InfoSec News

5 pro-freedom technologies that could change the Internet via Malwarebytes Labs (author: Mark Stockley)

“Free UK visa” offers on WhatsApp are fakes via Malwarebytes Labs (author: Christopher Boyd)

Django fixes SQL Injection vulnerability in new releases Django, an open source Python-based web framework has patched a high severity vulnerability in its latest releases. Tracked as CVE-2022-34265, the potential SQL Injection vulnerability impacts Django's main branch, and versions 4.1 (currently in beta), 4.0, and 3.2, with patches and new releases issued fixing the vulnerability. [...] via BleepingComputer (author: Ax Sharma)

My Body, My Data Act would lock down reproductive and sexual health data via Malwarebytes Labs (author: David Ruiz)

Google: Half of zero-day exploits linked to poor software fixes Software companies need to do better root cause analysis of the security bugs they patch. via Latest topics for ZDNet in Security

A week in security (June 27 – July 3) Last week on Malwarebytes Labs: ● Ransomware review: June 2022 ● AstraLocker 2.0 ransomware isn’t going to give you your files back ● YTStealer targets YouTube content creators ● ZuoRAT is a sophisticated malware that mainly targets SOHO routers ● Amazon Photos vulnerability could have given attackers access to user files and data ● Criminals are applying for remote work using deepfake and stolen identities, says FBI ● Immigration organisations targeted by APT group Evilnum ● Update now! Mozilla fixes security vulnerabilities and introduces a new privacy feature for Firefox ● Raccoon Stealer returns with a new bag of tricks ● RansomHouse claims to have stolen at least 450GB of AMD’s data ● Forced Chrome extensions get removed, keep reappearing ● Internet Safety Month: Everything you need to know about Omegle ● Hermit spyware is deployed with the help of a victim’s ISP ● City worker loses USB stick containing data on e...

HackerOne Employee Caught Stealing Vulnerability Reports for Personal Gains Vulnerability coordination and bug bounty platform HackerOne on Friday disclosed that a former employee at the firm improperly accessed security reports submitted to it for personal gain. "The person anonymously disclosed this vulnerability information outside the HackerOne platform with the goal of claiming additional bounties," it said. "In under 24 hours, we worked quickly to contain the via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Privacy protection agency seizes servers of hacked travel company The Privacy Protection Authority in Israel seized servers hosting multiple travel booking websites because their operator failed to address security issues that enabled data breaches affecting more than 300,000 individuals. [...] via BleepingComputer (author: Ionut Ilascu)

Free smartphone stalkerware detection tool gets dedicated hub Kaspersky has launched a new information hub to help with their open-source stalkerware detection tool named TinyCheck, created in 2019 to help people detect if their devices are being monitored. [...] via BleepingComputer (author: Bill Toulas)

Microsoft Defender adds network protection for Android, iOS devices Microsoft has announced the introduction of a new Microsoft Defender for Endpoint (MDE) feature in public preview to help organizations detect weaknesses affecting Android and iOS devices in their enterprise networks. [...] via BleepingComputer (author: Sergiu Gatlan)