How often do we download apps? Do we know what private information we’re allowing the app to collect or access?
The costs of a breach continue to climb demonstrating the need for better cybersecurity. Tools are an essential part of that protection. But breaches have shown they won’t catch everything. OneBrightlyCyber adds services that combined with tools significantly enhances protections.
Zoho ManageEngine is a widely used software package. A recently discovered flaw allowing remote execution of any code and rated at 9.8 out of 10 for seriousness by CISA is being exploited. Zoho addressed the issue by removing the risky components. Clients need to install the patch as soon as possible.
Apple policy that allowed users to opt out of tracking cost Meta $billions. Meta ignored the law and users choices and circumvented users’ choices to gather private data anyway and sell it.
Financial Services companies have some of the strictest regulations for protecting private information. And they assure us they do. Yet Morgan Stanley sold thousands of devices full of client PII. Yet, they didn’t follow up to make sure the devices were securely wiped or destroyed as required.
Morgan Stanley fined $35 million for selling devices with PII
The root certificate is what allows a device, computer, phone, router, firewall, medical or industrial device, really anything to communicate with other devices. It does this by confirming who it says it is creating the trust necessary for devices to communicate.
Masquerading as a desktop version of the popular Google Translate app, this attack downloads malware that hides before activating to download crypto mining software that turns the compromised machine into a bot used for mining crypto currency.
These apps were discovered to contain hard-coded Amazon Web Services credentials. These credentials provide current access to private Amazon Cloud services.
This is a newly discovered means of creating ServHelper backdoor attacks. Backdoor attacks are especially devious. This one circumvents authentication tools and remains persistent meaning that attempts to remove it fail or it reinstalls itself.
The target of this malware is the Genshin Impact video game. The part of the system it attacks is the anti-cheat system and its goal is to deliver ransomware.
While attacks are constant, the targets change with the season because what we are interested in and the sites we visit change with the season. So extra vigilant to not become a victim of a clever phishing message.
CISA, the US Cybersecurity and Infrastructure Security Agency is warning companies that a recently discovered in Palo Alto Networks firewall is already being actively exploited. The bug allows attackers to use the firewalls for DDoS attacks against any target.
In a different type of attack, cybercriminals are sending messages that appear to be from Microsoft saying you have a fax. Clicking the link goes to a screen asking you to log in to get the fax. The screens are realistic enough that people log in giving their credentials to the attackers.
Security cameras can become a risk if they have a vulnerability that isn’t patched.
In more bad publicity for Bitcoins and cryptocurrency in general, ATMs for Bitcoins have been hacked allowing the attackers to steal Bitcoin from the ATM users.