The Hacker News Daily Updates

"Experts detail Chromium Browser security flaw putting confidential data at risk."

Views expressed in this cybersecurity, cybercrime update are those of the reporters and correspondents.  Accessed on 12 January 2023, 1400 UTC.  Content supplied by email subscription to "The Hacker News Daily Updates."

Source: https://mail.google.com/mail/u/0/#inbox/FMfcgzGrbvKqxknBgCgtQHNCVZCtXxNz

Please click link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net and https://paper.li/RussellRoberts).

The Hacker News <news@news.nl00.net> Unsubscribe

	3:32 AM (29 minutes ago)
to me

The Hacker News Daily Updates Cloud Journey Consideration Stage: 2022 Cloud Security Report With the majority of organizations expected to have more than half their workloads in the cloud within the next 12-18 months, it is no surprise that cloud security continues to remain a top concern. Download Now Sponsored LATEST NEWS Jan 12, 2023 Experts Detail Chromium Browser Security Flaw Putting Confidential Data at Risk Details have emerged about a now-patched vulnerability in Google Chrome and Chromium-based browsers that, if successfully exploited, could have made it possible to siphon files containing confidential data. "The issue arose from the way the browser interacted with symlinks when processing files and directories," Imperva researcher Ron Masas said. "Specifically, the browser did not properly ... Read More Patch where it Hurts: Effective Vulnerability Management in 2023 A recently published Security Navigator report data shows that businesses are still taking 215 days to patch a reported vulnerability. Even for critical vulnerabilities, it generally takes more than 6 months to patch. Good vulnerability management is not about being fast enough in patching all potential breaches. It's about focusing on the real risk using vulnerability prioritization to ... Read More Still managing compliance on spreadsheets? Time for compliance automation. Know your risk and compliance posture at all times. Automate your compliance journey here. Read More Twitter Denies Hacking Claims, Assures Leaked User Data Not from its System Twitter on Wednesday said that its investigation found "no evidence" that users' data sold online was obtained by exploiting any security vulnerabilities in its systems. "Based on information and intel analyzed to investigate the issue, there is no evidence that the data being sold online was obtained by exploiting a vulnerability of Twitter systems," the company said in a statement. "The ... Read More Alert: Hackers Actively Exploiting Critical "Control Web Panel" RCE Vulnerability Malicious actors are actively attempting to exploit a recently patched critical vulnerability in Control Web Panel (CWP) that enables elevated privileges and unauthenticated remote code execution (RCE) on susceptible servers. Tracked as CVE-2022-44877 (CVSS score: 9.8), the bug impacts all versions of the software before 0.9.8.1147 and was patched by its maintainers on October 25, 2022. ... Read More New Analysis Reveals Raspberry Robin Can be Repurposed by Other Threat Actors A new analysis of Raspberry Robin's attack infrastructure has revealed that it's possible for other threat actors to repurpose the infections for their own malicious activities, making it an even more potent threat. Raspberry Robin (aka QNAP worm), attributed to a threat actor dubbed DEV-0856, is a malware that has increasingly come under the radar for being used in attacks aimed at ... Read More Australian Healthcare Sector Targeted in Latest Gootkit Malware Attacks A recent wave of Gootkit malware loader attacks has targeted the Australian healthcare sector by leveraging legitimate tools like VLC Media Player. Gootkit, also called Gootloader, is known to employ search engine optimization (SEO) poisoning tactics (aka spamdexing) for initial access. It typically works by compromising and abusing legitimate infrastructure and seeding those sites with ... Read More Unlock Your Potential: Get 9 Online Cyber Security Courses for Just $49.99 Are you looking to take your career in the information security industry to the next level? Look no further than the 2023 Certified Technology Professional Bundle! This unparalleled offer grants you lifetime access to nine comprehensive courses in information security, hacking, and cybersecurity at a remarkable price of just $49.99. Yes, you heard me right. Instead of paying the full price of ... Read More Cloud Journey Consideration Stage: 2022 Cloud Security Report With the majority of organizations expected to have more than half their workloads in the cloud within the next 12-18 months, it is no surprise that cloud security continues to remain a top concern. Download Now Sponsored