FreshRSS

🔒
❌ About FreshRSS
There are new available articles, click to refresh the page.
Before yesterdayYour RSS feeds

VMware Alert: Uninstall EAP Now - Critical Flaw Puts Active Directory at Risk

By Newsroom
VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin (EAP) following the discovery of a critical security flaw. Tracked as CVE-2024-22245 (CVSS score: 9.6), the vulnerability has been described as an arbitrary authentication relay bug. "A malicious actor could trick a target domain user with EAP installed in their web browser into requesting and relaying

Russian-Linked Hackers Target 80+ Organizations via Roundcube Flaws

By Newsroom
Threat actors operating with interests aligned to Belarus and Russia have been linked to a new cyber espionage campaign that likely exploited cross-site scripting (XSS) vulnerabilities in Roundcube webmail servers to target over 80 organizations. These entities are primarily located in Georgia, Poland, and Ukraine, according to Recorded Future, which attributed the intrusion set to a threat

Alert: CISA Warns of Active 'Roundcube' Email Attacks - Patch Now

By Newsroom
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Roundcube email software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The issue, tracked as CVE-2023-43770 (CVSS score: 6.1), relates to a cross-site scripting (XSS) flaw that stems from the handling of

New Coyote Trojan Targets 61 Brazilian Banks with Nim-Powered Attack

By Newsroom
Sixty-one banking institutions, all of them originating from Brazil, are the target of a new banking trojan called Coyote. "This malware utilizes the Squirrel installer for distribution, leveraging Node.js and a relatively new multi-platform programming language called Nim as a loader to complete its infection," Russian cybersecurity firm Kaspersky said in a Thursday report. What

Hackers Exploit Job Boards, Stealing Millions of Resumes and Personal Data

By Newsroom
Employment agencies and retail companies chiefly located in the Asia-Pacific (APAC) region have been targeted by a previously undocumented threat actor known as ResumeLooters since early 2023 with the goal of stealing sensitive data. Singapore-headquartered Group-IB said the hacking crew's activities are geared towards job search platforms and the theft of resumes, with as many as 65

Juniper Networks Releases Urgent Junos OS Updates for High-Severity Flaws

By Newsroom
Juniper Networks has released out-of-band updates to address high-severity flaws in SRX Series and EX Series that could be exploited by a threat actor to take control of susceptible systems. The vulnerabilities, tracked as CVE-2024-21619 and CVE-2024-21620, are rooted in the J-Web component and impact all versions of Junos OS. Two other shortcomings, CVE-2023-36846 and CVE-2023-

Albabat, Kasseika, Kuiper: New Ransomware Gangs Rise with Rust and Golang

By Newsroom
Cybersecurity researchers have detected in the wild yet another variant of the Phobos ransomware family known as Faust. Fortinet FortiGuard Labs, which detailed the latest iteration of the ransomware, said it's being propagated by means of an infection that delivers a Microsoft Excel document (.XLAM) containing a VBA script. "The attackers utilized the Gitea service to store several files

Critical Jenkins Vulnerability Exposes Servers to RCE Attacks - Patch ASAP!

By Newsroom
The maintainers of the open-source continuous integration/continuous delivery and deployment (CI/CD) automation software Jenkins have resolved nine security flaws, including a critical bug that, if successfully exploited, could result in remote code execution (RCE). The issue, assigned the CVE identifier CVE-2024-23897, has been described as an arbitrary file read vulnerability through the

Balada Injector Infects Over 7,100 WordPress Sites Using Plugin Vulnerability

By Newsroom
Thousands of WordPress sites using a vulnerable version of the Popup Builder plugin have been compromised with a malware called Balada Injector. First documented by Doctor Web in January 2023, the campaign takes place in a series of periodic attack waves, weaponizing security flaws WordPress plugins to inject backdoor designed to redirect visitors of infected sites to bogus tech

