InfoSec News

An interview with cyber threat hunter Hiep Hinh via Malwarebytes Labs

Cisco warns admins to patch AnyConnect flaw exploited in attacks Cisco warned customers today that two security vulnerabilities in the Cisco AnyConnect Secure Mobility Client for Windows are being exploited in the wild. [...] via BleepingComputer (author: Sergiu Gatlan)

See Tickets discloses 2.5 years-long credit card theft breach Ticketing service provider 'See Tickets' has disclosed a data breach, informing customers that cybercriminals might have accessed their payment card details via a skimmer on its website. [...] via BleepingComputer (author: Bill Toulas)

Cybercriminals Used Two PoS Malware to Steal Details of Over 167,000 Credit Cards Two point-of-sale (PoS) malware variants have been put to use by a threat actor to steal information related to more than 167,000 credit cards from payment terminals. According to Singapore-headquartered cybersecurity company Group-IB, the stolen data dumps could net the operators as much as $3.34 million by selling them on underground forums. While a significant proportion of attacks aimed at via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

Cybersecurity teams are reaching their breaking point. We should all be worried Stress and burnout are having a massive impact on cybersecurity teams, leaving people and businesses more vulnerable than ever. via Latest stories for ZDNET in Security

How to set up two-factor authentication for your Facebook account Applying two-factor authentication to Facebook is a useful way to protect it from being hacked - here's how to set it up. via Latest stories for ZDNET in Security

Australia seeks stiffer penalty for data breaches amidst spate of security incidents Government says it will push up maximum fines for serious or repeated data privacy breaches to AU$50 million, up from the current AU$2.22 million, in a move that follows a spate of cybersecurity incidents that compromised customer data, including Medibank. via Latest stories for ZDNET in Security

Hive claims ransomware attack on Tata Power, begins leaking data Hive ransomware group has claimed responsibility for a cyber attack disclosed by Tata Power this month. In data leak screenshots seen by BleepingComputer, Hive operators are seen leaking data it claims to have stolen from Tata Power, indicating the ransom negotiations failed. [...] via BleepingComputer (author: Ax Sharma)

Healthcare site leaks personal health information via Google and Meta tracking pixels via Malwarebytes Labs

A week in security (October 17 - 23) Last week on Malwarebytes Labs: ● Thermal cameras could help reveal your password ● How to spot a scam ● Warning: "FaceStealer" iOS and Android apps steal your Facebook login ● Criminal group busted after stealing hundreds of keyless cars ● Fake tractor fraudsters plague online transactions ● DeadBolt ransomware gang tricked into giving victims free decryption keys ● Why Log4Text is not another Log4Shell ● Ransomware attack freezes newspaper printing system ● Man scammed IRL for a phone he sold online ● 5 essential security tips for SMBs ● Microsoft fixes driver blocklist placing users at risk from BYOVD attacks ● Microsoft breach reveals some customer data ● New PHP-based Ducktail infostealer is now after crypto wallets ● Venus ransomware targets remote desktop services ● Suspected LAPSUS$ group member arrested in Brazil ● Third-party application patching: Everything you need to know for your business ●...