/06/blocks-300x180.png 300w, https://howtoremove.guide/wp-content/uploads/2024/06/blocks-150x90.png 150w, https://howtoremove.guide/wp-content/uploads/2024/06/blocks-768x461.png 768w, https://howtoremove.guide/wp-content/uploads/2024/06/blocks-1536x922.png 1536w, https://howtoremove.guide/wp-content/uploads/2024/06/blocks-2048x1229.png 2048w, https://howtoremove.guide/wp-content/uploads/2024/06/blocks-810x486.png 810w, https://howtoremove.guide/wp-content/uploads/2024/06/blocks-1140x684.png 1140w" sizes="(max-width: 673px) 100vw, 673px" /></figure>



<h2 id="the-polyfill-io-supply-chain-attack" class="wp-block-heading">The Polyfill.io Supply Chain Attack</h2>



<p>Over 100,000 websites were impacted after a Chinese company called <strong>Funnull</strong> bought the Polyfill.io domain and modified the service&#8217;s script to redirect users to scam websites instead of doing what they were supposed to do. It&#8217;s anyone&#8217;s guess how a company can do this, even in China, but this is 2024. But the sheer damage that spread like wildfire made me dive into the incident to understand the mechanics and implications of the attack. Here&#8217;s what I found.</p>



<h2 id="what-is-a-polyfill" class="wp-block-heading">What is a Polyfill?</h2>



<p>Let&#8217;s clarify what a polyfill is, because I wasn&#8217;t really in the loop what it is either, to be honest. In web development, a polyfill is a type of code that adds modern functionality to older browsers that don&#8217;t support it. JavaScript is the best example that does this. This way a user with an outdated browser can still see everything as opposed to broken parts interspersed with the rest.</p>



<p><strong>Polyfill.io</strong> was a popular service that provided these scripts to hundreds of thousands of websites, allowing developers to maintain a consistent codebase across all browsers. But see the past tense &#8211; it <strong>was</strong> a popular service.</p>



<h2 id="the-polyfill-io-attack-unfolds" class="wp-block-heading">The Polyfill.io Attack Unfolds</h2>



<p>Earlier this year, Polyfill.io was purchased by Funnull, a company supposedly officially based in Slovenia but many  attributes suggest a Chinese origin instead. Unfortunately all of this came under scrutiny after the attack took place. </p>



<p>After Polyfill.io the cybersecurity firms like Sansec and c/side raised alarms immediately. Scripts served by Polyfill.io began injecting malicious code into websites, redirecting users to unwanted and often dangerous sites, e.g. a fake Sportsbook site or &#8220;www.googie-anaiytics.com&#8221; – a clever misspelling of Google Analytics. Scams often employ these tactics to confuse users.</p>



<h3 id="the-scale-of-impact" class="wp-block-heading">The Scale of Impact</h3>



<p>The scale of this attack is staggering because it was lightning quick and came without notice. Over 100,000 websites are affected, including the likes of JSTOR, Intuit, and the World Economic Forum. The malicious code targets mobile devices the most and activates only under specific conditions.. The modified scripts are designed to evade reverse engineering and avoid triggering when they detect admin accounts or web analytics services. My presumption with 10 years in the field is that this is because <strong>the actors behind the attack wanted to remain unnoticed for longer</strong>.</p>



<h3 id="googles-response" class="wp-block-heading">Google’s Response</h3>



<p>Google quickly began notifying advertisers about the potential risks of landing pages that use Polyfill.io&#8217;s services. Soon after, they went further and started blocking Google Ads for websites using the compromised scripts, noticeably reducing traffic to these sites. At that point everyone woke up, it seems, and started taking steps to mitigate the issue. </p>



<p>To be clear &#8211; modern browsers don&#8217;t need this service. It is  mostly there for legacy purposes. The original developer of Polyfill.io who sold the service advised immediate removal. Cloudflare and Fastly quickly set up mirrors that cut away the infected code.</p>



<h3 id="so-what-now" class="wp-block-heading">So what now?</h3>



<p>For now, the Polyfill.io domain has been redirected to Cloudflare, but the DNS servers haven&#8217;t changed. This means the malicious actors could regain control at any time. My 2 cents is this is a stark reminder to stay away from old services like this. In 2024 most users are forced to upgrade and most devices are newer than needed anyway.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://howtoremove.guide/polyfill-io-infects-100k-websites-with-malware/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>Cyber Security Monthly Recap: April 2024</title>
		<link>https://howtoremove.guide/cyber-security-monthly-recap-april-2024/</link>
					<comments>https://howtoremove.guide/cyber-security-monthly-recap-april-2024/#respond</comments>
		
		<dc:creator><![CDATA[Lidia Howler]]></dc:creator>
		<pubDate>Thu, 02 May 2024 14:01:14 +0000</pubDate>
				<category><![CDATA[News]]></category>
		<guid isPermaLink="false">https://howtoremove.guide/?p=214645</guid>

					<description><![CDATA[April is over, but if you want to know what important has happened during the month, check out our selection of major topics from the cyberseucrity world. The past weeks were marked with the release of a number of security updates and reports. So, join us as we review the highlights. AT&#38;T with an investigation into [&#8230;]]]></description>
										<content:encoded><![CDATA[
<p>April is over, but if you want to know what important has happened during the month, check out our selection of major topics from the cyberseucrity world. The past weeks were marked with the release of a number of security updates and reports. So, join us as we review the highlights.</p>



<figure class="wp-block-image aligncenter size-full is-resized"><img decoding="async" src="https://howtoremove.guide/wp-content/uploads/2024/05/Cyber-Security-Monthly-Recap-April-2024.webp" alt="Cyber Security Monthly Recap April-2024" class="wp-image-214646" width="863" height="575" srcset="https://howtoremove.guide/wp-content/uploads/2024/05/Cyber-Security-Monthly-Recap-April-2024.webp 822w, https://howtoremove.guide/wp-content/uploads/2024/05/Cyber-Security-Monthly-Recap-April-2024-300x200.webp 300w, https://howtoremove.guide/wp-content/uploads/2024/05/Cyber-Security-Monthly-Recap-April-2024-150x100.webp 150w, https://howtoremove.guide/wp-content/uploads/2024/05/Cyber-Security-Monthly-Recap-April-2024-768x511.webp 768w, https://howtoremove.guide/wp-content/uploads/2024/05/Cyber-Security-Monthly-Recap-April-2024-810x539.webp 810w" sizes="(max-width: 863px) 100vw, 863px" /><figcaption class="wp-element-caption">Cyber Security Monthly Recap: April 2024</figcaption></figure>



<p></p>



<h2 id="att-with-an-investigation-into-a-data-breach" class="wp-block-heading">AT&amp;T with an investigation into a data breach</h2>



<p>Due to a data breach that affected 73 million current and past customers and contained personally identifiable information (PII) such as Social Security numbers, AT&amp;T has opened an investigation. The leaked data was found on the dark web in the beginning of April. It&#8217;s unclear if AT&amp;T or one of its vendors provided the information directly. </p>



<p>Nevertheless, AT&amp;T has made it clear that there isn&#8217;t any proof of illegal access resulting in the exfiltration of data from its systems. Presumably from 2019 or earlier, the leaked data lacks critical information such as specific call history or financial details. An estimated 7.6 million active and 65.4 million past account holders have been impacted.</p>



<h2 id="sophos-report-is-warning-smbs-are-being-targeted-more-than-ever" class="wp-block-heading">Sophos report is warning: SMBs are being targeted more than ever</h2>



<p>A concerning new trend for 2024 is the increase in malware attacks against small and medium-sized businesses (abbreviated as SMBs). A <a href="https://www.sophos.com/en-us/press/press-releases/2024/03/2024-sophos-threat-report-cybercrime-main-street-details-cyberthreats" target="_blank" rel="noreferrer noopener nofollow">Sophos report</a> claims that nearly half of all malware incidents discovered on SMB endpoints in the previous year were caused by keyloggers, spyware, and info stealers. The later are pieces of malware that are specifically created to steal sensitive data and login credentials. The difficulties in identifying these cyberthreats, which further compromises authentic accounts and expands the avenues for cybercriminals to operate, are brought to light by the researchers.</p>



<p>The most likely and worst case scenario is the ongoing development of ransomware attacks, which are expected to increase in frequency by over 60% in the next few years with respect to remote encryption. The second most frequent threat variant is business email compromise, which also includes pre-attack phone calls and conversational emails to the target.</p>



<p>While these statistics are exponential, the major issue brought out by the researchers is the fact that these cyberthreats are too hard to spot. This results in more legitimate accounts exploited and victims to the growing opportunism of the cyber criminals.</p>



<h2 id="adobe-with-24-patches-for-april-2024" class="wp-block-heading">Adobe with 24 patches for April 2024</h2>



<p>Adobe fixed 24 CVEs in Adobe After Effects, Photoshop, Commerce, InDesign, Experience Manager, Media Encoder, Bridge, Illustrator, and Adobe Animate with nine patches that were released in April. The majority of these updates are for Experience Manager, but they are all just fixing basic Cross-site Scripting (XSS) vulnerabilities. Nevertheless, these Important-severity bugs have the potential to cause code execution if they are used maliciously. </p>



<p>The Animate and Commerce patches are the only other patches that address multiple CVEs. There are four bugs fixed in the Animate patch. Two of these have a critical rating and have the potential to cause arbitrary code execution. Two other Critical-rated bugs—one related to improper input validation and one related to XSS—are also fixed by the Commerce patch. Code execution could result from either.</p>



<p>At the time of release, none of the bugs that Adobe fixed this month were known to the public or targeted by active attacks. These updates have a deployment priority rating of 3 according to Adobe.</p>



<h2 id="microsoft-released-a-whopping-147-new-cves" class="wp-block-heading">Microsoft released a whopping 147 new CVEs</h2>



<p>Microsoft released 147 new CVEs in April. All are in Microsoft Windows and Windows Components; Office and Office Components and Azure; .NET Framework and Visual Studio; SQL Server; DNS Server; Windows Defender; Bitlocker; Windows Secure Boot. When counting in the third-party CVEs acquired this month, the CVE count comes to 155. Three of these bugs arrived via the ZDI program. </p>