Alert: New Vulnerabilities Discovered in QNAP and Kyocera Device Manager

By Newsroom
A security flaw has been disclosed in Kyocera’s Device Manager product that could be exploited by bad actors to carry out malicious activities on affected systems. "This vulnerability allows attackers to coerce authentication attempts to their own resources, such as a malicious SMB share, to capture or relay Active Directory hashed credentials if the ‘Restrict NTLM: Outgoing NTLM

Beware: 3 Malicious PyPI Packages Found Targeting Linux with Crypto Miners

By Newsroom
Three new malicious packages have been discovered in the Python Package Index (PyPI) open-source repository with capabilities to deploy a cryptocurrency miner on affected Linux devices. The three harmful packages, named modularseven, driftme, and catme, attracted a total of 431 downloads over the past month before they were taken down. “These packages, upon initial use, deploy a CoinMiner

CERT-UA Uncovers New Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK

By Newsroom
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign orchestrated by the Russia-linked APT28 group to deploy previously undocumented malware such as OCEANMAP, MASEPIE, and STEELHOOK to harvest sensitive information. The activity, which was detected by the agency between December 15 and 25, 2023, targeted Ukrainian

New JavaScript Malware Targeted 50,000+ Users at Dozens of Banks Worldwide

By Newsroom
A new piece of JavaScript malware has been observed attempting to steal users' online banking account credentials as part of a campaign that has targeted more than 40 financial institutions across the world. The activity cluster, which employs JavaScript web injections, is estimated to have led to at least 50,000 infected user sessions spanning North America, South America, Europe, and Japan.

Play Ransomware Goes Commercial - Now Offered as a Service to Cybercriminals

By Newsroom
The ransomware strain known as Play is now being offered to other threat actors "as a service," new evidence unearthed by Adlumin has revealed. "The unusual lack of even small variations between attacks suggests that they are being carried out by affiliates who have purchased the ransomware-as-a-service (RaaS) and are following step-by-step instructions from playbooks delivered with it," the

Randstorm Exploit: Bitcoin Wallets Created b/w 2011-2015 Vulnerable to Hacking

By Newsroom
Bitcoin wallets created between 2011 and 2015 are susceptible to a new kind of exploit called Randstorm that makes it possible to recover passwords and gain unauthorized access to a multitude of wallets spanning several blockchain platforms. "Randstorm() is a term we coined to describe a collection of bugs, design decisions, and API changes that, when brought in contact with each other, combine

Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks

By Newsroom
Russian cyber espionage actors affiliated with the Federal Security Service (FSB) have been observed using a USB propagating worm called LitterDrifter in attacks targeting Ukrainian entities. Check Point, which detailed Gamaredon's (aka Aqua Blizzard, Iron Tilden, Primitive Bear, Shuckworm, and Winterflounder) latest tactics, branded the group as engaging in large-scale campaigns that are

27 Malicious PyPI Packages with Thousands of Downloads Found Targeting IT Experts

By Newsroom
An unknown threat actor has been observed publishing typosquat packages to the Python Package Index (PyPI) repository for nearly six months with an aim to deliver malware capable of gaining persistence, stealing sensitive data, and accessing cryptocurrency wallets for financial gain. The 27 packages, which masqueraded as popular legitimate Python libraries, attracted thousands of downloads,

Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups

By Newsroom
A zero-day flaw in the Zimbra Collaboration email software was exploited by four different groups in real-world attacks to pilfer email data, user credentials, and authentication tokens. "Most of this activity occurred after the initial fix became public on GitHub," Google Threat Analysis Group (TAG) said in a report shared with The Hacker News. The flaw, tracked as CVE-2023-37580 (CVSS score:

Critical Flaws Discovered in Veeam ONE IT Monitoring Software – Patch Now

By Newsroom
Veeam has released security updates to address four flaws in its ONE IT monitoring and analytics platform, two of which are rated critical in severity. The list of vulnerabilities is as follows - CVE-2023-38547 (CVSS score: 9.9) - An unspecified flaw that can be leveraged by an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration

