Microsoft is looking into LSASS memory leaks (caused by Windows Server updates released during the November Patch Tuesday) that may result in domain controller freezes and restarts. LSASS (Local Security Authority Subsystem Service) is in charge of enforcing security policies on Windows systems and managing access tokens, password changes, and user logins. 

If this service fails, logged-in users lose access to their Windows accounts on the machine and are presented with a system restart error followed by a system reboot. 

Out-of-band Windows updates pushed out to address authentication issues on Windows domain controllers may also be affected by this known issue, according to Redmond. Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2 are all affected. Microsoft is working on a solution and promises an update in an upcoming release.

"Once this known issue is resolved, you should set KrbtgtFullPacSignature to a higher setting depending on what your environment will allow," Microsoft added.

"It is recommended to enable Enforcement mode as soon as your environment is ready. For more information on this registry key, please see KB5020805: How to manage Kerberos protocol changes related to CVE-2022-37967."

On November 16, an actor advertised a 2022 database of 487 million WhatsApp user mobile numbers on a well-known hacking community forum. The dataset is said to contain WhatsApp user data from 84 different countries. 

According to the threat actor, there are over 32 million US user records included. Egypt (45 million), Italy (35 million), Saudi Arabia (29 million), France (20 million), and Turkey each have a sizable number of phone numbers (20 million). The dataset for sale also allegedly contains the phone numbers of nearly 10 million Russians and over 11 million UK citizens. The threat actor told Cybernews that they were selling the US dataset for $7,000, the UK dataset for $2,500, and the German dataset for $2,000.

Head of Cybernews research team Mantas Sasnauskas said, “In this age, we all leave a sizeable digital footprint – and tech giants like Meta should take all precautions and means to safeguard that data. We should ask whether an added clause of ‘scraping or platform abuse is not permitted in the Terms and Conditions’ is enough. Threat actors don’t care about those terms, so companies should take rigorous steps to mitigate threats and prevent platform abuse from a technical standpoint.”

As per The Markup, popular tax preparation software such as TaxAct, TaxSlayer, and H&R Block sent sensitive financial information to Facebook's parent company Meta via its widely used code known as a pixel, which helps developers track user activity on their sites. 

In accordance with a report published on Tuesday by The Verge, Meta pixel trackers in the software sent information such as names, email addresses, income information, and refund amounts to Meta, violating its policies. The Markup also discovered that TaxAct sent similar financial data to Google via its analytics tool, though the data did not include names.

An H&R Block spokesperson said the company takes “protecting our clients’ privacy very seriously, and we are taking steps to mitigate the sharing of client information via pixels.” 

A TaxSlayer representative did not immediately respond to CNBC's request for comment.

Last summer, John Smith* had just returned to Sydney after more than a decade abroad when he met someone online. He began chatting with a man named Tahn Daniel Lee on the dating app Grindr. Lee was undergoing treatment for COVID at the time, so they communicated online for a few weeks before meeting in Sydney's Surry Hills for their first date - a Japanese dinner followed by Messina ice cream. The date would be one of many in a relationship that progressed quickly before taking a dark turn when Smith began to suspect Lee was watching his bank accounts.

“Because, what is the recourse? Businesses just aren’t doing the risk management that’s required. The tone starts from the top, ” says former Australian Federal Police investigator turned cyber expert Nigel Phair.

“I asked him how he was able to do this without my consent or authority (one-time pin etc), and he replied, ‘because the system is completely open, I have god mode’,” Smith wrote in a complaint later filed with American Express.

“I am satisfied the financial firm has investigated the matters raised by the complainant, and in the circumstances, it has responded appropriately,” AFCA found.

In a widespread phishing campaign, a Chinese hacking group known as "Fangxiao" is using thousands of imposter domains to target victims. Thousands are at risk from the Fangxiao phishing campaign. Thousands of people are at risk as a result of a massive phishing campaign run by the Chinese hacking group "Fangxiao." 

To facilitate phishing attacks, this campaign used 42,000 imposter domains. These bogus domains are intended to direct users to adware (advertising malware) apps, giveaways, and dating websites. The 42,000 phony domains used in this campaign were discovered by Cyjax, a cybersecurity and threat solutions company. The scam was described as sophisticated in a Cyjax blog post by Emily Dennison and Alana Witten, with the ability to "exploit the reputation of international, trusted brands in multiple verticals including retail, banking, travel, pharmaceuticals, travel, and energy".

The scam commences with a nefarious WhatsApp message impersonating a well-known brand. Emirates, Coca-Cola, McDonald's, and Unilever are examples of such brands. This message contains a link to a webpage that has been enticingly designed. The redirection site is determined by the target's IP address as well as their user agent.