<p>Of the new patches released, three are rated Critical, 142 Important, and two Moderate in severity. This is the biggest release from Microsoft this year and the largest since at least 2017. As far as we can tell, it’s the largest Patch Tuesday release from Microsoft of all time. It’s not clear if this is due to a backlog from the slower months, a surge in vulnerability reporting. It will be interesting to see which trend continues. None of the CVEs are listed as currently under active attack or as publicly known at the time of release.</p>



<h2 id="hackers-exploiting-wp-automatic-plugin-bug" class="wp-block-heading">Hackers Exploiting WP-Automatic Plugin Bug</h2>



<p>A high-severity security vulnerability in the ValvePress Automatic plugin for WordPress is being actively exploited. The weakness, <a href="https://nvd.nist.gov/vuln/detail/CVE-2024-27956" target="_blank" rel="noreferrer noopener nofollow">cve-2024-27956</a>, has a CVSS rating of 9.9/10 and affects all versions of the plugin before<a href="https://codecanyon.net/item/wordpress-automatic-plugin/1904470" target="_blank" rel="noreferrer noopener nofollow"> 3.92.0</a>. Although the fault was repaired on February 27, 2024, when version 3.92.1 was revealed, the changelog does not mention it. Bad actors might utilize the fault to access sites without the owner’s permission, persuade admin‐level user accounts, upload malware payloads, and potentially seize control of unprotected systems. The bug arises from a deficiently implemented authentication check associated with the plugin’s user authentication protocol.</p>



<h2 id="two-cisco-zero-day-vulnerabilities-exploited-for-espionage" class="wp-block-heading">Two Cisco Zero-Day Vulnerabilities Exploited for Espionage</h2>



<p>A new malware operation used two zero-day vulnerabilities in Cisco networking equipment to distribute custom malware and enable stealth data collection inside the targeted environments. Cisco Talos, who named the campaign <a href="https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/" target="_blank" rel="noreferrer noopener nofollow">ArcaneDoor</a>, claims to have discovered the malware and that the attacker is a sophisticated state-sponsored threat actor known as UAT4356 (also tracked as Storm-1849 by Microsoft). According to a blog post, Talos said that the compromise was discovered and documented in on early January of 2024. </p>



<p>The adversaries are exploiting:</p>



<ul class="wp-block-list">
<li><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-websrvs-dos-X8gNucD2" target="_blank" rel="noreferrer noopener nofollow">CVE-2024-20353</a> (CVSS rating: 8.6) – Cisco Adaptive Security Appliance and Firepower Threat Defense Software Web Services Denial-of-Service Vulnerability</li>



<li><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-rce-FLsNXF4h" target="_blank" rel="noreferrer noopener nofollow">CVE-2024-20359</a> (CVSS rating: 6.0) – Cisco Adaptive Security Appliance and Firepower Threat Defense Software Persistent Local Code Execution Vulnerability </li>
</ul>



<p>This case is a reminder to all of us that a zero-day attack is a powerful weapon that cybercriminals use to exploit a security hole that is not known to the public.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://howtoremove.guide/cyber-security-monthly-recap-april-2024/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>Cyber Security Monthly Recap: March 2024</title>
		<link>https://howtoremove.guide/cyber-security-monthly-recap-march-2024/</link>
					<comments>https://howtoremove.guide/cyber-security-monthly-recap-march-2024/#respond</comments>
		
		<dc:creator><![CDATA[Lidia Howler]]></dc:creator>
		<pubDate>Wed, 24 Apr 2024 08:45:48 +0000</pubDate>
				<category><![CDATA[News]]></category>
		<guid isPermaLink="false">https://howtoremove.guide/?p=214272</guid>

					<description><![CDATA[Hi there, lovers of security! Did you miss our Cyber Security Monthly Recap? We&#8217;re back with the third installment of our monthly series, which consists of brief but informative tidbits to keep you informed about the Security and Safety sector. For March, we summarized a selection of important topics that offer useful cybersecurity takeaways and [&#8230;]]]></description>
										<content:encoded><![CDATA[
<p>Hi there, lovers of security! Did you miss our Cyber Security Monthly Recap? We&#8217;re back with the third installment of our monthly series, which consists of brief but informative tidbits to keep you informed about the Security and Safety sector. For March, we summarized a selection of important topics that offer useful cybersecurity takeaways and compelling indications regarding the direction of cybersecurity. So, let&#8217;s get started!</p>



<p></p>



<figure class="wp-block-image aligncenter size-full is-resized"><img decoding="async" src="https://howtoremove.guide/wp-content/uploads/2024/04/Cyber-Security-Monthly-Recap-March-2024.jpg" alt="Cyber Security Monthly Recap March 2024" class="wp-image-214273" width="753" height="504" srcset="https://howtoremove.guide/wp-content/uploads/2024/04/Cyber-Security-Monthly-Recap-March-2024.jpg 833w, https://howtoremove.guide/wp-content/uploads/2024/04/Cyber-Security-Monthly-Recap-March-2024-300x201.jpg 300w, https://howtoremove.guide/wp-content/uploads/2024/04/Cyber-Security-Monthly-Recap-March-2024-150x100.jpg 150w, https://howtoremove.guide/wp-content/uploads/2024/04/Cyber-Security-Monthly-Recap-March-2024-768x514.jpg 768w, https://howtoremove.guide/wp-content/uploads/2024/04/Cyber-Security-Monthly-Recap-March-2024-810x542.jpg 810w" sizes="(max-width: 753px) 100vw, 753px" /><figcaption class="wp-element-caption">Cyber Security Monthly Recap March 2024</figcaption></figure>



<p></p>



<h2 id="cisa-hacked-via-ivanti-vulnerabilities" class="wp-block-heading"><strong>CISA Hacked via Ivanti Vulnerabilities</strong></h2>



<p>For more than a month, the world has been responding to Ivanti VPN vulnerabilities, but new information keeps coming to light. How can businesses expect to perform any better if the U.S. Cybersecurity and Infrastructure Security Agency can be hacked using the same method they warned everyone else about?</p>



<p>The U.S. cybersecurity agency, CISA, <a href="https://www.crn.com/news/security/2024/cisa-breached-via-ivanti-vpn-vulnerabilities-report" target="_blank" rel="noreferrer noopener nofollow">confirmed</a> that a threat actor had compromised two of its internal systems by taking advantage of vulnerabilities in Ivanti products. Two zero-day vulnerabilities that were being exploited by a Chinese nation-state threat actor were revealed by Ivanti on January 10. </p>



<p>Robust Cybersecurity is still the most important advantage that businesses can have in any competitive market. You will attract more and better clients and increase your revenue if you can demonstrate to your clients that you are highly resistant to the Citrix Netscaler vulnerabilities, CISCO ASA vulnerabilities, and Ivanti VPN vulnerabilities. Businesses that are unable to accomplish this will either suffer from a cyberattack or from a loss of clients.</p>



<h2 id="unitedhealth-has-suffered-a-cyberattack" class="wp-block-heading"><strong>UnitedHealth Has Suffered a Cyberattack </strong></h2>



<p>Pharmacies around the US are finding it difficult to control the distribution of prescription drugs to patients as a result of a <a href="https://www.forbes.com/sites/jamesfarrell/2024/03/13/department-of-health-investigating-unitedhealth-after-unprecedented-cyber-attack/" target="_blank" rel="noreferrer noopener nofollow">cyberattack on UnitedHealth</a>. Hackers breached the network of Change Healthcare, a UnitedHealth subsidiary that handles prescription processing for tens of thousands of pharmacies across the country. </p>



<p>Prescriptions could not be sent by pharmacies to insurance companies for reimbursement due to a cyber incident. The continuous problem prevented Naval Hospital in Camp Pendleton, California, from processing any prescription claims, and Evans Army Community Hospital in Colorado reported delays in prescription orders that affected refills and dispensing. A small pharmacy in Norton, Kansas called Moffet Drug and the prescription discount service GoodRx both reported service interruptions. </p>



<p>In a filing with the Securities and Exchange Commission (SEC), UnitedHealth revealed that there&#8217;s a chance that a group of hackers funded by a foreign country planned the cyberattack. The business quickly identified and contained the attack, alerted law enforcement, and started working to get its systems back online. </p>



<p>In response, the American Hospital Association recommended that hospitals cut off from UnitedHealth&#8217;s network until the problem was fixed in order to reduce their vulnerability to hackers. Change Healthcare thinks that because disruptions persisted during the attack, the attack was contained within its network.</p>



<h2 id="mother-of-all-breaches-brings-more-security-implications" class="wp-block-heading"><strong>“Mother of all Breaches” brings more security implications</strong></h2>



<p>Early in 2024, researchers from Security Discovery and Cybernews stumbled upon a dataset that included 26 billion compromised accounts from a variety of platforms, including Tencent, Adobe, Dropbox, LinkedIn, X (Twitter), Canva, and Telegram. This discovery was named as the “mother of all breaches” (MOAB). </p>



<p>The widespread hack has affected numerous international government agencies, including those in the US, Brazil, Germany, the Philippines, and Turkey. The recently released dataset contains some new information in addition to data that was stolen in earlier breaches. The disturbing thing is that businesses could face <a href="https://truefort.com/mother-of-all-breaches/" target="_blank" rel="noreferrer noopener nofollow">serious issues</a> due to the continuous risk the 12-terabyte dataset poses to client information and business security. Thanks to the data that is available, threat actors can now launch more effective cyberattacks and easily carry out crimes like identity theft.</p>



<p>Therefore, it is advised that businesses adopt a proactive stance and monitor their infrastructure for signs of unusual activity, such as phishing attempts, unexpected network traffic, suspicious account activity, unknown access scenarios, and notable customer feedback. When everything is taken into account, the MOAB cyber incident emphasizes how important it is for businesses everywhere to drastically change their viewpoint on effective network security.</p>



<p></p>



<h2 id="a-22-million-scam-was-achieved-by-a-ransomware-group" class="wp-block-heading"><strong>A  million scam was achieved by a ransomware group.</strong></h2>



<p>A significant section of the US healthcare sector was the target of a cyberattack conducted more than a month ago by a group of Russian hackers. The group planned a ransomware attack against a national Optum healthcare management system that manages patient accounts, including insurance claims, prescription orders, and payment processing. </p>