48 Malicious npm Packages Found Deploying Reverse Shells on Developer Systems

By Newsroom
A new set of 48 malicious npm packages have been discovered in the npm repository with capabilities to deploy a reverse shell on compromised systems. "These packages, deceptively named to appear legitimate, contained obfuscated JavaScript designed to initiate a reverse shell on package install," software supply chain security firm Phylum said. All the counterfeit packages have been published by

Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software

By Newsroom
The threat actor known as Winter Vivern has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023, to harvest email messages from victims' accounts. "Winter Vivern has stepped up its operations by using a zero-day vulnerability in Roundcube," ESET security researcher Matthieu Faou said in a new report published today. Previously, it was using known

Over 3 Dozen Data-Stealing Malicious npm Packages Found Targeting Developers

By Newsroom
Nearly three dozen counterfeit packages have been discovered in the npm package repository that are designed to exfiltrate sensitive data from developer systems, according to findings from Fortinet FortiGuard Labs. One set of packages – named @expue/webpack, @expue/core, @expue/vue3-renderer, @fixedwidthtable/fixedwidthtable, and @virtualsearchtable/virtualsearchtable – harbored an obfuscated

Researchers Detail 8 Vulnerabilities in Azure HDInsight Analytics Service

By THN
More details have emerged about a set of now-patched cross-site scripting (XSS) flaws in the Microsoft Azure HDInsight open-source analytics service that could be weaponized by a threat actor to carry out malicious activities. "The identified vulnerabilities consisted of six stored XSS and two reflected XSS vulnerabilities, each of which could be exploited to perform unauthorized actions,

Ghostscript bug could allow rogue documents to run system commands

By Paul Ducklin
Even if you've never heard of the venerable Ghostscript project, you may have it installed without knowing.

Powerful JavaScript Dropper PindOS Distributes Bumblebee and IcedID Malware

By Ravie Lakshmanan
A new strain of JavaScript dropper has been observed delivering next-stage payloads like Bumblebee and IcedID. Cybersecurity firm Deep Instinct is tracking the malware as PindOS, which contains the name in its "User-Agent" string. Both Bumblebee and IcedID serve as loaders, acting as a vector for other malware on compromised hosts, including ransomware. A recent report from Proofpoint 

Severe Vulnerabilities Reported in Microsoft Azure Bastion and Container Registry

By Ravie Lakshmanan
Two "dangerous" security vulnerabilities have been disclosed in Microsoft Azure Bastion and Azure Container Registry that could have been exploited to carry out cross-site scripting (XSS) attacks. "The vulnerabilities allowed unauthorized access to the victim's session within the compromised Azure service iframe, which can lead to severe consequences, including unauthorized data access,

New Flaw in WordPress Plugin Used by Over a Million Sites Under Active Exploitation

By Ravie Lakshmanan
A security vulnerability has been disclosed in the popular WordPress plugin Essential Addons for Elementor that could be potentially exploited to achieve elevated privileges on affected sites. The issue, tracked as CVE-2023-32243, has been addressed by the plugin maintainers in version 5.7.2 that was shipped on May 11, 2023. Essential Addons for Elementor has over one million active

New Vulnerability in Popular WordPress Plugin Exposes Over 2 Million Sites to Cyberattacks

By Ravie Lakshmanan
Users of Advanced Custom Fields plugin for WordPress are being urged to update version 6.1.6 following the discovery of a security flaw. The issue, assigned the identifier CVE-2023-30777, relates to a case of reflected cross-site scripting (XSS) that could be abused to inject arbitrary executable scripts into otherwise benign websites. The plugin, which is available both as a free and pro

Lack of Visibility: The Challenge of Protecting Websites from Third-Party Scripts

By The Hacker News
Third-party apps such as Google Analytics, Meta Pixel, HotJar, and JQuery have become critical tools for businesses to optimize their website performance and services for a global audience. However, as their importance has grown, so has the threat of cyber incidents involving unmanaged third-party apps and open-source tools. Online businesses increasingly struggle to maintain complete visibility

