novembre 2022

Researchers Find a Way Malicious NPM Libraries Can Evade Vulnerability Detection

Researchers Find a Way Malicious NPM Libraries Can Evade Vulnerability Detection,

New findings from cybersecurity firm JFrog show that malware targeting the npm ecosystem can evade security checks by taking advantage of an « unexpected behavior » in the npm command line interface (CLI) tool.
npm CLI’s install and audit commands have built-in capabilities to check a package and all of its dependencies for known vulnerabilities, effectively acting as a warning mechanism for

,

New findings from cybersecurity firm JFrog show that malware targeting the npm ecosystem can evade security checks by taking advantage of an « unexpected behavior » in the npm command line interface (CLI) tool.
npm CLI’s install and audit commands have built-in capabilities to check a package and all of its dependencies for known vulnerabilities, effectively acting as a warning mechanism for

, ,
https://thehackernews.com/2022/11/researchers-find-way-malicious-npm.html

This Malicious App Abused Hacked Devices to Create Fake Accounts on Multiple Platforms

This Malicious App Abused Hacked Devices to Create Fake Accounts on Multiple Platforms,

A malicious Android SMS application discovered on the Google Play Store has been found to stealthily harvest text messages with the goal of creating accounts on a wide range of platforms like Facebook, Google, and WhatsApp.
The app, named Symoo (com.vanjan.sms), had over 100,000 downloads and functioned as a relay for transmitting messages to a server, which advertises an account creation

,

A malicious Android SMS application discovered on the Google Play Store has been found to stealthily harvest text messages with the goal of creating accounts on a wide range of platforms like Facebook, Google, and WhatsApp.
The app, named Symoo (com.vanjan.sms), had over 100,000 downloads and functioned as a relay for transmitting messages to a server, which advertises an account creation

, ,
https://thehackernews.com/2022/11/this-malicious-app-abused-hacked.html

French Electricity Provider Fined for Storing Users’ Passwords with Weak MD5 Algorithm

French Electricity Provider Fined for Storing Users’ Passwords with Weak MD5 Algorithm,

The French data protection watchdog on Tuesday fined electricity provider Électricité de France €600,000 for violating the European Union General Data Protection Regulation (GDPR) requirements.
The Commission nationale de l’informatique et des libertés (CNIL) said the electric utility breached European regulation by storing the passwords for over 25,800 accounts by hashing them using the MD5

,

The French data protection watchdog on Tuesday fined electricity provider Électricité de France €600,000 for violating the European Union General Data Protection Regulation (GDPR) requirements.
The Commission nationale de l’informatique et des libertés (CNIL) said the electric utility breached European regulation by storing the passwords for over 25,800 accounts by hashing them using the MD5

, ,
https://thehackernews.com/2022/11/french-electricity-provider-fined-for.html

Ce défi TikTok très populaire est utilisé par les hackers pour vous pirater

Ce défi TikTok très populaire est utilisé par les hackers pour vous pirater,

tiktok

Les pirates ne manquent pas d’idées pour voler vos données personnelles. Cette fois, ils ont tiré profit d’un défi très populaire de TikTok pour inciter les utilisateurs de la plate-forme à télécharger et à installer un logiciel malveillant.

,

tiktok

Les pirates ne manquent pas d’idées pour voler vos données personnelles. Cette fois, ils ont tiré profit d’un défi très populaire de TikTok pour inciter les utilisateurs de la plate-forme à télécharger et à installer un logiciel malveillant.

, ,
https://www.01net.com/actualites/ce-defi-tiktok-tres-populaire-est-utilise-par-les-hackers-pour-vous-pirater.html

Australia Passes Bill to Fine Companies up to $50 Million for Data Breaches

Australia Passes Bill to Fine Companies up to $50 Million for Data Breaches,

The Australian government has passed a bill that markedly increases the penalty for companies suffering from serious or repeated data breaches.
To that end, the maximum fines have been bumped up from the current AU$2.22 million to AU$50 million, 30% of an entity’s adjusted turnover in the relevant period, or three times the value of any benefit obtained through the misuse of information,

,

The Australian government has passed a bill that markedly increases the penalty for companies suffering from serious or repeated data breaches.
To that end, the maximum fines have been bumped up from the current AU$2.22 million to AU$50 million, 30% of an entity’s adjusted turnover in the relevant period, or three times the value of any benefit obtained through the misuse of information,

, ,
https://thehackernews.com/2022/11/australia-passes-bill-to-fine-companies.html