<p><a href="https://cybernews.com/news/unitedhealth-22-million-ransom-paid-alphv-blackcat-hackers/" target="_blank" rel="noreferrer noopener nofollow">Optum allegedly paid AlphV</a>, a hacker group also going by the name Black Cat, to get rid of the ransomware and get back the stolen data. Blockchain&#8217;s ledger shows that on Friday, seven transfers totaling $3,348,114 were made from one account to seven different accounts. After fees, the total came to about $22 million. Later, an unidentified person on a dark web forum verified the$22 million payment but claimed AlphV took the money but kept lying and delaying the recovery of the stolen data.</p>



<p>This 4TB of &#8220;critical data&#8221; is sourced from multiple insurance and healthcare providers, including Medicare, Loomis, CVS-Caremark, and Metlife. A seizure notice appeared on AlphV&#8217;s website shortly after, most likely as a result of FBI and foreign agency action. However, the UK&#8217;s National Crime Agency—which was given particular credit on the notice—denied any involvement.</p>



<p>After more research, it was discovered that the seizure notice was a copy of one from another AlphV website, suggesting that the group is really defrauding its affiliates and creating the appearance of an FBI takedown. AlphVs may decide to go into hiding for the time being, reorganize, and then reappear on the dark web using a new identity. This is a typical strategy used by hacker groups under legal threat. This incident demonstrates that hackers will do whatever it takes to make quick profits.</p>



<h2 id="lockbit-has-made-a-comeback" class="wp-block-heading"><strong>Lockbit Has Made a Comeback</strong></h2>



<p>International law enforcement agencies severely disrupted the well-known ransomware group Lockbit in February. More than a thousand decryption keys were obtained by law enforcement as part of this operation, and several known Lockbit associates are currently being held. </p>



<p>These keys might aid in the recovery of affected data for group victims. Although this was good news, events changed a few days later. Lockbit <a href="https://www.theguardian.com/technology/2024/feb/26/russian-based-lockbit-ransomware-hackers-attempt-comeback" target="_blank" rel="noreferrer noopener nofollow">seems to have already made a comeback</a> with new encryptors and servers. In light of recent law enforcement actions, it is unclear if this group has been significantly impacted or if they have simply moved their operations elsewhere.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://howtoremove.guide/cyber-security-monthly-recap-march-2024/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>Cyber Security Monthly Recap: January 2024</title>
		<link>https://howtoremove.guide/cyber-security-monthly-recap-january-2024/</link>
					<comments>https://howtoremove.guide/cyber-security-monthly-recap-january-2024/#respond</comments>
		
		<dc:creator><![CDATA[Lidia Howler]]></dc:creator>
		<pubDate>Tue, 06 Feb 2024 08:56:17 +0000</pubDate>
				<category><![CDATA[News]]></category>
		<guid isPermaLink="false">https://howtoremove.guide/?p=212043</guid>

					<description><![CDATA[Welcome to the January 2024 edition of Cyber Security Monthly Recap. This month, we&#8217;ve seen some significant events that emphasize the importance of protecting our digital world. From legal challenges to critical vulnerabilities, January 2024 highlights the need to stay informed about cybersecurity. Let&#8217;s dive in! Meta Faces GDPR Complaint for Consent Withdrawal Fees Meta [&#8230;]]]></description>
										<content:encoded><![CDATA[
<p>Welcome to the January 2024 edition of Cyber Security Monthly Recap. This month, we&#8217;ve seen some significant events that emphasize the importance of protecting our digital world. From legal challenges to critical vulnerabilities, January 2024 highlights the need to stay informed about cybersecurity. Let&#8217;s dive in!</p>



<p><strong>Meta Faces GDPR Complaint for Consent Withdrawal Fees</strong> </p>



<p>Meta is under fire for requiring users to pay up to €251.88 per year to withdraw consent for tracking on Facebook and Instagram. This goes against GDPR rules, which mandate that withdrawing consent should be as easy as giving it. <a href="https://noyb.eu/en/meta-ignores-users-right-easily-withdraw-consent" target="_blank" rel="noreferrer noopener nofollow">NOYB</a> filed a complaint in Austria, challenging Meta&#8217;s approach and demanding a fee-free withdrawal method. This case could set a precedent for privacy charges and impact Meta&#8217;s operations in the EU.</p>



<p><strong>Urgent: GitLab Releases Critical Updates</strong> </p>



<p>GitLab issued critical updates for CVE-2023-7028, a severe email verification flaw allowing account takeovers, and CVE-2023-5356, which prevented command execution via Slack/Mattermost integrations. Users are urged to update GitLab to the latest versions and enable 2FA for enhanced security.</p>



<p><strong>GitHub Addresses High-Severity Vulnerability</strong> </p>



<p>GitHub resolved a high-severity vulnerability (CVE-2024-0200) exposing credentials, leading to the rotation of key credentials, including GitHub Actions and Codespaces keys. Users need to import new keys to stay secure. GitHub continues its proactive cybersecurity measures.</p>



<p><strong>Outlook Calendar Invite Vulnerability</strong> </p>



<p>Varonis researchers disclosed a Microsoft Outlook vulnerability (CVE-2023-35636) that leaks hashed passwords through <a href="https://www.scmagazine.com/news/accepting-a-calendar-invite-in-outlook-could-leak-your-password" target="_blank" rel="noreferrer noopener nofollow">malicious calendar invites</a>. While patched in December 2023, it&#8217;s crucial to stay vigilant against such threats, use Kerberos over NTLM for authentication, and keep software updated.</p>



<p><strong>Massive Data Leak: Mother of All Breaches (MOAB)</strong> </p>



<p>A colossal data leak, dubbed the &#8220;<a href="https://cybernews.com/security/billions-passwords-credentials-leaked-mother-of-all-breaches/" target="_blank" rel="noreferrer noopener nofollow">Mother of all Breaches</a>&#8221; (MOAB), exposed 12 terabytes of data with over 26 billion records from platforms like LinkedIn and Twitter. This poses severe threats, including identity theft and phishing attacks. Users are advised to enhance cybersecurity practices, use strong passwords, and enable multi-factor authentication.</p>



<p><strong>New Malvertising Scheme Spreading CACTUS Ransomware</strong></p>



<p>A hacking group known as Twisted Spider, has been detected using a new malvertising scheme to spread the CACTUS ransomware. This group had previously been linked to the QakBot malware, which had been taken down by law enforcement. To adapt, Twisted Spider turned to Storm-1044 services. They infect target computers with the DanaBot initial access Trojan, a threat observed since November 2023. DanaBot specializes in stealing information, including login credentials, and gives this stolen data to hackers. Once inside a network, Storm-1044 moves laterally, effectively handing control to Twisted Spider. Subsequently, the CACTUS ransomware is unleashed on the compromised systems, becoming a favorite among ransomware operators.</p>



<p></p>



<p>In conclusion, that&#8217;s a wrap for our January 2024 Cybersecurity Monthly Recap. We hope this update has provided you with valuable insights into the evolving world of cybersecurity and data privacy. Your engagement is essential to us, so feel free to share any interesting articles or news updates in the comments section below. Stay safe and stay secure!</p>
]]></content:encoded>
					
					<wfw:commentRss>https://howtoremove.guide/cyber-security-monthly-recap-january-2024/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>Cyber Security Monthly Recap: December 2023</title>
		<link>https://howtoremove.guide/cyber-security-monthly-recap-december-2023/</link>
					<comments>https://howtoremove.guide/cyber-security-monthly-recap-december-2023/#respond</comments>
		
		<dc:creator><![CDATA[Lidia Howler]]></dc:creator>
		<pubDate>Tue, 02 Jan 2024 09:54:53 +0000</pubDate>
				<category><![CDATA[News]]></category>
		<guid isPermaLink="false">https://howtoremove.guide/?p=210683</guid>

					<description><![CDATA[December 2023 in the cybersecurity world was marked by a series of significant developments, reflecting the ever-evolving nature of cyber threats and the continuous efforts to counteract them. This month witnessed a range of events, from Microsoft&#8217;s strategic response to malware threats to groundbreaking legislative advancements in the EU, emphasizing the multifaceted challenges in AI [&#8230;]]]></description>
										<content:encoded><![CDATA[
<p>December 2023 in the cybersecurity world was marked by a series of significant developments, reflecting the ever-evolving nature of cyber threats and the continuous efforts to counteract them. This month witnessed a range of events, from Microsoft&#8217;s strategic response to malware threats to groundbreaking legislative advancements in the EU, emphasizing the multifaceted challenges in AI and cybersecurity, but let&#8217;s quickly go over some of the key topics that happened.</p>



<p></p>



<figure class="wp-block-image aligncenter size-large is-resized"><img loading="lazy" decoding="async" src="https://howtoremove.guide/wp-content/uploads/2024/01/Cyber-Security-Monthly-Recap-December-1-1024x620.webp" alt="" class="wp-image-210703" width="747" height="452" srcset="https://howtoremove.guide/wp-content/uploads/2024/01/Cyber-Security-Monthly-Recap-December-1-1024x620.webp 1024w, https://howtoremove.guide/wp-content/uploads/2024/01/Cyber-Security-Monthly-Recap-December-1-300x182.webp 300w, https://howtoremove.guide/wp-content/uploads/2024/01/Cyber-Security-Monthly-Recap-December-1-150x91.webp 150w, https://howtoremove.guide/wp-content/uploads/2024/01/Cyber-Security-Monthly-Recap-December-1-768x465.webp 768w, https://howtoremove.guide/wp-content/uploads/2024/01/Cyber-Security-Monthly-Recap-December-1-810x490.webp 810w, https://howtoremove.guide/wp-content/uploads/2024/01/Cyber-Security-Monthly-Recap-December-1-1140x690.webp 1140w, https://howtoremove.guide/wp-content/uploads/2024/01/Cyber-Security-Monthly-Recap-December-1.webp 1342w" sizes="auto, (max-width: 747px) 100vw, 747px" /></figure>



<p></p>



<p><strong>Microsoft Disables MSIX App Installer Protocol Exploited Widely in Malware Attacks</strong></p>



