The class action filed in 2020 against Google, accusing the tech giant of tracking their internet browsing activities as resulted in the tech giant agreeing to delete billions of data records reflecting users’ browsing activities.
According to a court filing on the 1st April 2024, “the settlement provides broad relief regardless of any challenges presented by Google’s limited record keeping.” This implies deleting lots of private browsing data in these logs. Further details about the situation revealed Google is also asked to delete information making private browsing data identifiable by reducing data points such as IP addresses, generalizing user-Agent String and removing detailed URLs within a specific website. Google is also requested to delete X-Client-Data header field known to capture the installation state of Chrome, including active variations, as well as server-side experiments affecting installation.
Latin America suffers Massive Phishing Attack
Cybersecurity researchers have identified TA558 as the mastermind behind the ongoing huge phishing aimed at deploying Venom RAT in the Latin American region. Situation report reveled Spain, Mexico, Colombia, United States, Portugal, Dominican Republic, Brazil and Argentina have suffered most of the attacks with sectors such as hotel, finance, manufacturing, industries, trading, travel, and government organization feeling most of the heat. The attackers mode of attack includes dropping Venom RAT with sensitive data and commandeering systems remotely capabilities. Further details shows the threat actor leverages DarkGate malware loader for his actions.
“Ransomware groups utilize DarkGate to create an initial foothold and to deploy various types of malware in corporate networks, these include, but are not limited to, info-stealers, ransomware, and remote management tools. The objective of these threat actors is to increase the number of infected devices and the volume of data exfiltrated from a victim.”
Linux Users at the Risk of Remote Code Execution Due to Malicious Code in XZ Utils
A vulnerability tracked as CVE-2024-3094 with CVSS score of 10.0 which was discovered earlier this week as an audacious supply chain compromise promotes creation of a backdoor in the data compression utility that help remote attackers bypass secure shell authentication and achieve complete access to an affected system. Further investigations revealed the vulnerability is possible due to an insider threat after discovering one of the project maintainers called Jia Tan introduced the code into the code into the project. It is worth noting that sockpuppet accounts such as Jigar Kumar and Dennis Ens aided the social engineering act of the threat actor because they were used in sending feature requests and report a variety of issues in the software to deceive the original maintainer of the repository.
GC Herrera, a company specialized in Advertising, Publicidad, Pauta digital, Estrategia de Marca, Branding, Media analysis, SEO, SEM, Facebook, Instagram, TikTok, Social Media, BTL, TV, Radio, Via Pública, PR , RRPP, ROI, Planning, and Content has suffered a ransomware attack from qilin. The company has over 50 employees and a revenue of $5 million.
