According to a research by Tenable, at least 40,417,167,937 records were exposed worldwide in 2021, calculated by the analysis of 1,825 breach data incidents publicly disclosed between November 2020 and October 2021. This is a considerable increase on the same period in 2020, which saw 730 publicly disclosed events with just over 22 billion records exposed. READ MORE...
Google has issued an update for the Chrome browser which includes 26 security fixes. What stands out is that one of these fixes is rated as "critical". The critical vulnerability is a use after free bug in the Safe Browsing feature. The Stable channel has been updated to 97.0.4692.99 for Windows, Mac and Linux which will roll out over the coming days/weeks. READ MORE...
Cisco released a security update warning about a handful of vulnerabilities lurking in its networking technology, led by a critical bug in the company's StarOS debug services. Cisco pushed out a fix for its Cisco StarOS Software on Wednesday. Jan. 19. In its advisory, the company said that the flaw in its debug service could allow an attacker to access sensitive debugging data. READ MORE...
Researchers have uncovered several spyware campaigns that target industrial enterprises, aiming to steal email account credentials and conduct financial fraud or resell them to other actors. The actors use off-the-shelf spyware tools but only deploy each variant for a very limited time to evade detection. Examples of commodity malware used in attacks include AgentTesla/Origin Logger, HawkEye, Noon/Formbook, Masslogger, Snake Keylogger, Azorult, and Lokibot. READ MORE...
The Federal Bureau of Investigation (FBI) this week shared a series of indicators of compromise (IoCs) associated with the Diavol ransomware family. Diavol was initially detailed in July 2021 as a new tool in the arsenal of Wizard Spider, the cybercrime group known for operating the TrickBot botnet and the Conti and Ryuk ransomware families. As part of a typical Diavol attack, in addition to deploying the ransomware to encrypt files on compromised systems, the threat actor claims to exfiltrate the victim's data. READ MORE...
McAfee has patched a security vulnerability discovered in the company's McAfee Agent software for Windows enabling attackers to escalate privileges and execute arbitrary code with SYSTEM privileges. McAfee Agent is a client-side component of McAfee ePolicy Orchestrator (McAfee ePO) that downloads and enforces endpoint policies and deploys antivirus signatures, upgrades, patches, and new products on enterprise endpoints. READ MORE...