<p>Microsoft has made a significant security update by <a href="https://msrc.microsoft.com/blog/2023/12/microsoft-addresses-app-installer-abuse/" target="_blank" rel="noreferrer noopener nofollow">disabling</a> a feature known as the ms-appinstaller protocol handler in its App Installer. This decision was taken because cybercriminals <a href="https://www.microsoft.com/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/" target="_blank" rel="noreferrer noopener nofollow">were exploiting this feature</a> to spread malware, which could lead to ransomware attacks. The ms-appinstaller protocol handler was initially designed to make installing apps easier, but attackers found a way to use it for harmful purposes. They created malicious app packages, which appeared legitimate, and distributed them through various channels like Microsoft Teams and deceptive online advertisements. These advertisements often mimicked popular software, luring users to download harmful content.</p>



<p>To combat this threat, Microsoft has updated the App Installer to a newer version (1.21.3421.0 or higher), where the ms-appinstaller protocol handler is turned off by default. This change aims to close the loophole that attackers were exploiting and is a proactive step by Microsoft to enhance the security of its users by preventing the distribution of malware through this method.</p>



<p><strong><strong>Operation Triangulation Targets Apple iOS Devices</strong></strong></p>



<p>In a recent <a href="https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/" target="_blank" rel="noreferrer noopener nofollow">revelation</a>, a highly complex and sophisticated type of spyware attack, known as &#8220;Operation Triangulation,&#8221; has been identified targeting Apple&#8217;s iOS devices. This attack is particularly alarming because it managed to bypass the robust hardware-based security features that Apple is known for. Discovered by the Russian cybersecurity firm Kaspersky, which itself was one of the targets, this attack chain is considered the most intricate and advanced they&#8217;ve ever seen. Active since 2019, this campaign took advantage of unique vulnerabilities within Apple&#8217;s system that had not been exploited before.</p>



<p>The attack begins with a seemingly harmless iMessage that contains a malicious attachment. This is a &#8220;zero-click&#8221; attack, meaning it doesn&#8217;t require any action from the user, like clicking a link, to activate. The spyware then silently works to gain extensive control over the device, bypassing security measures to gather sensitive information. It achieves this by chaining together four previously unknown flaws (zero-day flaws) in iOS, allowing the attackers to deeply infiltrate and plant spyware in devices up to iOS version 16.2. This level of access and the method of execution make it a particularly dangerous and stealthy form of cyber espionage. </p>



<p><strong>Carbanak Banking Malware Resurfaces</strong></p>



<p>Carbanak, a notorious banking malware, has recently made a comeback with a twist in its operations. Previously known for targeting banks, Carbanak has now been spotted in ransomware attacks. This change in strategy was noted in the November 2023 ransomware attacks analyzed by the cybersecurity firm <a href="https://www.nccgroup.com/us/newsroom/ncc-group-monthly-threat-pulse-november-2023/" target="_blank" rel="noreferrer noopener nofollow">NCC Group</a>. They observed that Carbanak has evolved, now incorporating new methods and techniques to enhance its effectiveness in cyberattacks.</p>



<p>What&#8217;s new with Carbanak is how it&#8217;s being spread. The malware has been distributed through compromised websites, cleverly disguised as various business-related software programs. It mimics popular tools like HubSpot, Veeam, and Xero, tricking users into downloading it. Carbanak, active since at least 2014, is known for its abilities to steal data and remotely control infected systems. Originally a banking malware, it has been associated with the FIN7 cybercrime syndicate, a group known for targeting financial institutions. This shift to ransomware tactics marks a significant evolution in its use, making it more threatening to a broader range of targets. </p>



<p><strong>EU Negotiators Come To Agreement on EU AI Act </strong></p>



<p>The European Union has made a significant step forward with the <a href="https://www.europarl.europa.eu/news/en/press-room/20231206IPR15699/artificial-intelligence-act-deal-on-comprehensive-rules-for-trustworthy-ai" target="_blank" rel="noreferrer noopener nofollow">agreement</a> on the EU Artificial Intelligence (AI) Act. This act is a comprehensive set of rules to manage the development and use of AI within the EU. A key aspect of this agreement is the distinction between different types of AI models, categorized into two types: high impact and low impact. High impact models, due to their potential significant influence or risk, are subject to strict regulations. </p>



<p>These regulations include the requirement to conduct thorough evaluations of the models, assess and reduce systemic risks, perform adversarial testing, report serious incidents to the European Commission, ensure robust cybersecurity measures for the data used by these models, and also report on the energy efficiency of the models. The enforcement of the AI Act will not start immediately; it is expected to begin two years after the act is officially passed, which is projected to be around 2026.</p>



<p><strong>Interpol Says Trafficking For Cyber Scams Is Expanding Globally </strong></p>



<p>Interpol recently conducted its first major operation specifically targeting a growing global issue: human trafficking being used to fuel online fraud schemes. During <a href="https://www.interpol.int/News-and-Events/News/2023/INTERPOL-operation-reveals-further-insights-into-globalization-of-cyber-scam-centres" target="_blank" rel="noreferrer noopener nofollow">this operation</a>, which took place over four days in mid-October, Interpol carried out over 270,000 inspections across 450 locations known for human and migrant trafficking activities. The troubling trend they&#8217;re addressing involves human trafficking victims being deceived with false promises of high-paying jobs in foreign countries. Once these individuals arrive, they are forced by traffickers to engage in online scams.</p>



<p>This issue has been particularly prevalent in Southeast Asia, where Chinese criminal organizations have expanded into countries like Cambodia and Myanmar. These groups use a mix of corruption and violence to operate their scamming activities, largely beyond the reach of law enforcement. However, Interpol&#8217;s recent findings indicate that this practice is not confined to Southeast Asia. The operation revealed the spread of these criminal activities to other regions, such as Peru, where over forty Malaysian victims of human trafficking were rescued from being compelled to commit online fraud. This expansion highlights the global scale of the problem and the need for continued international efforts to combat these criminal networks.</p>



<p><strong>ALPHV Blackcat Emplys New Ransomware Tactics</strong></p>



<p>ALPHV Blackcat, a notable ransomware group, has evolved its tactics in carrying out cyber attacks. Instead of just using ransomware, they now also engage in phishing and compromising accounts to steal data and extort money from their victims, without necessarily deploying ransomware. This means they can gain control over a victim&#8217;s data and then demand money for not releasing or misusing it.</p>



<p>Recently, ALPHV Blackcat released an updated version of their ransomware, dubbed &#8220;ALPHV Blackcat Ransomware 2.0 Sphynx.&#8221; This new version comes with enhanced capabilities like better evasion of security defenses and additional tools for the affiliates who carry out the attacks. It&#8217;s capable of targeting both Windows and Linux devices, as well as VMWare instances. The FBI reports that ALPHV Blackcat affiliates have attacked over 1,000 entities worldwide, with about 75% of these attacks occurring in the United States. The group has demanded over $500 million in ransoms and has received nearly $300 million in payments. This widespread impact underlines the serious threat posed by this ransomware group. For more detailed information, you can read the full advisory on the Cybersecurity &amp; Infrastructure Security Agency (CISA) website <a href="https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-353a" target="_blank" rel="noreferrer noopener nofollow">here</a>.</p>



<p><strong>2023 Is A Record Year for Ransomware</strong></p>



<p>2023 has been a record-breaking year in terms of ransomware attacks, highlighting a growing cybersecurity threat worldwide. According to <a href="https://www.nccgroup.com/us/newsroom/ncc-group-monthly-threat-pulse-november-2023/" target="_blank" rel="noreferrer noopener nofollow">research by NCC Group</a>, by the end of November 2023, there were 4,276 ransomware attacks globally, which is more than double the number from the previous year. And this count doesn&#8217;t even include the data for December.</p>



<p>In addition to the increase in ransomware attacks, there&#8217;s also a significant number of new vulnerabilities discovered this year – over 26,000, as per <a href="https://blog.qualys.com/vulnerabilities-threat-research/2023/12/19/2023-threat-landscape-year-in-review-part-one" target="_blank" rel="noreferrer noopener nofollow">Qualys researchers</a>. However, only a small fraction of these vulnerabilities, around 7,000, were considered high risk, and even fewer, 206, had weaponized code available. These particular vulnerabilities are of special concern to information security professionals because they are more likely to be exploited. Notably, over 32% of these critical vulnerabilities were related to network infrastructure or web applications, areas that require urgent patching or mitigation. The average time to exploit vulnerabilities this year was 44 days, but some were exploited the same day they became public. </p>



<p><strong>Conclusion</strong></p>



<p>As we conclude the events, December 2023 serves as a reminder of the dynamic and challenging cybersecurity environment we navigate. It stresses the importance of continuous learning, adaptation, and collaboration among cybersecurity professionals, organizations, and governments to protect digital assets and maintain trust in our technology-driven world.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://howtoremove.guide/cyber-security-monthly-recap-december-2023/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>Cyber Security Monthly Recap: November 2023</title>
		<link>https://howtoremove.guide/cyber-security-monthly-recap-november-2023/</link>
					<comments>https://howtoremove.guide/cyber-security-monthly-recap-november-2023/#respond</comments>
		
		<dc:creator><![CDATA[Lidia Howler]]></dc:creator>
		<pubDate>Mon, 04 Dec 2023 14:25:02 +0000</pubDate>
				<category><![CDATA[News]]></category>
		<guid isPermaLink="false">https://howtoremove.guide/?p=208796</guid>

					<description><![CDATA[November 2023 was a busy month for cybersecurity, with many incidents and insights reported by various sources. Here are some of the highlights of what happened in the cyber world in the past month. Widespread Ransomware Attacks November 2023 started with a series of ransomware attacks targeting a diverse range of victims from healthcare organizations [&#8230;]]]></description>
										<content:encoded><![CDATA[
<p>November 2023 was a busy month for cybersecurity, with many incidents and insights reported by various sources. Here are some of the highlights of what happened in the cyber world in the past month.</p>



<p><strong>Widespread Ransomware Attacks</strong> </p>



<p>November 2023 started with a series of ransomware attacks targeting a diverse range of victims from healthcare organizations to educational institutions. Among the notable incidents, the TransForm Shared Service Organisation <a href="https://www.databreaches.net/exclusive-daixin-team-claims-responsibility-for-attacks-affecting-canadian-hospitals-starts-leaking-data/" target="_blank" rel="noreferrer noopener nofollow">experienced</a> a significant data breach affecting five Canadian hospitals, with the Daixin Team claiming responsibility.</p>