Critical Flaws in vm2 JavaScript Library Can Lead to Remote Code Execution

By Ravie Lakshmanan
A fresh round of patches has been made available for the vm2 JavaScript library to address two critical flaws that could be exploited to break out of sandbox protections and achieve code execution. Both the flaws – CVE-2023-29199 and CVE-2023-30547 – are rated 9.8 out of 10 on the CVSS scoring system and have been addressed in versions 3.9.16 and 3.9.17, respectively. Successful exploitation of

Jenkins Security Alert: New Security Flaws Could Allow Code Execution Attacks

By Ravie Lakshmanan
A pair of severe security vulnerabilities have been disclosed in the Jenkins open source automation server that could lead to code execution on targeted systems. The flaws, tracked as CVE-2023-27898 and CVE-2023-27905, impact the Jenkins server and Update Center, and have been collectively christened CorePlague by cloud security firm Aqua. All versions of Jenkins versions prior to 2.319.2 are

Unpatched Security Flaws Disclosed in Multiple Document Management Systems

By Ravie Lakshmanan
Multiple unpatched security flaws have been disclosed in open source and freemium Document Management System (DMS) offerings from four vendors LogicalDOC, Mayan, ONLYOFFICE, and OpenKM. Cybersecurity firm Rapid7 said the eight vulnerabilities offer a mechanism through which "an attacker can convince a human operator to save a malicious document on the platform and, once the document is indexed

Experts Warn of 'Ice Breaker' Cyberattacks Targeting Gaming and Gambling Industry

By Ravie Lakshmanan
A new attack campaign has been targeting the gaming and gambling sectors since at least September 2022, just as the ICE London 2023 gaming industry trade fair event is scheduled to kick off next week. Israeli cybersecurity company Security Joes is tracking the activity cluster under the name Ice Breaker, stating the intrusions employ clever social engineering tactics to deploy a JavaScript

Earth Bogle Campaign Unleashes NjRAT Trojan on Middle East and North Africa

By Ravie Lakshmanan
An ongoing campaign dubbed Earth Bogle is leveraging geopolitical-themed lures to deliver the NjRAT remote access trojan to victims across the Middle East and North Africa. "The threat actor uses public cloud storage services such as files[.]fm and failiem[.]lv to host malware, while compromised web servers distribute NjRAT," Trend Micro said in a report published Wednesday. Phishing emails,

Australian Healthcare Sector Targeted in Latest Gootkit Malware Attacks

By Ravie Lakshmanan
A recent wave of Gootkit malware loader attacks has targeted the Australian healthcare sector by leveraging legitimate tools like VLC Media Player. Gootkit, also called Gootloader, is known to employ search engine optimization (SEO) poisoning tactics (aka spamdexing) for initial access. It typically works by compromising and abusing legitimate infrastructure and seeding those sites with common

New shc-based Linux Malware Targeting Systems with Cryptocurrency Miner

By Ravie Lakshmanan
A new Linux malware developed using the shell script compiler (shc) has been observed deploying a cryptocurrency miner on compromised systems. "It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware were installed on the target system," AhnLab Security Emergency Response Center (ASEC) said in a report published

GuLoader Malware Utilizing New Techniques to Evade Security Software

By Ravie Lakshmanan
Cybersecurity researchers have exposed a wide variety of techniques adopted by an advanced malware downloader called GuLoader to evade security software. "New shellcode anti-analysis technique attempts to thwart researchers and hostile environments by scanning entire process memory for any virtual machine (VM)-related strings," CrowdStrike researchers Sarang Sonawane and Donato Onofri said in a

Two New Security Flaws Reported in Ghost CMS Blogging Software

By Ravie Lakshmanan
Cybersecurity researchers have detailed two security flaws in the JavaScript-based blogging platform known as Ghost, one of which could be abused to elevate privileges via specially crafted HTTP requests. Ghost is an open source blogging platform that's used in more than 52,600 live websites, most of them located in the U.S., the U.K., German, China, France, Canada, and India. Tracked as CVE-

