Summer is a popular travel season. It is also a boom time for cybercriminals. They know what you are looking for and post fake ads for accommodations at hard to ignore prices. But you won’t get a reservation, only malware and stolen money or information.
Microsoft introduced an authentication method, Windows Hello for Business, that was deemed phishing resistant. However attackers have already cracked it even on PCs using biometrics.
A newly discovered vulnerability rated as 10 out of 10, considered the most serious, has been found. It allows attackers to circumvent authorization plugins and gain access to the sites.
A new vulnerability has been found on the Google Cloud Platform that allows attackers to gain access and then escalate privileges.
In a new approach, cybercriminals create fake user accounts that comment on corrupted software libraries and packages. The intent is to get people to believe the comments and download the software.
Multifactor Authentication was initially created to add another payer of security beyond a simple username password combination. But cybercriminals found ways to compromise it. Newer forms of MFA are phishing resistant. This Insight provides guidance on MFA, why phishing resistant is needed and how to select a phishing resistant type.
A glitch in Cloudstrike’s update rendered Microsoft 365 unusable for many people. It affected companies in multiple countries as well as government agencies.
A newly discovered bug in Cisco SSM On-Prem and SSM Satellite systems. It was given the highest CVSS vulnerability rating of 10. The complexity of the attack was relatively easy making it even more serious. Exploits of this vulnerability allowed an attacker to change any password for any account.
A newly discovered exploit allows attackers to spoof emails from over 20 million domains from reputable and trusted sources.
A method of hiding malware in APK files, a zip file archive format used by Android makes it very difficult to detect. The APK files also contain a file that includes instructions. This attack technique has used to hide trojans in banking apps.
Shadow IT has been around for decades. But the changes in technology to SaaS and AI systems combined with the increasing ability of cyber attackers to penetrate systems has added to the risk of Shadow IT. This Insight looks at it and suggests some possible ways forward.
The Radius networking protocol has been a standard since 1997. A serious vulnerability has been discovered that affects virtually every router, switch, access point, and VPN concentrator from 1997 to today. This article provides work arounds to keep you safer.
A new phishing attack is focusing on financial services firms in the Americas and EMEA. The specific focus is banks, private funding, and servicers of credit unions.
The attack is by phishing emails that among other things go to fake Microsoft 365 authentication pages.
The ChatGPT app for Macs is logging queries in plain text and not in an encrypted form. Information in this file can be seen by other apps or users on the device. This is a serious shortcoming.
Threat actors are discovering vulnerabilities and exploiting them as fast as the can. With no patch or workaround available they can do extensive damage. Ai is being used to speed up the attacks.