<p>A massive ransomware attack <a href="https://therecord.media/massive-cyberattack-hinders-services-in-germany" target="_blank" rel="noreferrer noopener nofollow">paralyzed</a> local government services across 70 municipalities in Germany. The attack encrypted servers of the local municipal service provider Südwestfalen IT, demonstrating the increasing risk to public sector infrastructure.</p>



<p>In a turn of events, Dallas County successfully <a href="https://therecord.media/dallas-county-combats-ransomware-attack" target="_blank" rel="noreferrer noopener nofollow">interrupted</a> a data exfiltration attempt during a ransomware attack, preventing file encryption and highlighting the importance of proactive cybersecurity measures.</p>



<p>Boeing <a href="https://www.bleepingcomputer.com/news/security/lockbit-ransomware-leaks-gigabytes-of-boeing-data/" target="_blank" rel="noreferrer noopener nofollow">confirmed </a>a cyberattack impacting its parts and distribution business. The LockBit ransomware group claimed responsibility for the attack, underscoring the vulnerability of even the largest global corporations. Meanwhile, the American Airlines pilot union <a href="https://www.bleepingcomputer.com/news/security/american-airlines-pilot-union-hit-by-ransomware-attack/" target="_blank" rel="noreferrer noopener nofollow">faced</a> a ransomware attack, with sensitive information of thousands of pilots and applicants accessed, raising serious privacy concerns.</p>



<p>Moneris, a Canadian banking tech giant, and MeridianLink, a financial software company, <a href="https://therecord.media/moneris-canada-ransomware-attack-prevented" target="_blank" rel="noreferrer noopener nofollow">confirmed</a> cyberattacks, with MeridianLink <a href="https://therecord.media/meridianlink-confirms-cyberattack-after-sec-threat" target="_blank" rel="noreferrer noopener nofollow">facing</a> an unusual extortion tactic by AlphV/Black Cat.</p>



<p><a href="https://www.bleepingcomputer.com/news/security/toyota-confirms-breach-after-medusa-ransomware-threatens-to-leak-data/" target="_blank" rel="noreferrer noopener nofollow">Toyota</a> Financial Services, a subsidiary of the Toyota Group that provides financial services to customers and dealers, was attacked by Medusa ransomware, a malware group that encrypts data and demands payment for decryption. The operators of Medusa ransomware threatened to leak the data of Toyota Financial Services if the ransom was not paid. The company confirmed that it detected unauthorized access to some of its systems in Europe and Africa, and that it was working to resolve the issue and protect its customers&#8217; data.</p>



<p><a href="https://global.yamaha-motor.com/news/2023/1116/corporate.html" target="_blank" rel="noreferrer noopener nofollow">Yamaha</a> Motor Co., Ltd. confirmed that one of the servers managed by its motorcycle manufacturing and sales subsidiary in the Philippines, Yamaha Motor Philippines, Inc. (YMPH), was accessed without authorization by a third party and hit by a ransomware attack. According to the information that was disclosed,  some employees&#8217; personal information stored by YMPH had been leaked. The news release also states that Yamaha Motor and YMPH have set up a countermeasures team and have been working to prevent further damage, investigate the scope of the impact, and recovering the systems with the help of an external internet security company. Yamaha Motor apologized for the inconvenience and worry caused by the incident and reported it to the Philippine authorities.</p>



<p><strong>Major Data Breaches</strong></p>



<p>Marina Bay Sands, a luxury resort and casino in Singapore, has <a href="https://www.marinabaysands.com/company-information/data-security-notice.html" target="_blank" rel="noreferrer noopener nofollow">disclosed</a> a data breach that affected 665,000 customers who visited the property between January 2014 and March 2020. The breach exposed personal information such as names, contact details, loyalty program numbers, and government-issued identification numbers. The resort said it had notified the affected customers and offered them free identity theft protection services. It also said it had enhanced its security measures and was cooperating with the authorities to investigate the incident.</p>



<p>McLaren Health Care, a Michigan-based health system, has <a href="https://www.mclaren.org/main/notification" target="_blank" rel="noreferrer noopener nofollow">announced</a> a data breach that impacted 2.2 million people who received medical services at its facilities between February 2019 and October 2020. The breach occurred when an unauthorized party gained access to a third-party vendor&#8217;s systems that stored McLaren&#8217;s patient data. The data included names, dates of birth, medical record numbers, insurance information, and limited treatment information. McLaren said it had notified the affected individuals and offered them free credit monitoring and identity protection services. It also said it had terminated its relationship with the vendor and was working with law enforcement to investigate the incident.</p>



<p>Samsung Electronics has notified some of its UK customers of a data breach that exposed their personal information to an unauthorized individual. The <a href="https://www.samsung.com/us/support/securityresponsecenter/" target="_blank" rel="noreferrer noopener nofollow">breach</a> occurred between July 1, 2019, and June 30, 2020, and affected customers who made purchases from the Samsung UK online store. The data included names, contacts, dates of birth, and product registration data. Samsung said it had fixed the issue, notified the authorities, and offered free identity theft protection services to the affected customers</p>



<p><strong>Vulnerabilities and Patches</strong></p>



<p>Four zero-day vulnerabilities (<a href="https://www.zerodayinitiative.com/advisories/ZDI-23-1578/" target="_blank" rel="noreferrer noopener nofollow">ZDI-23-1578</a> to <a href="https://www.zerodayinitiative.com/advisories/ZDI-23-1581/" target="_blank" rel="noreferrer noopener nofollow">ZDI-23-1581</a> ) were identified in Microsoft Exchange, enabling attackers to execute arbitrary code or steal sensitive information remotely on vulnerable Exchange servers. These vulnerabilities underscore the ongoing risks in widely used communication platforms and the necessity of immediate updates.</p>



<p>CISA warned federal agencies to secure Juniper devices against four vulnerabilities (CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, and CVE-2023-36847) that are being exploited by hackers to launch remote code execution attacks. The <a href="https://supportportal.juniper.net/s/article/2023-08-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-can-be-combined-to-allow-a-preAuth-Remote-Code-Execution?language=en_US" target="_blank" rel="noreferrer noopener nofollow">vulnerabilities</a> affect the Junos OS web server, which runs on various Juniper products, such as routers, switches, and firewalls. The advisory underscored the need for heightened security in network infrastructure, as the hackers can send malicious requests or headers to the web server and execute arbitrary commands on the unprotected device without needing any authentication.</p>



<p>In another <a href="https://www.cisa.gov/news-events/alerts/2023/11/14/cisa-adds-three-known-exploited-vulnerabilities-catalog" target="_blank" rel="noreferrer noopener nofollow">advisory</a>, CISA highlighted three vulnerabilities (CVE-2023-36033, CVE-2023-36025, and CVE-2023-36036) disclosed by Microsoft during its Patch Tuesday updates. They affect Microsoft Exchange Server, Microsoft Office, and Microsoft Windows and their inclusion in CISA’s vulnerability list reflected the significance of these bugs and the need for rapid patching.</p>



<p>November also marked the addition of three actively exploited vulnerabilities (CVE-2023-36584, CVE-2023-1671, CVE-2020-2551) to CISA&#8217;s <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" target="_blank" rel="noreferrer noopener nofollow">KEV catalog</a>. The flaws are affecting Microsoft devices, a Sophos product, and an Oracle solution, underlining the ongoing threat landscape in these software and hardware products.</p>



<p>A critical vulnerability tracked as <a href="https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36052" target="_blank" rel="noreferrer noopener nofollow">CVE-2023-36052</a> was addressed by Microsoft, this time in Azure CLI, a tool that allows users to manage Azure resources from the command line. The vulnerability, which was discovered by a security researcher from Palo Alto Networks, could expose the credentials of users who run Azure CLI commands in GitHub Actions or Azure DevOps pipelines. Microsoft has fixed the vulnerability and advised users to update their Azure CLI version to 2.31.0 or later, and to revoke and regenerate any compromised credentials.</p>



<p><strong>Conclusion</strong></p>



<p>This is how the cybersecurity landscape looked like in November 2023 through our lenses. It was a month that presented a dynamic and evolving set of security challenges that highlighted the importance of adopting robust security practices because, in times when cyber threats continue to advance, the best defense is an informed and proactive approach. </p>
]]></content:encoded>
					
					<wfw:commentRss>https://howtoremove.guide/cyber-security-monthly-recap-november-2023/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>Cybersecurity 101: Essential Tips for Protecting Your Information in College</title>
		<link>https://howtoremove.guide/cybersecurity-101-essential-tips-for-protecting-your-information-in-college/</link>
					<comments>https://howtoremove.guide/cybersecurity-101-essential-tips-for-protecting-your-information-in-college/#respond</comments>
		
		<dc:creator><![CDATA[Lidia Howler]]></dc:creator>
		<pubDate>Mon, 27 Nov 2023 16:14:56 +0000</pubDate>
				<category><![CDATA[News]]></category>
		<guid isPermaLink="false">https://howtoremove.guide/?p=208218</guid>

					<description><![CDATA[It is more important than ever to keep your personal information safe in this digital age where everything is accessible with a click. Cybersecurity is a word that people often connect with big businesses and the government, but it&#8217;s also important for regular people, especially college students. As you go through college, this piece goes [&#8230;]]]></description>
										<content:encoded><![CDATA[
<p>It is more important than ever to keep your personal information safe in this digital age where everything is accessible with a click. <a href="https://www.letu.edu/trending/content/what-cybersecurity">Cybersecurity</a> is a word that people often connect with big businesses and the government, but it&#8217;s also important for regular people, especially college students. As you go through college, this piece goes over the basics of cybersecurity and gives you important tips on how to keep your information safe.</p>



<p>Photo by Pixabay: https://www.pexels.com/photo/security-logo-60504/</p>



<h2 id="definition-of-cybersecurity" class="wp-block-heading">Definition of Cybersecurity</h2>



<p>Cybersecurity is the practice of keeping private data, systems, networks, and programs safe from hacking, theft, and other digital threats. In the context of college, this means keeping personal and academic information safe from possible threats.</p>



<h2 id="use-only-verified-writing-help-services" class="wp-block-heading">Use Only Verified Writing Help Services</h2>