Researchers Disclose Critical RCE Vulnerability Affecting Quarkus Java Framework

By Ravie Lakshmanan
A critical security vulnerability has been disclosed in the Quarkus Java framework that could be potentially exploited to achieve remote code execution on affected systems. Tracked as CVE-2022-4116 (CVSS score: 9.8), the shortcoming could be trivially abused by a malicious actor without any privileges. "The vulnerability is found in the Dev UI Config Editor, which is vulnerable to drive-by

Critical RCE Flaw Reported in Spotify's Backstage Software Catalog and Developer Platform

By Ravie Lakshmanan
Spotify's Backstage has been discovered as vulnerable to a severe security flaw that could be exploited to gain remote code execution by leveraging a recently disclosed bug in a third-party module. The vulnerability (CVSS score: 9.8), at its core, takes advantage of a critical sandbox escape in vm2, a popular JavaScript sandbox library (CVE-2022-36067 aka Sandbreak), that came to light last

Researchers Detail Critical RCE Flaw Reported in Popular vm2 JavaScript Sandbox

By Ravie Lakshmanan
A now-patched security flaw in the vm2 JavaScript sandbox module could be abused by a remote adversary to break out of security barriers and perform arbitrary operations on the underlying machine. "A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox," GitHub said in an advisory published on September 28, 2022. <!--adsense--> The

Comm100 Chat Provider Hijacked to Spread Malware in Supply Chain Attack

By Ravie Lakshmanan
A threat actor likely with associations to China has been attributed to a new supply chain attack that involves the use of a trojanized installer for the Comm100 Live Chat application to distribute a JavaScript backdoor. Cybersecurity firm CrowdStrike said the attack made use of a signed Comm100 desktop agent app for Windows that was downloadable from the company's website. The scale of the

JavaScript bugs aplenty in Node.js ecosystem – found automatically

By Paul Ducklin
How to get the better of bugs in all the possible packages in your supply chain?

Hackers Using Fake DDoS Protection Pages to Distribute Malware

By Ravie Lakshmanan
WordPress sites are being hacked to display fraudulent Cloudflare DDoS protection pages that lead to the delivery of malware such as NetSupport RAT and Raccoon Stealer. "A recent surge in JavaScript injections targeting WordPress sites has resulted in fake DDoS prevent prompts which lead victims to download remote access trojan malware," Sucuri's Ben Martin said in a write-up published last week

How to Delete Old Accounts Containing Personal Information

By McAfee

Your digital footprint grows with every internet account you make. While your old Tumblr account may be fun for reminiscing, dormant accounts are actually one of the most significant sources of user data on the internet. These accounts can be used by data brokers or third parties to access your personal information.  

To improve your data security, it’s good practice to remove public-facing information by deleting unused accounts. Simply put, having less personal data stored on the internet reduces the risk of theft and/or non-consensual data usage.  

Deleting, canceling, unsubscribing, or removing your account can be a long process, depending on the service. This article will walk you through the simplest ways to delete unwanted accounts from various social media platforms.  

Why you should delete old accounts

Deleting unwanted accounts protects your information and prevents the monetization of your data. Your internet accounts often hold personal information like your name, age, email, or home address. What’s more alarming is that some platforms may even have credit card details, phone numbers, and bank account information. 

When left unattended, internet accounts become vulnerable to being suspended or taken over by the platform. This means that if your accounts are left inactive for too long, you might be handing some or all of your data over to the tech platform.  

For example, even if you believe an old Google account doesn’t have any sensitive information stored, it may be linked to other platforms you use (like Amazon or Google services like Gmail and Google Play). This exposes all of these accounts to several data privacy vulnerabilities.  