For example, McDonald's may advertise a free giveaway. When the victim completes their registration for the giveaway, the Triada Trojan malware can be downloaded. Malware can also be installed through the download of a specific app, which victims are instructed to install in order to continue participating in the giveaway.

Checkmarx cybersecurity researchers discovered over two dozen malicious packages on PyPI, a popular repository for Python developers, and published their findings in a new report (opens in new tab). 

These malicious packages, which are designed to look almost identical to legitimate ones, attempt to dupe inexperienced developers into downloading and installing the wrong one, thereby spreading malware. The practice is known as typosquatting, and it is widely used by cybercriminals who target software developers. 

The attackers use two distinct methods to conceal the malware: steganography and polymorphism. Steganography is the practice of concealing code within an image, allowing threat actors to spread malicious code via seemingly innocent.JPGs and.PNGs. Polymorphic malware, on the other hand, changes the payload with each installation, allowing it to avoid detection by antivirus software and other cybersecurity solutions.

Worok, based on its toolkit, is thought to be the work of a cyberespionage group that operates quietly, moves laterally across target networks, and steals sensitive data. It also appears to be using its own, proprietary tools, as no one else has been observed using them.

Fraudsters attempt to steal paper checks from mailboxes, "washing" them with nail polish remover and filling in new amounts and payees, causing victims and their banks, which usually foot the bill, to suffer indefinitely. The black market for "glass" — pilfered checks sold online with the assurance that they will clear at the bank — is becoming more widespread and sophisticated. 

Criminals are diversifying into the sale of stolen account numbers and identity theft, as well as the "arrow keys" used by mail carriers to open multiple boxes. Following the theft of the checks, a large amount of mail, including mail-in voter ballots, is dumped. Thieves either "fish" letters out of the mail slot or rob postal workers of their mail and arrow keys. 

"We see [sellers] offering $1,000 to $7,000 a key, depending on the number of mailboxes in the ZIP code," states David Maimon, a cybercrime expert at Georgia State University who has been tracking the surge.

Google has consented to a $391.5 million settlement with 40 states over its use of location tracking, according to Oregon Attorney General Ellen Rosenblum. Even when users thought they had turned off location tracking in their account settings, Google continued to collect information about their whereabouts, according to Oregon's Attorney General's office. 

Cybercriminals frequently target all websites. Data theft, remote access, and malware distribution can all occur through social media platforms, online retailers, file-sharing services, and other types of online services. Hackers employ a variety of techniques to infiltrate websites, the top 5 types of attacks are discussed in this article. 

Overnight, a 9.5-gigabyte archive of information pertaining to [the French company] Thales was published on the website of the cybercrime gang Lockbit. The archive houses information about Thales contracts and partnerships in Italy and Malaysia. When contacted by Le Monde, Thales confirmed that the data had been posted on the hackers' website, but claimed that "no intrusion" had occurred into the company's IT system. 

"Thales' security experts have narrowed down one of two possible sources of the information theft. It was a partner's account on a dedicated exchange portal that led to the disclosure of a limited amount of information," said a company spokesperson, adding that its teams are working to identify the second source. Thales also stated that the data leak has no impact on its business.

As per the US Attorney's Office, a file on the suspect's computer contained a list of past and future Lockbit group targets. During a second search, investigators discovered a cryptocurrency wallet belonging to the suspect, which contained 0.8 bitcoin (€13,482 at the time of publication). This bitcoin came from a ransom payment made by one of the Lockbit group's victims. The suspect faces a maximum sentence of five years in prison.

A slew of household names has recently been accused of misconfigured cloud storage buckets overflowing with unencrypted data, shedding light on a cybersecurity problem that appears to have no solution. Anurag Sen, a security researcher, revealed just last week that an Amazon server had exposed data on Amazon Prime members' viewing habits. 

GitHub, a Microsoft-owned code hosting platform, has announced the launch of a direct channel for security researchers to report vulnerabilities in public repositories that allow it. The new private vulnerability reporting capability allows repository administrators to enable security researchers to report any vulnerabilities found in their code to them. 

Some repositories may include instructions on how to contact the maintainers for vulnerability reporting, but for those that do not, researchers frequently report issues publicly. Whether the researcher reports the vulnerability through social media or by creating a public issue, this method may make vulnerability details insufficiently public. 

To avoid such situations, GitHub has implemented private reporting, which allows researchers to contact repository maintainers who are willing to enroll directly. If the functionality is enabled, the reporting security researchers are given a simple form to fill out with information about the identified problem.

The platform will provide a $20,000 incentive to 20 developers who maintain open-source repositories through the new GitHub Accelerator initiative. While, the new $10 million M12 GitHub Fund will support future open-source companies.