<p>When it comes to academic tasks, students often find themselves overwhelmed, seeking efficient solutions to navigate through the challenges of writing assignments. In this digital age, online help services play a pivotal role in getting you ready for writing. Highly qualified writers in the field of academic research papers are readily available on Papersowl. You can <a href="https://papersowl.com/pay-for-research-paper">pay to write paper</a> and professionals will provide invaluable support for students tackling complex assignments. For those seeking tailored assistance, consider leveraging the expertise of online help services. These platforms connect you with experienced professionals, ensuring the quality and authenticity of your work.&nbsp;</p>



<h2 id="importance-of-cybersecurity-in-college" class="wp-block-heading">Importance of Cybersecurity in College</h2>



<p>Because there is so much personal and academic information moving around in college and university networks, these places are popular spots for cyber risks. It&#8217;s clear that strong cybersecurity steps are needed for everything from student records to financial information. Let&#8217;s take a look at some of the most common cyber risks that college students face.</p>



<h2 id="common-cybersecurity-threats-in-college" class="wp-block-heading">Common Cybersecurity Threats in College<br></h2>



<h3 id="phishing-attacks" class="wp-block-heading"><br>Phishing Attacks<br></h3>



<p>Phishing attacks try to get private information by tricking people, usually through fake emails or texts. Because college students use email so much, they are more likely to be affected by these kinds of threats.</p>



<h3 id="malware" class="wp-block-heading">Malware</h3>



<p>Malicious software, or malware, can get into computers and change or delete data. With so many gadgets connected, college networks are perfect places for malware to grow if the right safety measures aren&#8217;t taken.</p>



<h3 id="password-breaches" class="wp-block-heading">Password Breaches</h3>



<p>Hackers can quickly take advantage of weak passwords. As college students juggle many accounts and tasks, they might accidentally weaken their security by using passwords that are easy to figure out.</p>



<h3 id="public-wi-fi-risks" class="wp-block-heading">Public Wi-Fi Risks</h3>



<p>There is often public Wi-Fi on college campuses, but these networks aren&#8217;t always safe, leaving users open to threats. If you don&#8217;t take the right steps, private data sent over these networks could be at risk.</p>



<h2 id="essential-cybersecurity-tips-for-college-students" class="wp-block-heading">Essential Cybersecurity Tips for College Students</h2>



<h3 id="strong-password-practices" class="wp-block-heading">Strong Password Practices</h3>



<p>A basic step in protection is to make strong, unique passwords and change them often. Don&#8217;t use information that is easy to guess, like names or dates.</p>



<h3 id="two-factor-authentication" class="wp-block-heading">Two-Factor Authentication</h3>



<p>When you can, use two-factor verification. This makes things safer by needing a second way of proving who you are, like a verification code sent to your phone.</p>



<h3 id="secure-wi-fi-usage" class="wp-block-heading">Secure Wi-Fi Usage</h3>



<p>Use a virtual private network (VPN) to protect your internet connection when you&#8217;re on public Wi-Fi. This keeps your info safe from people who might want to listen in on it.</p>



<h3 id="regular-software-updates" class="wp-block-heading">Regular Software Updates</h3>



<p>Software and hardware should always be kept up to date. Updates often come with security patches that fix bugs and make it less likely that they will be used against you.</p>



<h2 id="protecting-personal-devices" class="wp-block-heading">Protecting Personal Devices</h2>



<h3 id="antivirus-software" class="wp-block-heading">Antivirus Software</h3>



<p><br>To find and get rid of bad software, install antivirus software from a reputable company. Scan your gadgets often to keep them safe from possible threats.</p>



<h3 id="firewall-settings" class="wp-block-heading">Firewall Settings</h3>



<p>Turn on firewalls on your devices to keep an eye on and manage all network data, both coming and going. This adds another layer of protection against people who shouldn&#8217;t be there.</p>



<h3 id="device-encryption" class="wp-block-heading">Device Encryption</h3>



<p>Adding an extra layer of security by encrypting your devices makes sure that the data is still safe even if your device is lost or stolen.</p>



<h2 id="social-media-and-online-presence" class="wp-block-heading">Social Media and Online Presence</h2>



<h3 id="privacy-settings" class="wp-block-heading">Privacy Settings</h3>



<p>Check and make changes to your social media private settings. Social engineering attacks are less likely to happen if you limit the information that everyone can see.</p>



<h3 id="caution-with-personal-information-sharing" class="wp-block-heading">Caution with Personal Information Sharing</h3>



<p>Watch out for the things you post online. Don&#8217;t post private information that could be used against you, like where you live or what you do every day.</p>



<h2 id="cybersecurity-education-initiatives" class="wp-block-heading">Cybersecurity Education Initiatives</h2>



<h3 id="workshops-and-seminars" class="wp-block-heading">Workshops and Seminars</h3>



<p>Take part in classes and seminars on cybersecurity that your college puts on. These classes can help you learn important things and give you useful advice on how to stay safe online.</p>



<h3 id="online-courses" class="wp-block-heading">Online Courses</h3>



<p>Look into online classes that teach the basics of cybersecurity. You can make smart choices about your internet safety if you learn more about this topic.</p>



<h3 id="campus-resources" class="wp-block-heading">Campus Resources</h3>



<p>Use the campus tools that are set aside for cybersecurity. It&#8217;s important to know where to look for help, whether it&#8217;s a specialized support team or helpful materials.</p>



<h2 id="reporting-cybersecurity-incidents" class="wp-block-heading">Reporting Cybersecurity Incidents</h2>



<h3 id="importance-of-reporting" class="wp-block-heading">Importance of Reporting</h3>



<p>Report any possible cybersecurity events right away. Reporting threats early can stop more damage and keep others from falling for the same ones.</p>



<h3 id="reporting-channels" class="wp-block-heading">Reporting Channels</h3>



<p>Learn how to report cybersecurity problems on your school through the right channels. This could be a number or a special email address.</p>



<h2 id="staying-informed-on-cybersecurity-trends" class="wp-block-heading">Staying Informed on Cybersecurity Trends</h2>



<h3 id="following-cybersecurity-blogs" class="wp-block-heading">Following Cybersecurity Blogs</h3>



<p>Follow <a href="https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2023/six-of-the-best-cybersecurity-blogs">reputable blogs</a> in the area of cybersecurity to stay up to date on the latest trends. This information makes you more likely to take advantage of new security steps.</p>



<h3 id="subscribing-to-newsletters" class="wp-block-heading">Subscribing to Newsletters</h3>



<p>Sign up for cybersecurity newsletters to get regular updates on new threats and ways to protect yourself. The best way to protect yourself from new online risks is to learn about them.</p>



<h2 id="conclusion" class="wp-block-heading">Conclusion</h2>



<p>Because everything in college is linked, cybersecurity is not a choice but a must. College students can make themselves safer from cyber threats by following the important tips in this piece. Keep in mind that you are the one who is responsible for keeping your information safe. Keep yourself aware and alert, and have a safe time in college online.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://howtoremove.guide/cybersecurity-101-essential-tips-for-protecting-your-information-in-college/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>Cyber Security Monthly Recap: October 2023</title>
		<link>https://howtoremove.guide/cyber-security-monthly-recap-october-2023/</link>
					<comments>https://howtoremove.guide/cyber-security-monthly-recap-october-2023/#respond</comments>
		
		<dc:creator><![CDATA[Lidia Howler]]></dc:creator>
		<pubDate>Tue, 31 Oct 2023 08:10:54 +0000</pubDate>
				<category><![CDATA[News]]></category>
		<guid isPermaLink="false">https://howtoremove.guide/?p=206843</guid>

					<description><![CDATA[October 2023 was a busy month for cybersecurity news, with a number of high-profile attacks and data breaches reported. In this post, we&#8217;ll summarize some of the top cybersecurity news stories from the month for you, so you can stay informed about the evolving cybersecurity landscape. Spanish Authorities Arrest 34 Cybercriminals Involved in Data Theft [&#8230;]]]></description>
										<content:encoded><![CDATA[
<p>October 2023 was a busy month for cybersecurity news, with a number of high-profile attacks and data breaches reported. In this post, we&#8217;ll summarize some of the top cybersecurity news stories from the month for you, so you can stay informed about the evolving cybersecurity landscape.</p>



<figure class="wp-block-image size-large"><img loading="lazy" decoding="async" width="1024" height="597" src="https://howtoremove.guide/wp-content/uploads/2023/10/Cyber-Security-Monthly-Recap-October-2023-1-1024x597.jpg" alt="" class="wp-image-206856" srcset="https://howtoremove.guide/wp-content/uploads/2023/10/Cyber-Security-Monthly-Recap-October-2023-1-1024x597.jpg 1024w, https://howtoremove.guide/wp-content/uploads/2023/10/Cyber-Security-Monthly-Recap-October-2023-1-300x175.jpg 300w, https://howtoremove.guide/wp-content/uploads/2023/10/Cyber-Security-Monthly-Recap-October-2023-1-150x87.jpg 150w, https://howtoremove.guide/wp-content/uploads/2023/10/Cyber-Security-Monthly-Recap-October-2023-1-768x448.jpg 768w, https://howtoremove.guide/wp-content/uploads/2023/10/Cyber-Security-Monthly-Recap-October-2023-1-810x472.jpg 810w, https://howtoremove.guide/wp-content/uploads/2023/10/Cyber-Security-Monthly-Recap-October-2023-1-1140x665.jpg 1140w, https://howtoremove.guide/wp-content/uploads/2023/10/Cyber-Security-Monthly-Recap-October-2023-1.jpg 1266w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p></p>



<p><strong>Spanish Authorities Arrest 34 Cybercriminals Involved in Data Theft from 4 Million Individuals</strong></p>



<p>The <a href="https://www.policia.es/_es/comunicacion_prensa_detalle.php?ID=15928" target="_blank" rel="noreferrer noopener nofollow">Spanish National Police</a> has taken down a cybercriminal organization involved in a wide range of computer scams that targeted over four million individuals. This operation involved 16 targeted searches and the arrest of 34 group members across multiple cities in Spain. During the police raids, firearms, luxury cars, cash, and computers containing data on four million people were seized. </p>



<p>The arrested individuals were linked to email and SMS phishing schemes, including impersonating delivery companies and utilities. They also used deceitful &#8216;son in distress&#8217; calls to extort money from parents and rerouted merchandise by exploiting an insider&#8217;s position in a tech company. Their scams were diverse, with one involving a false loan scheme where they stole customer data from financial institutions and tricked victims into providing sensitive information on phishing sites. </p>



