Google Adds Passkey Support to Chrome for Windows, macOS and Android

Google Adds Passkey Support to Chrome for Windows, macOS and Android,

Google has officially begun rolling out support for passkeys, the next-generation passwordless login standard, to its stable version of Chrome web browser.
« Passkeys are a significantly safer replacement for passwords and other phishable authentication factors, » the tech giant’s Ali Sarraf said. « They cannot be reused, don’t leak in server breaches, and protect users from phishing attacks. »
The

,

Google has officially begun rolling out support for passkeys, the next-generation passwordless login standard, to its stable version of Chrome web browser.
« Passkeys are a significantly safer replacement for passwords and other phishable authentication factors, » the tech giant’s Ali Sarraf said. « They cannot be reused, don’t leak in server breaches, and protect users from phishing attacks. »
The

, ,
https://thehackernews.com/2022/12/google-adds-passkey-support-to-chrome.html

Cryptocurrency Mining Campaign Hits Linux Users with Go-based CHAOS Malware

Cryptocurrency Mining Campaign Hits Linux Users with Go-based CHAOS Malware,

A cryptocurrency mining attack targeting the Linux operating system also involved the use of an open source remote access trojan (RAT) dubbed CHAOS.
The threat, which was spotted by Trend Micro in November 2022, remains virtually unchanged in all other aspects, including when it comes to terminating competing malware, security software, and deploying the Monero (XMR) cryptocurrency miner.
« The

,

A cryptocurrency mining attack targeting the Linux operating system also involved the use of an open source remote access trojan (RAT) dubbed CHAOS.
The threat, which was spotted by Trend Micro in November 2022, remains virtually unchanged in all other aspects, including when it comes to terminating competing malware, security software, and deploying the Monero (XMR) cryptocurrency miner.
« The

, ,
https://thehackernews.com/2022/12/cryptocurrency-mining-campaign-hits.html

Keep Your Grinch at Bay: Here’s How to Stay Safe Online this Holiday Season

Keep Your Grinch at Bay: Here’s How to Stay Safe Online this Holiday Season

,

As the holiday season approaches, online shopping and gift-giving are at the top of many people’s to-do lists. But before you hit the « buy » button, it’s important to remember that this time of year is also the peak season for cybercriminals.
In fact, cybercriminals often ramp up their efforts during the holidays, taking advantage of the influx of online shoppers and the general hustle and bustle

,

As the holiday season approaches, online shopping and gift-giving are at the top of many people’s to-do lists. But before you hit the « buy » button, it’s important to remember that this time of year is also the peak season for cybercriminals.
In fact, cybercriminals often ramp up their efforts during the holidays, taking advantage of the influx of online shoppers and the general hustle and bustle

, ,
https://thehackernews.com/2022/12/keep-your-grinch-at-bay-heres-how-to.html

Ces hackers ont cracké le Samsung Galaxy S22 en moins d’une minute

Ces hackers ont cracké le Samsung Galaxy S22 en moins d’une minute,

Le Samsung Galaxy S22

Réunis à la compétition annuelle Pwn2Own, les ténors de la sécurité informatique ont trouvé plusieurs failles d’importance dans le Samsung Galaxy S22. L’une d’elles leur a permis de pirater le terminal en 55 secondes.

,

Le Samsung Galaxy S22

Réunis à la compétition annuelle Pwn2Own, les ténors de la sécurité informatique ont trouvé plusieurs failles d’importance dans le Samsung Galaxy S22. L’une d’elles leur a permis de pirater le terminal en 55 secondes.

, ,
https://www.01net.com/actualites/ces-hackers-ont-cracke-le-samsung-galaxy-s22-en-moins-dune-minute.html

Royal Ransomware Threat Takes Aim at U.S. Healthcare System

Royal Ransomware Threat Takes Aim at U.S. Healthcare System,

The U.S. Department of Health and Human Services (HHS) has cautioned of ongoing Royal ransomware attacks targeting healthcare entities in the country.
« While most of the known ransomware operators have performed Ransomware-as-a-Service, Royal appears to be a private group without any affiliates while maintaining financial motivation as their goal, » the agency’s Health Sector Cybersecurity

,

The U.S. Department of Health and Human Services (HHS) has cautioned of ongoing Royal ransomware attacks targeting healthcare entities in the country.
« While most of the known ransomware operators have performed Ransomware-as-a-Service, Royal appears to be a private group without any affiliates while maintaining financial motivation as their goal, » the agency’s Health Sector Cybersecurity

, ,
https://thehackernews.com/2022/12/royal-ransomware-threat-takes-aim-at-us.html

Hack-for-Hire Group Targets Travel and Financial Entities with New Janicab Malware Variant