The unified payments interface (UPI) was a huge success. On the other hand, people are increasingly being cheated when conducting online transactions. UPI frauds contributed significantly to a 15.3% increase in the overall number of complaints reported on the National Cybercrime Reporting Portal (NCRP) between the first and second quarters of 2022, according to data from the Ministry of Home Affairs.

While the total number of registered complaints in the first quarter of 2022 was 206,198, it increased by 15.3 percent to 237,658 in the second quarter. The number of 'UPI fraud complaints,' a cyber crime category under NCRP, increased from 62,350 in Q1 2022 to 84,145 in Q2 2022.

On Monday, Medibank Private Ltd (MPL.AX), Australia's largest health insurer, stated that no ransom payment will be made to the criminal responsible for a recent data theft in which the data of approximately 9.7 million current and former customers was compromised. 

Highlighting the findings of the firm's investigation thus far, Medibank confirmed that the data theft accessed the name, date of birth, address, phone number, and email addresses of approximately 9.7 million current and former customers. Cyber security issues in Australia have skyrocketed in recent years, according to a government report, with one attack occurring every seven minutes.

"Based on the extensive advice we have received from cybercrime experts we believe there is only a limited chance paying a ransom would ensure the return of our customers' data and prevent it from being published," Medibank CEO David Koczkar said.

After configuring all of the devices, you're likely to forget your home Wi-Fi password. That is until a friend or family member arrives and requests access to your network. What was the password, again? Is it the ridiculously long number on the back of your router? Even if you don't have the Wi-Fi password saved anywhere or memorized it, there is a way to find all of your Wi-Fi passwords in one place. Simply check your computer. 

The Wi-Fi password is permanently stored in your settings as long as your Windows or Mac computer has previously connected to the network. It may take some digging on your part, but all of the passwords are available.

On MacOS and Windows, here's how to find the passwords for all Wi-Fi networks you've ever connected to. Find out more about the 17 most important settings for customising your MacBook or how to get the most out of Windows 11.

Following a cyberattack on Saturday, October 29, 2022, the Atacama Large Millimeter Array (ALMA) Observatory in Chile has suspended all astronomical observation operations and taken its public website offline. 

Based on a new report published by cybersecurity firm Group-IB, a French-speaking cybercrime group may have stolen more than $30 million from banks and other types of organizations in recent years. 

Group-IB has identified the threat actor as Opera1er. Others have previously investigated some of its activities, naming it Common Raven, Desktop-Group, and NXSMS. The cybersecurity firm is aware of 30 successful attacks carried out between 2019 and 2021, with many of the victims being attacked multiple times. 

The majority of the attacks targeted African banks, but victims also included financial services, mobile banking services, and telecommunications companies. Victims were discovered in 15 countries across Africa, Latin America, and Asia.

“In at least two banks, Opera1er got access to the SWIFT messaging interface,” Group-IB explained. “In one incident, the hackers obtained access to an SMS server which could be used to bypass anti-fraud or to cash out money via payment systems or mobile banking systems. In another incident, Opera1er used an antivirus update server which was deployed in the infrastructure as a pivoting point.”

Researchers have issued a warning about enterprise software misconfigurations that result in the leak of sensitive records on urlscan.io. 

Urlscan.io is a website scanning and analysis platform. The system accepts URLs and generates a wealth of data, including domains, IP addresses, DOM information, and cookies, as well as screenshots. According to the developers, the engine's goal is to enable "anyone to easily and confidently analyze unknown and potentially malicious websites."

Many enterprise customers and open-source projects are supported by Urlscan.io, and an API is provided to integrate these checks into third-party products. GitHub alert Positive Security stated in a blog post published today (November 2) that the urlscan API came to its attention as a result of an email sent by GitHub in February warning customers that GitHub Pages URLs had been accidentally leaked via a third-party during metadata analysis.

A database containing Amazon Prime Video users' viewing habits, which was stored on an internal Amazon server, was accidentally exposed online and could be accessed by anyone with a web browser. 

In accordance with a new report, hackers are selling access to 576 corporate networks worldwide for a total cumulative sales price of $4,000,000, fueling enterprise attacks. The findings come from the Israeli cyber-intelligence firm KELA, which published its Q3 2022 ransomware report, which showed stable activity in the initial access sales sector but a significant increase in the value of the offerings. Despite the fact that the number of network access sales remained roughly the same as in the previous two quarters, the total requested price has now reached $4,000,000. In comparison, the total value of initial access listings in Q2 2022 was $660,000, a decrease that coincided with the summer ransomware hiatus, which hampered demand. 

The Rise of Ransomware