<p>The group&#8217;s estimated profit from these activities amounted to €3,000,000, which was funneled into cryptocurrency investment platforms. Law enforcement continues to work on identifying more culprits and victims in the coming months.</p>



<p></p>



<p><strong>Seiko watch company data breach exposes 60,000 records</strong></p>



<p>Japanese watch company Seiko <a href="https://www.sii.co.jp/en/news/topics/2023/10/25/12232/" target="_blank" rel="noreferrer noopener nofollow">confirmed</a> on 25th of October 2023 that a data breach exposed the personal information of 60,000 customers. The breach occurred in August 2023, but was not discovered until October. </p>



<p>The Seiko data breach is believed to have been caused by a vulnerability in the company&#8217;s website. The hackers were able to exploit the vulnerability to gain access to Seiko&#8217;s customer database. The company  has taken steps to fix the vulnerability in its website and has notified the affected customers of the breach. The company has also offered them free credit monitoring services.</p>



<p></p>



<p><strong>Cloudflare reports a significant surge in HTTP DDoS attacks</strong></p>



<p>The latest quarterly report from <a href="https://www.cloudflare.com/" target="_blank" rel="noreferrer noopener">Cloudflare</a>, released on 26th of October, reveals that the third quarter of 2023 witnessed a significant surge in HTTP distributed denial-of-service (DDoS) attacks, marking a 65% increase compared to the preceding quarter. Additionally, layer 3/4 DDoS attacks, which focus on compromising infrastructure resources, saw a 14% rise over the same period. The analysis revealed that gaming and gambling companies were the primary targets of DDoS attacks, likely due to the lucrative nature of these industries and their persistent vulnerabilities. </p>



<p>Interestingly, various regions experienced different attack patterns, with the software sector and farming industry being the most targeted in North America and Latin America. Cloudflare played a vital role in thwarting nearly 140 billion daily cybersecurity threats, including a record-breaking DDoS attack peaking at 201 million requests per second. As a result, organizations are encouraged to implement automated HTTP DDoS Protection to safeguard against the increasing prevalence of such attacks.</p>



<p></p>



<p><strong>Cybercriminals target Las Vegas-area parents with threats</strong></p>



<p>Cybercriminals have been targeting Las Vegas-area parents with threats to release their children&#8217;s personal information, including names, addresses, phone numbers, and social security numbers, if they do not pay a ransom. The criminals are believed to have obtained the information from a data breach that occured in August 2023 at a local school district, according to the information shared by <a href="https://www.databreaches.net/hackers-escalate-leak-200k-ccsd-students-data-claim-to-still-have-access-to-ccsd-email-system/" target="_blank" rel="noreferrer noopener nofollow">DataBreaches.net</a>. Parents are being urged to change their passwords and be extra vigilant about online security. They are also being advised to monitor their children&#8217;s credit reports for any unauthorized activity.</p>



<p></p>



<p><strong>Malware disguised as cryptominer infects 1 million PCs</strong></p>



<p>Antivirus provider Kaspersky has <a href="https://www.kaspersky.com/about/press-releases/2023_stripedfly-a-worming-miner-hiding-sophisticated-code-and-espionage-ready-capabilities" target="_blank" rel="noreferrer noopener nofollow">uncovered</a> a highly sophisticated strain of malware known as &#8220;StripedFly&#8221;, which has been masquerading as a cryptocurrency miner to avoid detection for over five years. This deceptive malware has infected more than 1 million Windows and Linux computers worldwide since 2016. Kaspersky&#8217;s security researchers initially detected two infections linked to WINNIT.exe in their antivirus products, leading to the discovery of StripedFly. While it was originally categorized as a cryptocurrency miner, a deeper analysis revealed its complexity, incorporating techniques believed to have originated from the US National Security Agency, including a version of the infamous EternalBlue exploit. </p>



<p>StripedFly employs its custom EternalBlue attack to infiltrate unpatched Windows systems and quietly propagate across networks, even infecting Linux machines. The malware can gather sensitive data, capture screenshots, gain control over affected devices, and record microphone input. To avoid detection, StripedFly employs a unique method: it includes a cryptocurrency mining module to divert attention from its full capabilities. The identity of the malware&#8217;s creators remains unclear, but its use of the NSA-originated exploit highlights the ongoing risks associated with such leaked tools.</p>



<p></p>



<p><strong>Critical vCenter Server vulnerability reported, VMware releases a fix</strong></p>



<p>VMware <a href="https://www.vmware.com/security/advisories/VMSA-2023-0023.html" target="_blank" rel="noreferrer noopener nofollow">released </a>a fix for a critical vulnerability in its vCenter Server software on 25th of October 2023. The vulnerability could allow attackers to gain unauthorized access to vCenter Server and take control of virtual machines. The prominent virtualization and cloud technology provider, has rated the security vulnerability at 9.8 out of 10 because it enables remote code execution, which makes it a high-priority concern for users. The issue is associated with an out-of-bounds write vulnerability in the implementation of the DCE/RPC protocol used for network-distributed application communication. VMware has urged users to apply the available updates for affected products to address the vulnerabilities. </p>



<p></p>



<p><strong>Boeing claimed by LockBit ransom gang</strong></p>



<p>The LockBit ransomware gang has reportedly targeted The Boeing Company, a major global aerospace, commercial jetliner manufacturer, and U.S. military and defense contractor. This Russian-linked group announced its intrusion on Boeing via its dark leak site on 27th of October 2023, and claimed to have a substantial amount of sensitive data. The ransomware gang set a November 2nd deadline for Boeing to contact them, otherwise, they threatened to publish all available data. While the specific amount of exfiltrated data remains undisclosed, LockBit estimated the combined value of Boeing and its subsidiaries at $60 billion. They also stated that they breached Boeing using a zero-day exploit, though they provided no further details about the nature of this vulnerability. </p>



<p></p>



<p>In light of the cybersecurity news this month, it&#8217;s crucial for both individuals and organizations to prioritize security. To stay safe online, remember to use strong passwords and multi-factor authentication, exercise caution when handling email attachments and links, maintain updated software, and stay informed.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://howtoremove.guide/cyber-security-monthly-recap-october-2023/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>Cyber Security Monthly Recap: August 2023</title>
		<link>https://howtoremove.guide/cyber-security-monthly-recap-august-2023/</link>
					<comments>https://howtoremove.guide/cyber-security-monthly-recap-august-2023/#respond</comments>
		
		<dc:creator><![CDATA[Lidia Howler]]></dc:creator>
		<pubDate>Thu, 31 Aug 2023 11:18:56 +0000</pubDate>
				<category><![CDATA[News]]></category>
		<guid isPermaLink="false">https://howtoremove.guide/?p=203525</guid>

					<description><![CDATA[Summer&#8217;s almost over, but the cyber world is heating up! We&#8217;ve collected the biggest cyber news from August, so you can stay in the loop. Here’s a breakdown of what happened this month: 1. Discord.io Shuts Down After Huge Data Leak On August 14, Discord.io experienced a massive data leak, exposing info like usernames, emails, [&#8230;]]]></description>
										<content:encoded><![CDATA[
<p></p>



<p>Summer&#8217;s almost over, but the cyber world is heating up! We&#8217;ve collected the biggest cyber news from August, so you can stay in the loop. Here’s a breakdown of what happened this month:</p>



<figure class="wp-block-image size-full"><img loading="lazy" decoding="async" width="903" height="563" src="https://howtoremove.guide/wp-content/uploads/2023/08/Cyber-.webp" alt="Cyber Security Monthly Recap: August 2023" class="wp-image-203544" title="Cyber Security Monthly Recap: August 2023" srcset="https://howtoremove.guide/wp-content/uploads/2023/08/Cyber-.webp 903w, https://howtoremove.guide/wp-content/uploads/2023/08/Cyber--300x187.webp 300w, https://howtoremove.guide/wp-content/uploads/2023/08/Cyber--150x94.webp 150w, https://howtoremove.guide/wp-content/uploads/2023/08/Cyber--768x479.webp 768w, https://howtoremove.guide/wp-content/uploads/2023/08/Cyber--810x505.webp 810w" sizes="auto, (max-width: 903px) 100vw, 903px" /></figure>



<p><strong>1. Discord.io Shuts Down After Huge Data Leak</strong></p>



<p>On August 14, Discord.io experienced a massive data leak, exposing info like usernames, emails, and hashed passwords of 760,000 users. Luckily, payment details were safe. The breach&#8217;s magnitude forced Discord.io to halt its operations. If you got a premium membership after July 16, 2023, expect a refund. For now, their site simply <a href="https://discord.io/" target="_blank" rel="noreferrer noopener nofollow">reads</a>, “We are stopping all operations for the foreseeable future.”</p>



<p><strong>2. Duolingo’s User Data Surfaces on Dark Web</strong></p>



<p>A shady figure posted data of 2.6 million Duolingo users on a dark web forum on August 22. They claimed to get this data from an application interface open since March 2023. The data mostly had names, usernames, and emails. Duolingo stressed that there wasn&#8217;t an actual breach and are investigating further.</p>



<p><strong>3. Tesla’s Employee Data Leaked by Ex-Staff</strong></p>



<p>Data from over 75,000 current and former Tesla workers was taken, including addresses, phone numbers, and emails. Two ex-employees appear to be behind this, having leaked it to the press. The exact location of this breach remains unknown. Tesla’s supporting the victims and working with law enforcement.</p>



<p><strong>4. Global Strike Against Qakbot Malware</strong></p>



<p>The Justice Department and international allies <a href="https://www.justice.gov/usao-cdca/pr/qakbot-malware-disrupted-international-cyber-takedown" target="_blank" rel="noreferrer noopener nofollow">cracked</a> down on the Qakbot botnet, a malware infecting 700,000+ computers. They seized $8.6 million in cryptocurrency profits from this operation. Through spam emails, Qakbot helped ransomware groups cause havoc worldwide. Efforts against it have now detached many victim computers from its grip.</p>



