Saturday, June 25, 2022
Security Affairs

Oracle spent 6 months to fix ‘Mega’ flaws in the Fusion Middleware

Researchers disclose technical details of a critical flaw in Fusion Middleware, tracked as CVE-2022–21445, that Oracle took six months to patch. Security researchers have published technical details of a critical Fusion Middleware vulnerability, tracked as CVE-2022–21445, that was reported to...
Security Affairs

Multiple malicious packages in PyPI repository found stealing AWS secrets

Researchers discovered multiple malicious Python packages in the official PyPI repository stealing AWS credentials and other info. Sonatype researchers discovered multiple Python packages in the official PyPI repository that have been developed to steal secrets (i.e. AWS credentials and environment...

The Post-Roe Privacy Nightmare Has Arrived

Plus: Microsoft details Russia’s Ukraine hacking campaign, Meta’s election integrity efforts dwindle, and more.

How to Move Your WhatsApp Chats Across Devices and Apps

It's never been easier to switch between iPhone and Android—and to get your messages out of the Meta ecosystem entirely.
The Register

We’re now truly in the era of ransomware as pure extortion without the encryption

Why screw around with cryptography and keys when just stealing the info is good enough Feature  US and European cops, prosecutors, and NGOs recently convened a two-day workshop in the Hague to discuss how to respond to the growing...
The Hacker News

Learn NIST Inside Out With 21 Hours of Training @ 86% OFF

In cybersecurity, many of the best jobs involve working on government projects. To get a security clearance, you need to prove that you meet NIST standards. Cybersecurity firms are particularly interested in people who understand the RMF, or Risk Management...

EXCLUSIVE: Meta Failed To Protect Instagram’s Child Models From Pedophiles

A photographer accused of selling photos to pedophiles is allowed back on Instagram. Forbes alerts Meta to over a dozen accounts with over half a million followers sexualizing child and teenage models. Now the tech giant is coming under...

Weekly Update 301

Presently sponsored by: Varonis for Salesforce. Protect Salesforce data from overexposure and cyberthreats. Try it free!First up, I'm really sorry about the audio quality on this one. It's the exact same setup I used last week (and carefully tested...

Threat Intelligence Services Are Universally Valued by IT Staff

Most of those surveyed are concerned about AI-based attacks and deepfakes, but suggest that their organization is ready.
The Register

More than $100m in cryptocurrency stolen from blockchain biz

'A humbling and unfortunate reminder' that monsters lurk under bridges Blockchain venture Harmony offers bridge services for transferring crypto coins across different blockchains, but something has gone badly wrong.…

Why We're Getting Vulnerability Management Wrong

Security is wasting time and resources patching low or no risk bugs. In this post, we examine why security practitioners need to rethink vulnerability management.
Bruce Schneier

Friday Squid Blogging: Squid Cubes

Researchers thaw squid frozen into a cube and often make interesting discoveries. (Okay, this is a weird story.) As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read...
Infosecurity Magazine

#InfosecurityEurope2022: Preparing for Future Challenges and Opportunities

The closing keynote panel explored how we can anticipate the future of cybercrime

APT Groups Swarming on VMware Servers with Log4Shell

CISA tells organizations running VMware servers without Log4Shell mitigations to assume compromise.

Mitek launches MiVIP platform to fight identity theft

A new easy-to-deploy identity platform was announced this week to help address growing concerns about identity theft. The Mitek Verified Identity Platform (MiVIP) melds the company's mobile technologies with those of its recent acquisitions to give its customers flexible...
TechRepublic

Black Basta may be an all-star ransomware gang made up of former Conti and REvil members

The group has targeted 50 businesses from English speaking countries since April 2022. The post Black Basta may be an all-star ransomware gang made up of former Conti and REvil members appeared first on TechRepublic.
Computerworld

The surveillance-as-a-service industry needs to be brought to heel

Here we go again: another example of government surveillance involving smartphones from Apple and Google has emerged, and it shows how sophisticated government-backed attacks can become and why there's justification for keeping mobile platforms utterly locked down.What has happened? I...
TechRepublic

Best cybersecurity certifications in 2022

Solidify your skills as a cybersecurity professional by becoming certified. Here is a list of some of the best cybersecurity certifications available today. The post Best cybersecurity certifications in 2022 appeared first on TechRepublic.

Only 3% of Open Source Software Bugs Are Actually Attackable, Researchers Say

A new study says 97% of open source vulnerabilities linked to software supply chain risks are not attackable — but is "attackability" the best method for prioritizing bugs?
Computerworld

Italian spyware firm is hacking into iOS and Android devices, Google says

Google's Threat Analysis Group (TAG) has identified Italian vendor RCS Lab as a spyware offender, developing tools that are being used to exploit zero-day vulnerabilities to effect attacks on iOS and Android mobile users in Italy and Kazakhstan.According to a...
MSRC

A Man of Action: Meet Callum Carney

Hidden Talents: He was a competitive swimmer for many years. Instrument of Choice: His fingers were made for the keyboard, but he used to play the trumpet. 5 pieces of entertainment for the rest of his life: The Office,...
F5 Networks

K49419538: libxml2 vulnerability CVE 2016-4658

libxml2 vulnerability CVE 2016-4658 Security Advisory Security Advisory Description xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and ...
F5 Networks

K12132951: Linux kernel vulnerability CVE-2022-0812

Linux kernel vulnerability CVE-2022-0812 Security Advisory Security Advisory Description ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when ...
Citrix

Citrix Hypervisor Security Update

CTX460064 NewCitrix Hypervisor Security Update