Moreover, a recent survey found that 70% of surveyed adults admitted using the same password for more than one service. People who don’t use password managers or reuse passwords are at a greater security risk than others, as multiple accounts can become compromised at once. Whether the platform is now out of service or you are cutting down on your app usage, deleting dormant accounts will minimize security threats and safeguard your data.  

How to permanently delete old accounts, by platform

Every platform has a different process for deleting accounts: Some take only a few clicks to complete and others are a little longer. Companies usually don’t want a user to stop using their services, so account deletion pages are often hidden in a complex web of tabs that you have to navigate.  

In addition, some subscription services might require that you send an email to customer support to close your account. You can go to justdelete.me, an online directory that lets you access direct links to account deletion pages of various web services. 

Remember to download your personal information and data before pulling the plug on your account. Most platforms let you download your data before initiating a deletion request, which saves you from losing important details and files. It is also important to check whether your Google account is used for your YouTube channel or connected to other online accounts. 

To help you get rid of accounts you no longer use, we’ve broken down deleting accounts from some of the most popular social networks. The steps described below are for a desktop browser and may not apply to Android or iOS devices (unless specified).  

How to delete Facebook accounts

Facebook’s user privacy policy enables it to store a large amount of user information, including personal messages, posts, search history, name, age, birthdate, and even metadata from posted photos and videos.  

Follow these simple steps to delete your Facebook account 

  • After logging in from your desktop, click the arrow in the top-right corner  
  • Go to Settings 
  • Click on “Your Facebook Information” tab 
  • Click on “Deactivation and Deletion” 
  • Choose “Delete Account” from menu 
  • Enter password to confirm 
  • Click “Delete Account 

How to delete LinkedIn accounts

LinkedIn collects information on users and uses it for targeted advertising. As a result, it amasses quite a lot of your data, from professional details to personal preferences and even your online behavior trail.  

Follow these simple steps from your desktop to delete your account:  

  • Click on your profile avatar in the top-right corner 
  • Click on “Account Preferences” 
  • Scroll to Account Management and click on “Close Account” 
  • Select a reason for deleting your account 
  • Type password to confirm 

How to delete Twitter accounts

It’s simple to delete your Twitter account, but you’ll have to wait 30 days for your data and tweets to clear. To delete your account, you first need to deactivate it.  

Once you’ve decided to delete your account from the micro-blogging site, follow these steps from your desktop:  

  • From the navigation menu on the left, click on “Settings and Privacy” 
  • Go to “Your Account” tab 
  • Click on “Deactivate your account”  
  • If you don’t choose to reactivate within 30 days, your account will automatically be deleted  

Remember to revoke third-party access to your Twitter account to avoid having your account reactivated in the 30 days following deactivation. 

How to delete Instagram accounts

Since Facebook and Instagram are both owned by Meta, they share a lot of data for targeted advertising. You can adjust the privacy settings of your Instagram account from the mobile app, but you will need to log in from a web browser like Chrome to delete your account.  

To delete your Instagram account 

  • Go to the “Delete your account” page 
  • Choose a reason you’re deleting your account  
  • Enter your password 
  • Click on “Permanently delete your account”  

Your information and data will be permanently deleted after 30 days and you won’t be able to retrieve it. However, completing a deletion process may take up to 90 days.  

How to delete Tumblr accounts

Tumblr has a fairly simple process to delete your account:  

  • Log in to Tumblr from your desktop 
  • Click on the profile icon in the top-right corner  
  • Choose “Settings” 
  • Click on “Delete account”  
  • Enter your email address and password to confirm  
  • Delete account 

How to delete Pinterest accounts

Follow these steps to delete your account from the popular picture-sharing platform:  

  • Select the drop-down menu in the right corner  
  • Click on “Account Management” from the navigation menu  
  • Select “Delete Account 
  • Confirm when asked to receive an email with the final step  
  • In the confirmation email, click on “Yes, close account”  

Pinterest servers continue to store your data after deletion, but your information won’t be visible to other users.  

How to delete email accounts

There are different steps to deleting your email account depending on which email service you use. Backing up email data usually takes more time because of the sheer volume of data a mail account can hold.  

