Threat actors have launched a new marketplace called Industrial Spy that sells stolen data from breached companies, as well as offering free stolen data to its members. While stolen data marketplaces are not new, instead of extorting companies and scaring them with GDPR fines, Industrial Spy promotes itself as a marketplace where businesses can purchase their competitors' data to gain access to trade secrets, manufacturing diagrams, accounting reports, and client databases. READ MORE...
Researchers have found financial and technological links between the Karakurt cybercriminal group and two high-profile ransomware actors that signal a shift in business operations and an expansion of opportunities for the threat actors to target victims, they said. Karakurt-a financially motivated threat actor first identified last summer-now appears to be entangled with both the Conti and Diavol groups, researchers from Tetra Defense and Chainalysis revealed in a report published Friday. READ MORE...
Google fixed two vulnerabilities in its Chrome web browser as part of an emergency update this week, including a type confusion vulnerability that is already being exploited in the wild. The type confusion vulnerability (CVE-2022-1364) impacts the JavaScript and WebAssembly engine in the browser. With this kind of flaw, a program will allocate a resource (such as a pointer or object) using one type but will later try to access the resource using an incompatible type. READ MORE...
A new study shows that pressing the mute button on popular video conferencing apps (VCA) may not actually work like you think it should, with apps still listening in on your microphone. More specifically, in the studied software, pressing mute does not prevent audio from being transmitted to the apps' servers, either continually or periodically. Due to this activity not being documented in related privacy policies, users have a poor understanding of how the mute system works. READ MORE...