Summer is a popular travel season. It is also a boom time for cybercriminals. They know what you are looking for and post fake ads for accommodations at hard to ignore prices. But you won’t get a reservation, only malware and stolen money or information.
Microsoft introduced an authentication method, Windows Hello for Business, that was deemed phishing resistant. However attackers have already cracked it even on PCs using biometrics.
A newly discovered vulnerability rated as 10 out of 10, considered the most serious, has been found. It allows attackers to circumvent authorization plugins and gain access to the sites.
A new vulnerability has been found on the Google Cloud Platform that allows attackers to gain access and then escalate privileges.
In a new approach, cybercriminals create fake user accounts that comment on corrupted software libraries and packages. The intent is to get people to believe the comments and download the software.
Multifactor Authentication was initially created to add another payer of security beyond a simple username password combination. But cybercriminals found ways to compromise it. Newer forms of MFA are phishing resistant. This Insight provides guidance on MFA, why phishing resistant is needed and how to select a phishing resistant type.
A glitch in Cloudstrike’s update rendered Microsoft 365 unusable for many people. It affected companies in multiple countries as well as government agencies.
A newly discovered bug in Cisco SSM On-Prem and SSM Satellite systems. It was given the highest CVSS vulnerability rating of 10. The complexity of the attack was relatively easy making it even more serious. Exploits of this vulnerability allowed an attacker to change any password for any account.
A newly discovered exploit allows attackers to spoof emails from over 20 million domains from reputable and trusted sources.
A method of hiding malware in APK files, a zip file archive format used by Android makes it very difficult to detect. The APK files also contain a file that includes instructions. This attack technique has used to hide trojans in banking apps.