#cisco

Categories: News Categories: Privacy Meta is being sued by a couple of its users for allegedly deliberately circumventing Apple's privacy features on the iPhone. (Read more...) The post Facebook users sue Meta for allegedly building "secret workaround" to Apple privacy safeguards appeared first on Malwarebytes Labs.

Want to speak up against Big Tech, unjust data collection, and surveillance? Here's how to be an activist in your community and beyond.

CTA now has 36 members headquartered in 11 countries who follow cyber activities across the world, showing cybersecurity industry members realize the value in collaboration.

Code could allow other attackers to develop copycat versions of the malware, but it could help researchers understand the threat better as well.

By Jon Munshaw.  Welcome to this week’s edition of the Threat Source newsletter.  We’ve seen attackers capitalize on the news time and again, from COVID-19 to U.S.-North Korea relationships and, of course, holiday shopping sales every November.  So, I was far from surprised to see that attackers are already using U.S. President Joe Biden’s student loan forgiveness plan as a basis for scams and phishing emails.   The Better Business Bureau and the U.S. Federal Trade Commission both released warnings over the past few weeks around fake offers, scams and website links related to the debt forgiveness plan, with which some borrowers will have up to $20,000 worth of loans forgiven.  Many of these scams, coming via phone calls, text messages and emails, are promising to provide guaranteed access to the forgiveness program or early applications for a fee. (Hint: This will not work.) These attackers may also be looking to steal personal information by asking for things like names, ad...

Categories: News Tags: MFA fatigue Tags: 2FA Tags: push notification Tags: security Tags: phishing Tags: attack Tags: burnout Tags: stress Tags: verify Cybercriminals' new tactic of simply boring victims into submission has had some surprising succcess. (Read more...) The post Welcome to high tech hacking in 2022: Annoying users until they say "yes" appeared first on Malwarebytes Labs.

By Nick Biasini. Insider threats are becoming an increasingly common part of the attack chain, with malicious insiders and unwitting assets playing key roles in incidents over the past year. Social engineering should be part of any organization’s policies and procedures and a key area for user education in 2023 and beyond. Mitigating these types of risks include education, user/access control, and ensuring proper processes and procedures are in place when and if employees leave the organization. Traditionally, attackers try to leverage vulnerabilities to deliver malicious payloads via exploitation. But more recently, that activity has shifted away from exploitation and consistently moved closer and closer to the user. Initially, threat actors loved to trick users into enabling malicious macros in Microsoft Office documents, but as Microsoft moves to blunt the effectiveness of macros, adversaries are always going to move to the next avenue to generate malicious revenue. This is where ...

Lilith >_> of Cisco Talos discovered these vulnerabilities.  Cisco Talos recently discovered a memory corruption vulnerability in the uClibC library that could affect any Unix-based devices that use this library. uClibC and uClibC-ng are lightweight replacements for the popular gLibc library, which is the GNU Project's implementation of the C standard library.  TALOS-2022-1517 (CVE-2022-29503 - CVE-2022-29504) is a memory corruption vulnerability in uClibC and uClibc-ng that can occur if a malicious user repeatedly creates threads.  Many embedded devices utilize this library, but Talos specifically confirmed that the Anker Eufy Homebase 2, version 2.1.8.8h, is affected by this vulnerability. Anker confirmed that they’ve patched for this issue. However, uClibC has not issued an official fix, though we are disclosing this vulnerability in accordance with Cisco’s 90-day vulnerability disclosure policy. Talos tested and confirmed the following software is affected by these vulnerabilities:...

By Deeba Ahmed Dubbed AttachMe by researchers; the vulnerability was a severe one since it targeted all OIC customers. This is a post from HackRead.com Read the original post: AttachMe – Oracle Patches “Severe” Vulnerability in its Cloud Infrastructure

Overall SASE Spend on Pace to Top $6 Billion in 2022.