^^^

The report also details the top browser security threats of 2022, which include phishing attacks via high reputation domains, malware distribution via file sharing systems, data leakage exploiting personal browser profiles, outdated browsers, compromised passwords, vulnerable unmanaged devices, high-risk extensions, shadow IT, and account takeovers with phishing credentials

#CoSoSec

Securing Your Company with Passwordless Login: Why Is This Important?

#CoSoSec

https://gbhackers.com/securing-your-company-with-passwordless-login-why-is-this-important/

Gmail client-side encryption (CSE) is now generally available for Google Workspace Enterprise Plus, Education Plus, and Education Standard customers.

The feature was first introduced in Gmail on the web as a beta test in December 2022, after being available in Google Drive, Google Docs, Sheets, Slides, Google Meet, and Google Calendar (in beta) since last year.

#CoSoSec

https://workspace.google.com/blog/product-announcements/gmail-and-calendar-client-side-encryption

Beware rogue 2FA apps in App Store and Google Play – don’t get hacked!

#CoSoSec

https://nakedsecurity.sophos.com/2023/02/27/beware-rogue-2fa-apps-in-app-store-and-google-play-dont-get-hacked/

One of Canada's biggest telecommunications companies, Telus, is allegedly investigating a system breach believed to be fairly severe when malicious actors exposed samples of what they claimed to be private corporate information online.

#CoSoSec

https://www.cysecurity.news/2023/02/canadian-telecom-provider-telus-is.html

Google Play Store's new Data Safety labels have been criticized for being inaccurate in nearly 80% of cases.

The claims come from Mozilla's *Privacy Not Included researchers, who published a new study about them on Thursday.

"[We] found that the labels were false or misleading based on discrepancies between the apps' privacy policies and the information apps self-reported on Google's Data Safety Form," reads a blog post about the research article.

#CoSoSec #Android

https://foundation.mozilla.org/en/blog/mozilla-study-data-privacy-labels-for-most-top-apps-in-google-play-store-are-false-or-misleading/

Ethical hacker among 3 arrested for blackmail and ransomware attacks

The suspects are allegedly involved in hacking, issuing threats, stealing data, laundering money, and extorting

The ethical hacker reportedly works for the Dutch security organization, the Dutch Institute for Vulnerability Disclosure (DIVD).

#CoSoSec #EthicalHacking

https://www.hackread.com/ethical-hacker-arrest-ransomware-attacks/

A New Kind of Bug Spells Trouble for iOS and macOS Security
Security researchers found a class of flaws that, if exploited, would allow an attacker to access people’s messages, photos, and call history.

#CoSoSec #iOS

https://www.wired.co.uk/article/trellix-ios-macos-bug-nspredicate

Accidental WhatsApp account takeovers? It's a thing

Blame it on phone number recycling (yes, that's a thing, too)

The security hole stems from wireless carriers' practice of recycling former customers' phone numbers and giving them to new customers.

#CoSoSec

https://www.theregister.com/2023/02/21/accidental_whatsapp_account_takeover/

“Ethical” hackers can now legally hack Belgian companies

#EthicalHacking #CoSoSec

https://grugq.substack.com/

Ethical hackers can now legally hack Belgian companies

A new Belgian law will allow ethical hackers to hack into the data of Belgian companies without any prior permission. Until now such practices could land you in jail.

https://www.vrt.be/vrtnws/en/2023/02/15/ethical-hackers-can-now-legally-hack-belgian-companies/

Reddit was hit with a phishing attack. How it responded is a lesson for everyone

A quick and transparent response shows that there's a correct way to respond to cybersecurity incidents

#CoSoSec

opps

https://www.zdnet.com/article/reddit-was-hit-with-a-phishing-attack-how-it-responded-is-a-lesson-for-everyone/

Windows 11 sends out an eye-opening amount of data to a load of various servers right off the bat, a new report has made clear

#CoSoSec

https://youtu.be/IT4vDfA_4NI

New Medusa Botnet Emerging Via Mirai Botnet Targeting Linux Users

Cyble Research and Intelligence Labs (CRIL) has been keeping a close eye on the actions of the MiraiBot and monitoring its behavior.

#CoSoSec

https://blog.cyble.com/2023/02/03/new-medusa-botnet-emerging-via-mirai-botnet-targeting-linux-users/

https://www.bleepingcomputer.com/news/security/medusa-botnet-returns-as-a-mirai-based-variant-with-ransomware-sting/

BTW via Bitwarden site

just a heads up

Though the risk involved in rotating your encryption key does not exist when changing KDF iteration count, we still recommend exporting your vault beforehand

#CoSoSec

https://bitwarden.com/help/what-encryption-is-used/#changing-kdf-iterations

There is lots of confusion about what constitutes a strong password however. How strong is my current password? Also, how strong is strong enough? These questions don’t have easy answers. I’ll try my best to explain however

#CoSoSec

https://palant.info/2023/01/30/password-strength-explained/

Bitwarden to increase its server-side iterations to 600,000

It is not clear whether this will affect existing user accounts, the company has responded to queries that it is working on it. But you don't have to wait for them to act, you can change it manually right now.

Changing KDF iterations(screenshots)

#CoSoSec

Why 600,000? It is the number of KDF iterations that the Open Web Application Security Project (OWASP) recommends

https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2

On January 21, 2023, unidentified hackers leaked a 2019 backup database belonging to TruthFinder and Instant Checkmate on Breach Forums

#CoSoSec

https://www.hackread.com/instant-checkmate-truthfinder-data-breach/

Over the past month, researchers have seen increased abuse of Google search ads to distribute various malware, including RedLine Stealer, Gozi/Ursnif, Vidar, Rhadamanthys stealer, IcedID, Raccoon Stealer, and many more.

In the ongoing campaign seen by SentinelLabs, threat actors push the MalVirt loaders in ads pretending to be for the Blender 3D software

https://www.sentinelone.com/labs/malvirt-net-virtualization-thrives-in-malvertising-attacks/

#CoSoSec

https://www.bleepingcomputer.com/news/security/google-ads-push-virtualized-malware-made-for-antivirus-evasion/

#Killnet is building its profile, inspiring jewelry sales and rap anthems. But the impact of its DDoS attacks, like the ones that targeted 14 major US hospitals this week, remain largely questionable

#CoSoSec

Inside Killnet:

https://www.darkreading.com/ics-ot/killnet-pro-russia-hacktivist-group-support-influence-grows

A new attack campaign has been targeting the gaming and gambling sectors since at least September 2022, just as the ICE London 2023 gaming industry trade fair event is scheduled to kick off next week.

Israeli cybersecurity company Security Joes is tracking the activity cluster under the name Ice Breaker, stating the intrusions employ clever social engineering tactics to deploy a JavaScript backdoor.

#CoSoSec #CoSoGaming

https://www.securityjoes.com/post/operation-ice-breaker-targets-the-gam-bl-ing-industry-right-before-it-s-biggest-gathering