Insights

Internet of Things - Benefits but also risks

The goal of the Internet of Things is to get everything connected to the internet. Great progress has been made with over 10 billion devices already connected and an estimate of 25 billion by 2025. But cybersecurity has been sacrificed in the that rush to connect. Learn the risks and what to do. 

IoT growth has pros and cons


VirusTotal: Threat Actors Mimic Legitimate Apps, Use Stolen Certs to Spread Malware

Cybercriminals are using stolen certificates to imitate real applications and spread their malware. 

Malware spread through stolen certificates


Massive New Phishing Campaign Targets Microsoft Email Service Users

Microsoft Outlook Users are the focus of a new phishing campaign that gets around Multi-Factor Authentication, MFA and avoids protection software. 

MS Outlook users targeted


North Korean Hackers Targeting Small and Midsize Businesses with H0lyGh0st Ransomware

Small and medium size businesses are the target of a new ransomware campaign run by North Korean hackers. 

Ransomware attack targets SME


Crypto Bridge Nomad Loses $190M in Free-For-All Attack

Another example of how crypto currencies and the associated services are not safe and becoming a big target of cybercriminals. 

Cryptocurrency service hacked


Browsers – Riskier Than You May Think

When asked to think of cybercriminal’s possible targets browsers may not come to mind. But be assured they are a target and can provide access to user accounts and systems for downloading malware. 

Browsers targeted by cybercriminals


QuickBooks Vishing Scam Targets Small Businesses

In a clever scam, targets get an email showing an invoice for QuickBooks charged to a credit card. It provides a phone number to call to dispute the charge. Of course, calling the number goes to the criminals who pose as QuickBooks customer service and ask for confidential information such as user credentials and bank accounts to process the refunds. 

 

QuickBooks scam combines email and phone


Adobe Patch Tuesday: Critical Flaws in Acrobat, Reader, Photoshop

Adobe also issued a number of patches on Tuesday to fix flaws in some of their widely used products. While the number of flaws is less than Microsoft’s they were are still serious and should the patches should be installed as soon as possible. 

More Patches to Implement Quickly


Microsoft Patch Tuesday: 84 Windows Vulns, Including Already-Exploited Zero-Day

Microsoft’s Patch Tuesday issued fixes for many vulnerabilities including some Zero-Days that were quite serious. Be sure and apply the patches as soon as possible. 

Implement Patches Quickly


Microsoft Warns of Large-Scale AiTM Phishing Attacks Against Over 10,000 Organizations

Office 365’s authentication process was compromised circumventing MFA protections. This allowed business email compromise, BEC, attacks against others in the companies and other targets. 

Microsoft Major Hack Targets 10,000 Orgs


Another Cloud Risk

Cloud services provide many benefits. But they also provide some risks. This Insight looks at a risk that is not well known.

 

A Hidden Cloud risk


Credential Sharing as a Service: The Hidden Risk of Low-Code/No-Code

We wrote about the risks of Low-Code/No-Code a few weeks ago. This article looks at the ability to embed user credentials in an application. This means other users can simply use the application with needing their own credentials. Depending on how privileged those credentials are, the cybercriminal would have access to other systems and applications. Another vulnerability of this is that many companies are required to turn off permissions unless specifically requested on a periodic basis. Using a Low-Code/No-Code application with the credentials embedded circumvents this process often required by regulators. 

Another risk of low-code/no-code


ZuoRAT Malware Hijacking Home-Office Routers to Spy on Targeted Networks

Home and small office routers have been a cybercriminal target for years. But the shift to work from home during the pandemic increased their value as people used them to connect to work systems. 

 

Home and Small Office Routers at risk


New 'FabricScape' Bug in Microsoft Azure Service Fabric Impacts Linux Workloads

A newly discovered bug allows a hacker in Microsoft’s Platform-As-A-Service to escalate privileges enough to siege control of all nodes in the cluster. Only Linux based containers are susceptible to this vulnerability.  

Microsoft privilege escalation vulnerability


CISA Warns of Active Exploitation of 'PwnKit' Linux Vulnerability in the Wild

This is another privilege escalation vulnerability, that if exploited would allow a user to escalate their privileges and take over the cluster host.

 

Privilege Escalation Vulnerability