How often do we download apps? Do we know what private information we’re allowing the app to collect or access?
The costs of a breach continue to climb demonstrating the need for better cybersecurity. Tools are an essential part of that protection. But breaches have shown they won’t catch everything. OneBrightlyCyber adds services that combined with tools significantly enhances protections.
Zoho ManageEngine is a widely used software package. A recently discovered flaw allowing remote execution of any code and rated at 9.8 out of 10 for seriousness by CISA is being exploited. Zoho addressed the issue by removing the risky components. Clients need to install the patch as soon as possible.
Apple policy that allowed users to opt out of tracking cost Meta $billions. Meta ignored the law and users choices and circumvented users’ choices to gather private data anyway and sell it.
Financial Services companies have some of the strictest regulations for protecting private information. And they assure us they do. Yet Morgan Stanley sold thousands of devices full of client PII. Yet, they didn’t follow up to make sure the devices were securely wiped or destroyed as required.
Morgan Stanley fined $35 million for selling devices with PII
The root certificate is what allows a device, computer, phone, router, firewall, medical or industrial device, really anything to communicate with other devices. It does this by confirming who it says it is creating the trust necessary for devices to communicate.
Masquerading as a desktop version of the popular Google Translate app, this attack downloads malware that hides before activating to download crypto mining software that turns the compromised machine into a bot used for mining crypto currency.
These apps were discovered to contain hard-coded Amazon Web Services credentials. These credentials provide current access to private Amazon Cloud services.
This is a newly discovered means of creating ServHelper backdoor attacks. Backdoor attacks are especially devious. This one circumvents authentication tools and remains persistent meaning that attempts to remove it fail or it reinstalls itself.
The target of this malware is the Genshin Impact video game. The part of the system it attacks is the anti-cheat system and its goal is to deliver ransomware.