Cybersecurity News & Updates - October, 2022
Inspirisys Solutions Limited (a CAC Holdings Group Company)
Experience Possibilities
Check out the latest updates on high vulnerabilities, data breaches and ransomware attacks.
High Vulnerabilities
Multiple vulnerabilities have been reported in Apple iOS and iPadOS, which could allow a remote tracker to access private data, run arbitrary code, spoof the interface address, or cause a denial of service on the targeted device, the Indian Computer Emergency Response Team (CERT-In) said in an advisory note. Read more
__________________________________________________________________________
Cisco has warned of active exploitation attempts targeting a pair of two-year-old security flaws in the Cisco AnyConnect Secure Mobility Client for Windows."In October 2022, the Cisco Product Security Incident Response Team became aware of additional attempted exploitation of this vulnerability in the wild," the networking equipment maker said in an updated advisory. Read more
Around 18 Ransomware vulnerabilities are not being detected by popular scanners, according to the latest Ransomware Spotlight Report published by Cyber Security Works. “For organizations and their security teams, this is a huge disadvantage as they depend on these scanners to identify vulnerabilities,” the report says. Read more
__________________________________________________________________________
Google’s Chrome browser is the default choice for many users across different operating systems. While Mozilla and Edge are trying their best, it is almost impossible to snatch users from Chrome. But that could get easier in the future, considering the present condition of the Chrome browser. Read more
__________________________________________________________________________
Four out of five (80%) organizations have been notified of a vulnerability or attack in their supply chain of software in the past 12 months, according to new?research?from BlackBerry. Read more
__________________________________________________________________________
Ransomware Attacks
An affiliate of notorious ransomware-as-a-service operation, BlackByte, has added a dangerous custom data exfiltration tool called ‘Infostealer.Exbyte’. The malware, written in Go for Windows computers, steals data from a victim’s network and uploads it to the Mega cloud service for extortion purposes. Read more
__________________________________________________________________________
The threat actor known as?Vice Society?has been conducting ransomware and extortion campaigns against the global education sector, particularly in the US. The findings come from Microsoft security researchers, who published an advisory about Vice Society (tracked by the tech giant as DEV-0832). Read more
__________________________________________________________________________
A Minnesota broadband company said thousands of Minnesota customers were left without its services after a recent ransomware attack. Arvig?said about 60,000 customers across the state were affected,?with Arvig's services down for about 3 1/2 hours. Read more
领英推荐
__________________________________________________________________________
The?Hive?ransomware-as-a-service (RaaS) group has claimed responsibility for the cyber-attack against Tata Power disclosed by the company on October 14 and believed to have occurred on October 3. Read more
__________________________________________________________________________
Hackers have targeted a communications platform used by Australian military personnel and defence staff with a ransomware attack, authorities said on Monday, as the country battles a recent spike in cyberattacks across businesses. Read more
__________________________________________________________________________
Data Breaches
Communication services provider?Twilio?this week disclosed that it experienced another "brief security incident" in June 2022 perpetrated by the same threat actor behind the?August hack?that resulted in unauthorized access of customer information. Read more
__________________________________________________________________________
Microsoft has conducted a data blunder by accidentally leaking information related to over 65k organizations worldwide. Security analysts from SOCRadar released a report on the issue and confirmed that leak dubbed as ‘BlueBleed’ Part 1 witnessed a data leak of about 2.3 terabytes of data containing over 335,000 emails, details of over 133,000 projects and over 548,000 users. Read more
__________________________________________________________________________
The latest Amazon Prime Video data breach has raised serious concerns over the privacy and security practices of big brands as swathes of user data were left in the unprotected. Data breaches are a part of life nowadays, but of course, we only hear about the big ones or those affecting the largest tech companies. So here we are with a new breach, this time coming from the Amazon Prime stables. Read more
__________________________________________________________________________
A data breach at the?parent company?of Reuters exposed more than 3TB of sensitive corporate and customer data. The incident was discovered by security firm Cybernews. Furthermore, the databases contained internal screenings of platforms like YouTube, customer access logs, connection strings to other databases and password-reset logs. Read more
__________________________________________________________________________
There’s been a high rise in global data breaches for several years, and 2022 has been littered with information thefts. This year, they’ve affected companies and organisations of all shapes, sizes, and sectors, costing US businesses millions in damages. Read more
__________________________________________________________________________