How to delete a Gmail account

Complete the following steps to delete your Google account 

  • Open this URL in your web browser: myaccount.google.com 
  • Select “Data and Privacy” from the menu on the left  
  • Scroll to “Download or delete your data”  
  • Click on “Delete a Google Service”  
  • Click “Delete a service”  
  • Enter your password  
  • Click the trash bin icon next to Gmail  

How to delete a Yahoo account

Here’s what you need to do to delete your Yahoo email account: 

  • Open this URL in your web browser: edit.yahoo.com/config/delete_user  
  • Login with your login credentials  
  • Click on “Continue to delete my account” on the confirmation page  

Deleting your Yahoo account also deletes the linked information from Yahoo’s other services.  

How to delete an Outlook email account

Follow these steps to delete your Microsoft account on Outlook 2010, 2013, or 2016:  

  • Open Outlook on your desktop and select “File” from the upper-left corner  
  • Click on “Account Settings” and choose “Settings” again 
  • Select the account you want to remove and click “Remove” 
  • Confirm by clicking “Yes” 

Keep your identity secure online with McAfee

Leaving old information scattered across the internet makes you susceptible to identity theft. There are multiple ways to keep your identity and data secure online, including McAfee’s Total Protection plan.  

Total Protection lets you choose from multiple affordable subscription models that provide comprehensive security against identity theft and potential data breaches and offers web protection and several related benefits. In addition, having access to 24/7 online security experts and a 30-day money-back guarantee make the Total Protection plan an easy, reliable, and safe choice. You can also have peace of mind with McAfee’s Personal Data Cleanup feature where our teams will work to find your personal information online and assist in removing it.  

The post How to Delete Old Accounts Containing Personal Information appeared first on McAfee Blog.

Security Experts Warn of Two Primary Client-Side Risks Associated with Data Exfiltration and Loss

By The Hacker News
Two client-side risks dominate the problems with data loss and data exfiltration: improperly placed trackers on websites and web applications and malicious client-side code pulled from third-party repositories like NPM.  Client-side security researchers are finding that improperly placed trackers, while not intentionally malicious, are a growing problem and have clear and significant privacy

Microsoft Warns of Web Skimmers Mimicking Google Analytics and Meta Pixel Code

By Ravie Lakshmanan
Threat actors behind web skimming campaigns are leveraging malicious JavaScript code that mimics Google Analytics and Meta Pixel scripts in an attempt to sidestep detection. "It's a shift from earlier tactics where attackers conspicuously injected malicious scripts into e-commerce platforms and content management systems (CMSs) via vulnerability exploitation, making this threat highly evasive to

Thousands of WordPress Sites Hacked to Redirect Visitors to Scam Sites

By Ravie Lakshmanan
Cybersecurity researchers have disclosed a massive campaign that's responsible for injecting malicious JavaScript code into compromised WordPress websites that redirects visitors to scam pages and other malicious websites to generate illegitimate traffic. "The websites all shared a common issue — malicious JavaScript had been injected within their website's files and the database, including

Critical Gems Takeover Bug Reported in RubyGems Package Manager

By Ravie Lakshmanan
The maintainers of the RubyGems package manager have addressed a critical security flaw that could have been abused to remove gems and replace them with rogue versions under specific circumstances. "Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so," RubyGems said in a security advisory

Another Set of Joker Trojan-Laced Android Apps Resurfaces on Google Play Store

By Ravie Lakshmanan
A new set of trojanized apps spread via the Google Play Store has been observed distributing the notorious Joker malware on compromised Android devices. Joker, a repeat offender, refers to a class of harmful apps that are used for billing and SMS fraud, while also performing a number of actions of a malicious hacker's choice, such as stealing text messages, contact lists, and device information.

JavaScript developer destroys own projects in supply chain “lesson”

By Paul Ducklin
Two popular open source JavaScript packages recently got "hacked" in a symbolic gesture by the original project creator.

❌