Insights

Are Product Apps Safe?

How often do we download apps? Do we know what private information we’re allowing the app to collect or access? 


Cyberattack Costs for US Businesses up by 80%

The costs of a breach continue to climb demonstrating the need for better cybersecurity. Tools are an essential part of that protection. But breaches have shown they won’t catch everything. OneBrightlyCyber adds services that combined with tools significantly enhances protections. 

Cyberattack cost climb steeply


CISA Warns of Hackers Exploiting Recent Zoho ManageEngine Vulnerability

Zoho ManageEngine is a widely used software package. A recently discovered flaw allowing remote execution of any code and rated at 9.8 out of 10 for seriousness by CISA is being exploited. Zoho addressed the issue by removing the risky components.  Clients need to install the patch as soon as possible. 

 

CISA issues warning for Zoho Manage Engine


Facebook users sue Meta for bypassing beefy Apple security to spy on millions

Apple policy that allowed users to opt out of tracking cost Meta $billions. Meta ignored the law and users choices and circumvented users’ choices to gather private data anyway and sell it.

 

Meta violates user rights to increase ad revenue


Morgan Stanley fined millions for selling off devices full of customer PII

Financial Services companies have some of the strictest regulations for protecting private information. And they assure us they do. Yet Morgan Stanley sold thousands of devices full of client PII. Yet, they didn’t follow up to make sure the devices were securely wiped or destroyed as required. 

Morgan Stanley fined $35 million for selling devices with PII


Root Certificate Problems Can Be Serious

The root certificate is what allows a device, computer, phone, router, firewall, medical or industrial device, really anything to communicate with other devices. It does this by confirming who it says it is creating the trust necessary for devices to communicate. 

 

Expiring Root Certificates can render devices useless


Crypto-Crooks Spread Trojanized Google Translate App in Watering-Hole Attack

Masquerading as a desktop version of the popular Google Translate app, this attack downloads malware that hides before activating to download crypto mining software that turns the compromised machine into a bot used for mining crypto currency. 

Fake Google Translate app spreads malware


Over 1,800 Android and iOS Apps Found Leaking Hard-Coded AWS Credentials

These apps were discovered to contain hard-coded Amazon Web Services credentials. These credentials provide current access to private Amazon Cloud services.  

 

Hard coded AWS credentials found in apps


TeslaGun Primed to Blast a New Wave of Backdoor Cyberattacks

This is a newly discovered means of creating ServHelper backdoor attacks. Backdoor attacks are especially devious. This one circumvents authentication tools and remains persistent meaning that attempts to remove it fail or it reinstalls itself. 

 

New way to create backdoor attacks found


Ransomware Attackers Abuse Genshin Impact Anti-Cheat System to Disable Antivirus

The target of this malware is the Genshin Impact video game. The part of the system it attacks is the anti-cheat system and its goal is to deliver ransomware. 

 

Video Game Target of Ransomware


Are Cyber Attacks Seasonal?

While attacks are constant, the targets change with the season because what we are interested in and the sites we visit change with the season. So extra vigilant to not become a victim of a clever phishing message. 

 

Cyberattacks follow our interests


CISA: Just-Disclosed Palo Alto Networks Firewall Bug Under Active Expl

CISA, the US Cybersecurity and Infrastructure Security Agency is warning companies that a recently discovered in Palo Alto Networks firewall is already being actively exploited. The bug allows attackers to use the firewalls for DDoS attacks against any target.  

 

Palo Alto Firewall Vulnerability


Unusual Microsoft 365 Phishing Campaign Spoofs eFax Via Compromised Dynamics Voice Account

In a different type of attack, cybercriminals are sending messages that appear to be from Microsoft saying you have a fax. Clicking the link goes to a screen asking you to log in to get the fax. The screens are realistic enough that people log in giving their credentials to the attackers.  

eFax scam steals credentials


Thousands of Organizations Remain at Risk From Critical Zero-Click IP Camera Bug

Security cameras can become a risk if they have a vulnerability that isn’t patched. 

Security cameras meant to protect create vulnerability


Bitcoin ATMs leeched by attackers who created fake admin accounts

In more bad publicity for Bitcoins and cryptocurrency in general, ATMs for Bitcoins have been hacked allowing the attackers to steal Bitcoin from the ATM users.

Bitcoin ATMs hacked