The goal of the Internet of Things is to get everything connected to the internet. Great progress has been made with over 10 billion devices already connected and an estimate of 25 billion by 2025. But cybersecurity has been sacrificed in the that rush to connect. Learn the risks and what to do.
Cybercriminals are using stolen certificates to imitate real applications and spread their malware.
Microsoft Outlook Users are the focus of a new phishing campaign that gets around Multi-Factor Authentication, MFA and avoids protection software.
Small and medium size businesses are the target of a new ransomware campaign run by North Korean hackers.
Another example of how crypto currencies and the associated services are not safe and becoming a big target of cybercriminals.
When asked to think of cybercriminal’s possible targets browsers may not come to mind. But be assured they are a target and can provide access to user accounts and systems for downloading malware.
In a clever scam, targets get an email showing an invoice for QuickBooks charged to a credit card. It provides a phone number to call to dispute the charge. Of course, calling the number goes to the criminals who pose as QuickBooks customer service and ask for confidential information such as user credentials and bank accounts to process the refunds.
Adobe also issued a number of patches on Tuesday to fix flaws in some of their widely used products. While the number of flaws is less than Microsoft’s they were are still serious and should the patches should be installed as soon as possible.
Microsoft’s Patch Tuesday issued fixes for many vulnerabilities including some Zero-Days that were quite serious. Be sure and apply the patches as soon as possible.
Office 365’s authentication process was compromised circumventing MFA protections. This allowed business email compromise, BEC, attacks against others in the companies and other targets.
Cloud services provide many benefits. But they also provide some risks. This Insight looks at a risk that is not well known.
We wrote about the risks of Low-Code/No-Code a few weeks ago. This article looks at the ability to embed user credentials in an application. This means other users can simply use the application with needing their own credentials. Depending on how privileged those credentials are, the cybercriminal would have access to other systems and applications. Another vulnerability of this is that many companies are required to turn off permissions unless specifically requested on a periodic basis. Using a Low-Code/No-Code application with the credentials embedded circumvents this process often required by regulators.
Home and small office routers have been a cybercriminal target for years. But the shift to work from home during the pandemic increased their value as people used them to connect to work systems.
A newly discovered bug allows a hacker in Microsoft’s Platform-As-A-Service to escalate privileges enough to siege control of all nodes in the cluster. Only Linux based containers are susceptible to this vulnerability.
This is another privilege escalation vulnerability, that if exploited would allow a user to escalate their privileges and take over the cluster host.