Insights

Are Product Apps Safe?

How often do we download apps? Do we know what private information we’re allowing the app to collect or access? 


Cyberattack Costs for US Businesses up by 80%

The costs of a breach continue to climb demonstrating the need for better cybersecurity. Tools are an essential part of that protection. But breaches have shown they won’t catch everything. OneBrightlyCyber adds services that combined with tools significantly enhances protections. 

Cyberattack cost climb steeply


CISA Warns of Hackers Exploiting Recent Zoho ManageEngine Vulnerability

Zoho ManageEngine is a widely used software package. A recently discovered flaw allowing remote execution of any code and rated at 9.8 out of 10 for seriousness by CISA is being exploited. Zoho addressed the issue by removing the risky components.  Clients need to install the patch as soon as possible. 

 

CISA issues warning for Zoho Manage Engine


Facebook users sue Meta for bypassing beefy Apple security to spy on millions

Apple policy that allowed users to opt out of tracking cost Meta $billions. Meta ignored the law and users choices and circumvented users’ choices to gather private data anyway and sell it.

 

Meta violates user rights to increase ad revenue


Morgan Stanley fined millions for selling off devices full of customer PII

Financial Services companies have some of the strictest regulations for protecting private information. And they assure us they do. Yet Morgan Stanley sold thousands of devices full of client PII. Yet, they didn’t follow up to make sure the devices were securely wiped or destroyed as required. 

Morgan Stanley fined $35 million for selling devices with PII


Root Certificate Problems Can Be Serious

The root certificate is what allows a device, computer, phone, router, firewall, medical or industrial device, really anything to communicate with other devices. It does this by confirming who it says it is creating the trust necessary for devices to communicate. 

 

Expiring Root Certificates can render devices useless


Crypto-Crooks Spread Trojanized Google Translate App in Watering-Hole Attack

Masquerading as a desktop version of the popular Google Translate app, this attack downloads malware that hides before activating to download crypto mining software that turns the compromised machine into a bot used for mining crypto currency. 

Fake Google Translate app spreads malware


Over 1,800 Android and iOS Apps Found Leaking Hard-Coded AWS Credentials

These apps were discovered to contain hard-coded Amazon Web Services credentials. These credentials provide current access to private Amazon Cloud services.  

 

Hard coded AWS credentials found in apps


TeslaGun Primed to Blast a New Wave of Backdoor Cyberattacks

This is a newly discovered means of creating ServHelper backdoor attacks. Backdoor attacks are especially devious. This one circumvents authentication tools and remains persistent meaning that attempts to remove it fail or it reinstalls itself. 

 

New way to create backdoor attacks found


Ransomware Attackers Abuse Genshin Impact Anti-Cheat System to Disable Antivirus

The target of this malware is the Genshin Impact video game. The part of the system it attacks is the anti-cheat system and its goal is to deliver ransomware. 

 

Video Game Target of Ransomware