Employees will quit if they’re treated unfairly at a workplace. For tech people, shifting jobs is easy, but they’d rather stick with one employer. Good retention practices can help companies avoid high turnover of good tech talent. These include a friendly workplace environment, sound compensation, and fair management.
Eclypsium Research has reported three vulnerabilities in AMI MegaRAC Baseboard Management Controller (BMC), referring to them collectively as BMC&C. The report titled ‘Supply Chain Vulnerabilities Put Server Ecosystem At Risk,’ mentions that the BMC&C can allow cybercriminals to execute code remotely and perform username enumeration.
Google released a patch for its ninth zero-day vulnerability, CVE-2022-4262. The bug exposes the source code underlying several browsers and, if not fixed in time, may expose users to several attack vectors. Google is keeping secret the details relating to the bug until most users have completed the update.
Schoolyard Bully Trojan, a piece of Android malware that has been active since 2018, has infected over 300,000 devices across 71 countries. The malware was embedded in educational apps on the Google Play Store, with the scam primarily targeting students in Vietnam.
GoTo, (formerly LogMeIn), has issued a formal security breach notification through its blog, indicating that cybercriminals have gained access to its development environment and cloud storage facilities. LastPass, a subsidiary of GoTo, has also issued a similar update to customers. However, no passwords have been stolen and little or no sensitive data has been leaked, as of the present time.
The Federal Government of Australia passed a bill announcing increases in fines against companies involved in, or those failing to protect users against, data breaches. The amendment is mainly aimed at larger corporations in light of a slew of data breaches that were inadequately addressed in the past. It increases the total fine from 2.2 to 50 million AUD.
The Irish Data Protection Commission (DPC) has fined Meta €265 million ($277 million) for GDPR violations that affected over 533 million users. The DPC inquiry began in April 2021, but Meta claims web scrapers harvested data in 2018 and 2019. The sensitive information includes mobile phone numbers, genders, locations, relationship statuses, occupations, dates of birth, names, and email addresses. Cybercriminals have shared the information on hacking forums.
Big Tech companies, like Google, Apple, Microsoft, Meta, HP, Cisco, Stripe, Roku, Zendesk, Asana, and others, have announced major layoffs this year. But business owners can look upon the layoffs as more of a recalibration than a permanent offset and may be able to take advantage.
Thirty-four Russian gangs compromised more than 50 million passwords from sites including Steam and Roblox, as well as payment information and credentials from Amazon and PayPal. The criminals primarily used Redline (23 groups) and Racoon (8 groups) information-stealer software in a stealer-as-a-service attack to obtain information from users on these platforms.
Europol took down iSpoof, a site that provided fraudsters technology to impersonate banks and government employees. In a joint operation, intelligence and law-enforcement authorities in the UK, Europe, Australia, America, Canada, and Ukraine arrested 142 suspects. The fraudsters took $120 million from their victims in international cybercrime activities.