3 New Vulnerabilities Affect OT Products from German Companies Festo and CODESYS

3 New Vulnerabilities Affect OT Products from German Companies Festo and CODESYS,

Researchers have disclosed details of three new security vulnerabilities affecting operational technology (OT) products from CODESYS and Festo that could lead to source code tampering and denial-of-service (DoS).
The vulnerabilities, reported by Forescout Vedere Labs, are the latest in a long list of flaws collectively tracked under the name OT:ICEFALL.
« These issues exemplify either an

,

Researchers have disclosed details of three new security vulnerabilities affecting operational technology (OT) products from CODESYS and Festo that could lead to source code tampering and denial-of-service (DoS).
The vulnerabilities, reported by Forescout Vedere Labs, are the latest in a long list of flaws collectively tracked under the name OT:ICEFALL.
« These issues exemplify either an

, ,
https://thehackernews.com/2022/11/3-new-vulnerabilities-affect-ot.html

Chinese Cyber Espionage Hackers Using USB Devices to Target Entities in Philippines

Chinese Cyber Espionage Hackers Using USB Devices to Target Entities in Philippines,

A threat actor with a suspected China nexus has been linked to a set of espionage attacks in the Philippines that primarily relies on USB devices as an initial infection vector.
Mandiant, which is part of Google Cloud, is tracking the cluster under its uncategorized moniker UNC4191. An analysis of the artifacts used in the intrusions indicates that the campaign dates as far back as September

,

A threat actor with a suspected China nexus has been linked to a set of espionage attacks in the Philippines that primarily relies on USB devices as an initial infection vector.
Mandiant, which is part of Google Cloud, is tracking the cluster under its uncategorized moniker UNC4191. An analysis of the artifacts used in the intrusions indicates that the campaign dates as far back as September

, ,
https://thehackernews.com/2022/11/chinese-cyber-espionage-hackers-using.html

New Flaw in Acer Laptops Could Let Attackers Disable Secure Boot Protection

New Flaw in Acer Laptops Could Let Attackers Disable Secure Boot Protection,

Acer has released a firmware update to address a security vulnerability that could be potentially weaponized to turn off UEFI Secure Boot on affected machines.
Tracked as CVE-2022-4020, the high-severity vulnerability affects five different models that consist of Aspire A315-22, A115-21, and A315-22G, and Extensa EX215-21 and EX215-21G.

The PC maker described the vulnerability as

,

Acer has released a firmware update to address a security vulnerability that could be potentially weaponized to turn off UEFI Secure Boot on affected machines.
Tracked as CVE-2022-4020, the high-severity vulnerability affects five different models that consist of Aspire A315-22, A115-21, and A315-22G, and Extensa EX215-21 and EX215-21G.

The PC maker described the vulnerability as

, ,
https://thehackernews.com/2022/11/new-flaw-in-acer-laptops-could-let.html

Hackers Using Trending TikTok ‘Invisible Challenge’ to Spread Malware

Hackers Using Trending TikTok ‘Invisible Challenge’ to Spread Malware

,

Threat actors are capitalizing on a popular TikTok challenge to trick users into downloading information-stealing malware, according to new research from Checkmarx.
The trend, called Invisible Challenge, involves applying a filter known as Invisible Body that just leaves behind a silhouette of the person’s body.
But the fact that individuals filming such videos could be undressed has led to a

,

Threat actors are capitalizing on a popular TikTok challenge to trick users into downloading information-stealing malware, according to new research from Checkmarx.
The trend, called Invisible Challenge, involves applying a filter known as Invisible Body that just leaves behind a silhouette of the person’s body.
But the fact that individuals filming such videos could be undressed has led to a

, ,
https://thehackernews.com/2022/11/hackers-using-trending-invisible.html

7 Cyber Security Tips for SMBs

7 Cyber Security Tips for SMBs,

When the headlines focus on breaches of large enterprises like the Optus breach, it’s easy for smaller businesses to think they’re not a target for hackers. Surely, they’re not worth the time or effort? 
Unfortunately, when it comes to cyber security, size doesn’t matter. 
Assuming you’re not a target leads to lax security practices in many SMBs who lack the knowledge or expertise to put simple

,

When the headlines focus on breaches of large enterprises like the Optus breach, it’s easy for smaller businesses to think they’re not a target for hackers. Surely, they’re not worth the time or effort? 
Unfortunately, when it comes to cyber security, size doesn’t matter. 
Assuming you’re not a target leads to lax security practices in many SMBs who lack the knowledge or expertise to put simple

, ,
https://thehackernews.com/2022/11/7-cyber-security-tips-for-smbs.html