Hack-for-Hire Group Targets Travel and Financial Entities with New Janicab Malware Variant,

Travel agencies have emerged as the target of a hack-for-hire group dubbed Evilnum as part of a broader campaign aimed at legal and financial investment institutions in the Middle East and Europe.
The attacks targeting law firms throughout 2020 and 2021 involved a revamped variant of a malware called Janicab that leverages a number of public services like YouTube as dead drop resolvers,

,

Travel agencies have emerged as the target of a hack-for-hire group dubbed Evilnum as part of a broader campaign aimed at legal and financial investment institutions in the Middle East and Europe.
The attacks targeting law firms throughout 2020 and 2021 involved a revamped variant of a malware called Janicab that leverages a number of public services like YouTube as dead drop resolvers,

, ,
https://thehackernews.com/2022/12/hack-for-hire-group-targets-travel-and.html

Researchers Detail New Attack Method to Bypass Popular Web Application Firewalls

Researchers Detail New Attack Method to Bypass Popular Web Application Firewalls,

A new attack method can be used to circumvent web application firewalls (WAFs) of various vendors and infiltrate systems, potentially enabling attackers to gain access to sensitive business and customer information.
Web application firewalls are a key line of defense to help filter, monitor, and block HTTP(S) traffic to and from a web application, and safeguard against attacks such as cross-site

,

A new attack method can be used to circumvent web application firewalls (WAFs) of various vendors and infiltrate systems, potentially enabling attackers to gain access to sensitive business and customer information.
Web application firewalls are a key line of defense to help filter, monitor, and block HTTP(S) traffic to and from a web application, and safeguard against attacks such as cross-site

, ,
https://thehackernews.com/2022/12/researchers-detail-new-attack-method-to.html

Cisco Warns of High-Severity Unpatched Flaw Affecting IP Phones Firmware

Cisco Warns of High-Severity Unpatched Flaw Affecting IP Phones Firmware,

Cisco has released a new security advisory warning of a high-severity flaw affecting IP Phone 7800 and 8800 Series firmware that could be potentially exploited by a remote attacker to cause remote code execution or a denial-of-service (DoS) condition.
The networking equipment major said it’s working on a patch to address the vulnerability, which is tracked as CVE-2022-20968 (CVSS score: 8.1) and

,

Cisco has released a new security advisory warning of a high-severity flaw affecting IP Phone 7800 and 8800 Series firmware that could be potentially exploited by a remote attacker to cause remote code execution or a denial-of-service (DoS) condition.
The networking equipment major said it’s working on a patch to address the vulnerability, which is tracked as CVE-2022-20968 (CVSS score: 8.1) and

, ,
https://thehackernews.com/2022/12/cisco-warns-of-high-severity-unpatched.html

Using XDR to Consolidate and Optimize Cybersecurity Technology

Using XDR to Consolidate and Optimize Cybersecurity Technology,

Businesses know they need cybersecurity, but it seems like a new acronym and system is popping up every day. Professionals that aren’t actively researching these technologies can struggle to keep up. As the cybersecurity landscape becomes more complicated, organizations are desperate to simplify it. Frustrated with the inefficiencies that come with using multiple vendors for cybersecurity, often

,

Businesses know they need cybersecurity, but it seems like a new acronym and system is popping up every day. Professionals that aren’t actively researching these technologies can struggle to keep up. As the cybersecurity landscape becomes more complicated, organizations are desperate to simplify it. Frustrated with the inefficiencies that come with using multiple vendors for cybersecurity, often

, ,
https://thehackernews.com/2022/12/using-xdr-to-consolidate-and-optimize.html

New Truebot Malware Variant Leveraging Netwrix Auditor Bug and Raspberry Robin Worm

New Truebot Malware Variant Leveraging Netwrix Auditor Bug and Raspberry Robin Worm,

Cybersecurity researchers have reported an increase in TrueBot infections, primarily targeting Mexico, Brazil, Pakistan, and the U.S.
Cisco Talos said the attackers behind the operation have moved from using malicious emails to alternative delivery methods such as the exploitation of a now-patched remote code execution (RCE) flaw in Netwrix auditor as well as the Raspberry Robin worm.
« 

,

Cybersecurity researchers have reported an increase in TrueBot infections, primarily targeting Mexico, Brazil, Pakistan, and the U.S.
Cisco Talos said the attackers behind the operation have moved from using malicious emails to alternative delivery methods such as the exploitation of a now-patched remote code execution (RCE) flaw in Netwrix auditor as well as the Raspberry Robin worm.
« 

, ,
https://thehackernews.com/2022/12/new-truebot-malware-variant-leveraging.html