Google Discloses Flaws in Signal, FB Messenger, JioChat Messaging Apps – Tempemail

In January 2019, a critical flaw was reported in Apple’s FaceTime group chats feature that made it possible for users to initiate a FaceTime video call and eavesdrop on targets by adding their own number as a third person in a group chat even before the person on the other Continue Reading

SolarWinds Hackers Also Breached Malwarebytes Cybersecurity Firm – Tempemail

Malwarebytes on Tuesday said it was breached by the same group who broke into SolarWinds to access some of its internal emails, making it the fourth major cybersecurity vendor to be targeted after FireEye, Microsoft, and CrowdStrike. The company said its intrusion was not the result of a SolarWinds compromise, Continue Reading

Researchers Discover Raindrop — 4th Malware Linked to the SolarWinds Attack – Tempemail

Cybersecurity researchers have unearthed a fourth new malware strain—designed to spread the malware onto other computers in victims’ networks—which was deployed as part of the SolarWinds supply chain attack disclosed late last year. Dubbed “Raindrop” by Broadcom-owned Symantec, the malware joins the likes of other malicious implants such as Sunspot, Continue Reading

A Set of Severe Flaws Affect Popular DNSMasq DNS Forwarder – Tempemail

Cybersecurity researchers have uncovered multiple vulnerabilities in Dnsmasq, a popular open-source software used for caching Domain Name System (DNS) responses, thereby potentially allowing an adversary to mount DNS cache poisoning attacks and remotely execute malicious code. The flaws, collectively called “DNSpooq” by Israeli research firm JSOF, echoes previously disclosed weaknesses Continue Reading

FreakOut! Ongoing Botnet Attack Exploiting Recent Linux Vulnerabilities – Tempemail

An ongoing malware campaign has been found exploiting recently disclosed vulnerabilities in Linux devices to co-opt the systems into an IRC botnet for launching distributed denial-of-service (DDoS) attacks and mining Monero cryptocurrency. The attacks involve a new malware variant called “FreakOut” that leverages newly patched flaws in TerraMaster, Laminas Project Continue Reading

New Educational Video Series for CISOs with Small Security Teams – Tempemail

Cybersecurity is hard. For a CISO that faces the cyber threat landscape with a small security team, the challenge is compounded. Compared to CISOs at large enterprises, CISOs small to medium-sized enterprises (SMEs) have smaller teams with less expertise, smaller budgets for technology and outside services, and are more involved Continue Reading

Apple Removes macOS Feature That Allowed Apps to Bypass Firewall Security – Tempemail

Apple has removed a controversial feature from its macOS operating system that allowed the company’s own first-party apps to bypass content filters, VPNs, and third-party firewalls. Called “ContentFilterExclusionList,” it included a list of as many as 50 Apple apps like iCloud, Maps, Music, FaceTime, HomeKit, the App Store, and its Continue Reading

WhatsApp Delays Controversial ‘Data-Sharing’ Privacy Policy Update By 3 Months – Tempemail

WhatsApp said on Friday that it wouldn’t enforce its recently announced controversial data sharing policy update until May 15. Originally set to go into effect next month on February 8, the three-month delay comes following “a lot of misinformation” about a revision to its privacy policy that allows WhatsApp to Continue Reading

NSA Suggests Enterprises Use ‘Designated’ DNS-over-HTTPS’ Resolvers – Tempemail

The U.S. Tempemail Security Agency (NSA) on Friday said DNS over HTTPS (DoH) — if configured appropriately in enterprise environments — can help prevent “numerous” initial access, command-and-control, and exfiltration techniques used by threat actors. “DNS over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), often referred to as DNS Continue Reading

Joker’s Stash, The Largest Carding Marketplace, Announces Shutdown – Tempemail

Joker’s Stash, the largest dark web marketplace notorious for selling compromised payment card data, has announced plans to shut down its operations on February 15, 2021. In a message board post on a Russian-language underground cybercrime forum, the operator of the site — who goes by the name “JokerStash” — Continue Reading