Internet of Things - Benefits but also risks
The goal of the Internet of Things is to get everything connected to the internet. Great progress has been made with over 10 billion devices already connected and an estimate of 25 billion by 2025. But cybersecurity has been sacrificed in the that rush to connect. Learn the risks and what to do.
IoT growth has pros and cons
VirusTotal: Threat Actors Mimic Legitimate Apps, Use Stolen Certs to Spread Malware
Cybercriminals are using stolen certificates to imitate real applications and spread their malware.
Malware spread through stolen certificates
Massive New Phishing Campaign Targets Microsoft Email Service Users
Microsoft Outlook Users are the focus of a new phishing campaign that gets around Multi-Factor Authentication, MFA and avoids protection software.
MS Outlook users targeted
North Korean Hackers Targeting Small and Midsize Businesses with H0lyGh0st Ransomware
Small and medium size businesses are the target of a new ransomware campaign run by North Korean hackers.
Ransomware attack targets SME
Crypto Bridge Nomad Loses $190M in Free-For-All Attack
Another example of how crypto currencies and the associated services are not safe and becoming a big target of cybercriminals.
Cryptocurrency service hacked
Browsers – Riskier Than You May Think
When asked to think of cybercriminal’s possible targets browsers may not come to mind. But be assured they are a target and can provide access to user accounts and systems for downloading malware.
Browsers targeted by cybercriminals
QuickBooks Vishing Scam Targets Small Businesses
In a clever scam, targets get an email showing an invoice for QuickBooks charged to a credit card. It provides a phone number to call to dispute the charge. Of course, calling the number goes to the criminals who pose as QuickBooks customer service and ask for confidential information such as user credentials and bank accounts to process the refunds.
QuickBooks scam combines email and phone
Adobe Patch Tuesday: Critical Flaws in Acrobat, Reader, Photoshop
Adobe also issued a number of patches on Tuesday to fix flaws in some of their widely used products. While the number of flaws is less than Microsoft’s they were are still serious and should the patches should be installed as soon as possible.
More Patches to Implement Quickly
Microsoft Patch Tuesday: 84 Windows Vulns, Including Already-Exploited Zero-Day
Microsoft’s Patch Tuesday issued fixes for many vulnerabilities including some Zero-Days that were quite serious. Be sure and apply the patches as soon as possible.
Implement Patches Quickly
Microsoft Warns of Large-Scale AiTM Phishing Attacks Against Over 10,000 Organizations
Office 365’s authentication process was compromised circumventing MFA protections. This allowed business email compromise, BEC, attacks against others in the companies and other targets.
Microsoft Major Hack Targets 10,000 Orgs
Another Cloud Risk
Cloud services provide many benefits. But they also provide some risks. This Insight looks at a risk that is not well known.
A Hidden Cloud risk
Credential Sharing as a Service: The Hidden Risk of Low-Code/No-Code
We wrote about the risks of Low-Code/No-Code a few weeks ago. This article looks at the ability to embed user credentials in an application. This means other users can simply use the application with needing their own credentials. Depending on how privileged those credentials are, the cybercriminal would have access to other systems and applications. Another vulnerability of this is that many companies are required to turn off permissions unless specifically requested on a periodic basis. Using a Low-Code/No-Code application with the credentials embedded circumvents this process often required by regulators.
Another risk of low-code/no-code
ZuoRAT Malware Hijacking Home-Office Routers to Spy on Targeted Networks
Home and small office routers have been a cybercriminal target for years. But the shift to work from home during the pandemic increased their value as people used them to connect to work systems.
Home and Small Office Routers at risk
New 'FabricScape' Bug in Microsoft Azure Service Fabric Impacts Linux Workloads
A newly discovered bug allows a hacker in Microsoft’s Platform-As-A-Service to escalate privileges enough to siege control of all nodes in the cluster. Only Linux based containers are susceptible to this vulnerability.
Microsoft privilege escalation vulnerability
CISA Warns of Active Exploitation of 'PwnKit' Linux Vulnerability in the Wild
This is another privilege escalation vulnerability, that if exploited would allow a user to escalate their privileges and take over the cluster host.
Privilege Escalation Vulnerability