<p><strong>5. 14 Cyber Criminals Caught in Africa</strong></p>



<p>A major bust across Africa saw 14 cybercriminals arrested, linked to over $40 million in losses. The operation, named ‘Africa Cyber Surge II’, was spearheaded by INTERPOL and AFRIPOL, aiming to combat various cybercrimes. Successful collaboration led to multiple dark website takedowns and arrests related to art fraud and messaging scams.</p>



<p><strong>6. Malware Disguised as IT Tools</strong></p>



<p>There&#8217;s a sneaky new trend: hackers are using malware disguised as popular IT tools. They’re fooling victims through Google Ads and search results, often making it hard for security teams to spot. Monitoring source IPs helps them decide who sees their malicious content.</p>



<p><strong>7. Over 600 Citrix Servers Under Threat</strong></p>



<p>A severe vulnerability affected 600+ Citrix servers in early August, letting hackers install malicious software. These compromises can let criminals access systems whenever they want. Companies are urged to up their cyber defense, patch vulnerabilities, and monitor for unauthorized access.</p>



<p><strong>8. Cloudflare R2 Misused by Cybercriminals</strong></p>



<p>Since February, there&#8217;s been a shocking rise in phishing pages hosted via Cloudflare R2. While it&#8217;s designed to guard against major online threats, it&#8217;s being used to make attacks even more powerful. Most attacks aim for Microsoft logins, but some also target other major platforms. This underlines the need for continuous updates in online security.</p>



<p>Stay safe out there, and let’s see what the cyber world brings us next month!</p>



<p></p>
]]></content:encoded>
					
					<wfw:commentRss>https://howtoremove.guide/cyber-security-monthly-recap-august-2023/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
		<item>
		<title>Cyber Security Weekly Recap (19-25 June)</title>
		<link>https://howtoremove.guide/cyber-security-weekly-recap-19-25-june/</link>
					<comments>https://howtoremove.guide/cyber-security-weekly-recap-19-25-june/#respond</comments>
		
		<dc:creator><![CDATA[Lidia Howler]]></dc:creator>
		<pubDate>Mon, 26 Jun 2023 08:32:01 +0000</pubDate>
				<category><![CDATA[News]]></category>
		<guid isPermaLink="false">https://howtoremove.guide/?p=199073</guid>

					<description><![CDATA[Widespread Vulnerability Uncovered: GitHub Repositories Prone to RepoJacking Attack A recent study unveiled a massive security threat lurking in the depths of GitHub repositories: RepoJacking. Millions of repositories, including those owned by industry leaders like Google and Lyft, are potentially at risk from this attack. RepoJacking, also known as dependency repository hijacking, empowers malicious actors [&#8230;]]]></description>
										<content:encoded><![CDATA[
<figure class="wp-block-image size-full"><img loading="lazy" decoding="async" width="1018" height="602" src="https://howtoremove.guide/wp-content/uploads/2023/06/Cyber-Security-Weekly-Recap-19-25-June-2023-1.jpg" alt="Cyber Security Weekly Recap (19-25 June)" class="wp-image-199079" srcset="https://howtoremove.guide/wp-content/uploads/2023/06/Cyber-Security-Weekly-Recap-19-25-June-2023-1.jpg 1018w, https://howtoremove.guide/wp-content/uploads/2023/06/Cyber-Security-Weekly-Recap-19-25-June-2023-1-300x177.jpg 300w, https://howtoremove.guide/wp-content/uploads/2023/06/Cyber-Security-Weekly-Recap-19-25-June-2023-1-150x89.jpg 150w, https://howtoremove.guide/wp-content/uploads/2023/06/Cyber-Security-Weekly-Recap-19-25-June-2023-1-768x454.jpg 768w, https://howtoremove.guide/wp-content/uploads/2023/06/Cyber-Security-Weekly-Recap-19-25-June-2023-1-810x479.jpg 810w" sizes="auto, (max-width: 1018px) 100vw, 1018px" /></figure>



<p><strong>Widespread Vulnerability Uncovered: GitHub Repositories Prone to RepoJacking Attack</strong></p>



<p>A recent study unveiled a massive security threat lurking in the depths of GitHub repositories: RepoJacking. Millions of repositories, including those owned by industry leaders like Google and Lyft, are potentially at risk from this attack. RepoJacking, also known as dependency repository hijacking, empowers malicious actors to seize control of obsolete usernames or organization names, and subsequently deploy trojanized repositories brimming with malicious code.</p>



<p>RepoJacking essentially targets the weak link in the system: when a repository owner changes their username, it creates a gateway for malevolent actors to assume the old username and shatter the secure link. Another risk comes into play when the original account gets deleted following a change in repository ownership, opening another avenue for cyber attackers to take control using the former username.</p>



<p>This form of attack could have far-reaching implications, particularly affecting projects dependent on the compromised repository. Cyber adversaries could poison the entire software supply chain by introducing harmful content fetched from their controlled repositories. To protect from such hazards, Aqua <a href="https://blog.aquasec.com/github-dataset-research-reveals-millions-potentially-vulnerable-to-repojacking" target="_blank" rel="noreferrer noopener nofollow">recommends</a> routine checks on code for any links connected to external GitHub repositories and maintaining control over old usernames.</p>



<p><strong>NSA Advises Measures to Thwart BlackLotus Bootkit Threatening Windows Systems</strong></p>



<p>The U.S. National Security Agency (NSA) has issued <a href="https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3435305/nsa-releases-guide-to-mitigate-blacklotus-threat/" target="_blank" rel="noreferrer noopener nofollow">guidelines</a> to help organizations combat the powerful Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus. This advanced crimeware, first identified by Kaspersky in October 2022, is capable of bypassing Windows Secure Boot protections. BlackLotus achieves this feat by exploiting a known Windows flaw, Baton Drop, found in susceptible boot loaders not included in the Secure Boot DBX revocation list.</p>



<p>BlackLotus, unlike firmware threats, focuses on the earliest software stage of the boot process for persistence and evasion, although there&#8217;s no evidence to suggest its targeting of Linux systems. Given its strategic positioning, BlackLotus enables threat actors to meddle with security mechanisms and launch additional payloads with heightened privileges.</p>



<p>The NSA suggests several mitigation measures, including updating recovery media, monitoring changes to the EFI boot partition, scrutinizing device integrity measurements and boot configuration, customizing UEFI Secure Boot to block outdated Windows boot loaders, and removing the Microsoft Windows Production CA 2011 certificate on devices that exclusively boot Linux. Microsoft is expected to fully close this attack vector by early 2024.</p>



<p><strong>U.S. Cybersecurity Agency Lists Six Exploitable Flaws, Recommends Urgent Updates</strong></p>



<p>In a critical update, the U.S. Cybersecurity and Infrastructure Security Agency has <a href="https://www.cisa.gov/news-events/alerts/2023/06/23/cisa-adds-five-known-exploited-vulnerabilities-catalog" target="_blank" rel="noreferrer noopener nofollow">added</a> six vulnerabilities to its Known Exploited Vulnerabilities catalog, urging immediate action. The list includes three Apple flaws (CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439), two issues in VMware (CVE-2023-20867 and CVE-2023-20887), and a Zyxel device vulnerability (CVE-2023-27992), all of which have evidence of active exploitation. Particularly concerning are CVE-2023-32434 and CVE-2023-32435, both associated with Operation Triangulation, a long-term cyber espionage campaign starting in 2019.</p>



<p>The Federal Civilian Executive Branch (FCEB) agencies have been advised to promptly apply vendor-provided patches to secure their networks against potential threats. This announcement comes in conjunction with CISA&#8217;s <a href="https://www.cisa.gov/news-events/alerts/2023/06/22/isc-releases-security-advisories-multiple-versions-bind-9" target="_blank" rel="noreferrer noopener nofollow">alert</a> about three vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could lead to a denial-of-service condition.</p>



<p><strong> &#8216;nOAuth&#8217; Flaw in Microsoft Azure AD Threatens Account Security</strong></p>



<p>An alarming security flaw has been discovered in the Microsoft Azure Active Directory (AD) Open Authorization (OAuth) process. This vulnerability, dubbed &#8216;nOAuth&#8217; by the discovering firm Descope, could have been leveraged to achieve a full account takeover. The misconfiguration flaw involves an attacker modifying email attributes under &#8220;Contact Information&#8221; in the Azure AD account. By exploiting the &#8220;Log in with Microsoft&#8221; feature, malevolent actors can gain control of a victim&#8217;s account.</p>



<p>The attack procedure is alarmingly <a href="https://www.descope.com/blog/post/noauth" target="_blank" rel="noreferrer noopener nofollow">straightforward</a><a href="straightforward:">:</a> a malicious actor creates an Azure AD admin account, alters their email address to match that of a potential victim, and misuses the single sign-on feature on a susceptible app or website. Successful exploitation could give cybercriminals open access to set up persistence, steal data, and execute further post-exploitation activities.</p>



<p><strong>Over 100,000 Stolen ChatGPT Account Credentials Up for Sale on Dark Web</strong></p>



<p>Cybersecurity firm Group-IB revealed that from June 2022 to May 2023, more than 101,100 compromised OpenAI ChatGPT account credentials were found on unauthorized dark web marketplaces. Of these, India had the dubious honor of contributing the most stolen credentials. The surge in compromised ChatGPT accounts reached a peak in May 2023, with the Asia-Pacific region experiencing the highest concentration of stolen ChatGPT credentials over the year.</p>



<p>The <a href="https://www.group-ib.com/media-center/press-releases/stealers-chatgpt-credentials/" target="_blank" rel="noreferrer noopener nofollow">report</a> also highlighted the tools of choice for cybercriminals, with the notorious Raccoon info stealer accounting for the majority of the breaches, followed by Vidar and RedLine. Information stealers have become the darling of cybercriminals for their ability to lift passwords, cookies, credit cards, and other data from browsers and cryptocurrency wallet extensions.</p>



<p>The analysis from Group-IB&#8217;s Threat Intelligence report indicates that these findings stem from malware on individual devices and not a breach at OpenAI. As a protective measure, users are urged to adhere to good password hygiene practices and enable two-factor authentication (2FA) to prevent account takeover attacks.</p>
]]></content:encoded>
					
					<wfw:commentRss>https://howtoremove.guide/cyber-security-weekly-recap-19-25-june/feed/</wfw:commentRss>
			<slash:comments>0</slash:comments>
		
		
			</item>
	</channel>
</rss>
