Insights

AI Enhanced Attacks

AI has many positive uses. But it also can be used to devious purposes. Without knowing the ways it is being used by cybercriminals, how can we lok to protect against them? 

AI attacks growing


VMware’s ‘target-rich environment’ is growing more volatile, CrowdStrike warns

The popular virtual machine system, VMware has been the target of many attacks due to its vulnerability and wide-spread use. It has again been compromised. 

 

VMware vulnerabilities still targeted


N. Korean Lazarus Group Targets Microsoft IIS Servers to Deploy Espionage Malware

Microsoft IIS is again a target of cybercriminals. By compromising the IIS servers the hackers can distribute malware to all the users.  

IIS again a target of hackers


Microsoft: BEC Attackers Evade 'Impossible Travel' Flags With Residential IP Addresses

Location is a way that cybercriminals are spotted. For instance, if their message makes them appear local but the IP address shows they are in a foreign country. Now they have figured a way around this by purchasing local IP addresses to use. 

Location check faked


Scammers using Chatbot "Fleeseware" Apps to Cash In on AI Hype

Cybercriminals are already targeting people who want to use AI by offering a “free trial” to ChatGPT to steal their money. 

ChatGPT popularity already a scam target


Shadow IT Increases Cyber Risk

Shadow IT, or anything not under the control of IT adds to cyber risks and puts the company at risk of breaches, information theft, fines from regulators, and reputational damage. 

Shadow IT adds significant risks


Microsoft Azure VMs Hijacked in Cloud Cyberattack

Cybercriminals were able to bypass security and gain direct access to the Azure cloud. 

Azure cloud security bypassed


WebKit Under Attack: Apple Issues Emergency Patches for 3 New Zero-Day Vulnerabilities

Apple issued patches for 2 of these at the beginning of the month and the third one now. Please patch your devices to be safe. 

 

Critical Apple patches need to be installed


Lemon Group Uses Millions of Pre-Infected Android Phones to Enable Cybercrime Enterprise

The phones were infected before being sold. The cybercriminals now have access to everything on the phone and all messages which they offer for sale. 

 

Pre-infected Android phones goldmines for criminals

 


Belkin Wemo Smart Plug V2 – the buffer overflow that won’t be patched

The smart plug from Belkin used to control home appliances and devices has little to no cybersecurity protections. Hackers can control your appliances from outside your home. 

 

Smart home control not so smart

 

 


Old Vulnerabilities Still Pose a Threat

While the newest vulnerabilities may capture the news and our attention, old ones are still being exploited. Failing to patch them leaves you vulnerable. 

Don't forget old vulnerabilities


Microsoft Fixes Failed Patch for Exploited Outlook Vulnerability

A vulnerability in Microsoft Outlook was patched by Microsoft. Unfortunately, the patch contained a vulnerability and didn’t resecure Outlook. A second patch to fix the first patch was issued. Please be sure to apply both patches if you use Outlook. 

 

Be sure to patch the Outlook patch


New Flaw in WordPress Plugin Used by Over a Million Sites Under Active Exploitation

WordPress is widely used and is also widely attacked and compromised. Please be sure you understand this compromise and install the patch issued on May 11.

Another WordPress compromise


Leak of Intel Boot Guard Keys Could Have Security Repercussions for Years

Intel is reporting a possible leak of signing keys for upgrading the firmware from MSI Gaming. If the leak is confirmed it means that the security to protect against counterfeit firmware upgrades has been seriously compromised. 

Signing key leak may cause big problems


Twitter's Encrypted DMs Require Blue Subscription, Aren't Totally Secure

Twitter is undergoing many changes. One is the promise of encrypted DMs. However, when examined closely, there are some requirements and even then, it is not really encrypted end to end. 

Twitter secure DM is not secure