Search engine use is a daily occurrence for many people. But many do not know how the results can be manipulated to direct you to corrupt sites. This Insight looks at how that occurs and suggests ways to be safer.
All users of calendar apps are familiar with invitations for meetings. But attackers have found a way to spoof Google Calendar invites to steal credentials. Malicious calendar invites were getting flagged and blocked so attackers found a way around that by using spoofing the invite and using Google Drawings and Google Forms to disguise things. Confirm the invite form the supposed sender before accepting it.
AI systems are proliferating. Now a number of desktop systems, Microsoft 365 Copilot, Google Gemini, and Apple Intelligence include AI capabilities. But as we have written many times before, AI systems have many risks. These systems bring it to the desktop and possibly beyond the ability of IT to control. This can be very dangerous to any company or organization.
Two Rspack npm packages in the repository have been compromised and deliver malware in every download. Both have been pulled from the repository. Fortunately, there is a newer package, version 1.1.8 that is safe. If you use version 1.1.6 or version 1.1.7 replace them immediately.
Apache Struts 2 is an older framework for building Java applications. But it is still in use especially for legacy systems. The problem is serious, CVSS 9.5. But how old it is creates problems and a simple patch won’t fix it.
Research shows that social engineering, or tricking people into clicking a link or doing some other questionable action, is the leading cause of breaches. Yet little of the cybersecurity budget is spent on training to reduce this risk. This Insight looks at some successful examples of social engineering and the consequences.
The widespread use of Microsoft products makes them a major target for cyberattackers. In another case, attackers are able to bypass protections and use the UI Framework to evade detection.
Multi-Factor Authentication, MFA, is supposed to be safer than passwords alone. But cybercriminals have found a way around Microsoft’s MFA to gain access to a user account and Outlook emails, OneDrive files, Teams chats, and the Azure Cloud.
Malware recently detected is a rootkit for Linux based systems. It is serious in its abilities to elude detection, hide its files and directories, escalate its privileges and more. Very serious. Be sure to install a patch as soon as its available.
WordPress is the target of another exploit. This uses a vulnerability in the Hunk Companion plugin to install other plugins that can be easily used to install malware and other attack methods.