Some of you have already started budgeting for 2024 and allocating funds to security areas within your organization. It is safe to say that employee security awareness training is one of the expenditure items, too. However, its effectiveness is an open question with people still engaging in insecure behaviors at the workplace. Besides, social engineering […]
The Iranian nation-state actor known as MuddyWater has leveraged a newly discovered command-and-control (C2) framework called MuddyC2Go in its attacks on the telecommunications sector in Egypt, Sudan, and Tanzania. The Symantec Threat Hunter Team, part of Broadcom, is tracking the activity under the name Seedworm, which is also tracked under the monikers Boggy Serpens, Cobalt […]
The threat actors associated with the 8220 Gang have been observed exploiting a high-severity flaw in Oracle WebLogic Server to propagate their malware. The security shortcoming is CVE-2020-14883 (CVSS score: 7.2), a remote code execution bug that could be exploited by authenticated attackers to take over susceptible servers. “This vulnerability allows remote authenticated attackers to […]
The threat actors behind the Play ransomware are estimated to have impacted approximately 300 entities as of October 2023, according to a new joint cybersecurity advisory from Australia and the U.S. “Play ransomware actors employ a double-extortion model, encrypting systems after exfiltrating data and have impacted a wide range of businesses and critical infrastructure organizations […]
Technical details have emerged about two now-patched security flaws in Microsoft Windows that could be chained by threat actors to achieve remote code execution on the Outlook email service sans any user interaction. “An attacker on the internet can chain the vulnerabilities together to create a full, zero-click remote code execution (RCE) exploit against Outlook […]
Over the past few years, SaaS has developed into the backbone of corporate IT. Service businesses, such as medical practices, law firms, and financial services firms, are almost entirely SaaS based. Non-service businesses, including manufacturers and retailers, have about 70% of their software in the cloud. These applications contain a wealth of data, from minimally […]
The developers of the information stealer malware known as Rhadamanthys are actively iterating on its features, broadening its information-gathering capabilities and also incorporating a plugin system to make it more customizable. This approach not only transforms it into a threat capable of delivering “specific distributor needs,” but also makes it more potent, Check Point said […]
A new wave of phishing messages distributing the QakBot malware has been observed, more than three months after a law enforcement effort saw its infrastructure dismantled by infiltrating its command-and-control (C2) network. Microsoft, which made the discovery, described it as a low-volume campaign that began on December 11, 2023, and targeted the hospitality industry. “Targets […]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging manufacturers to get rid of default passwords on internet-exposed systems altogether, citing severe risks that could be exploited by malicious actors to gain initial access to, and move laterally within, organizations. In an alert published last week, the agency called out Iranian threat actors affiliated […]
Copying and pasting text and images on a Mac is easy using keyboard shortcuts or the contextual menu, yet sometimes files that have been copied over lose their formatting when copied back in. To prevent this, try pressing Command+Option+V instead, which will paste with a matching style. Start by selecting the text or file(s) you’d […]
QR codes have become an indispensable feature of everyday life. From restaurant menus to bathroom stall doors, QR codes provide an easy link between offline and online experiences. Select between static and dynamic QR codes, customizing eyes, patterns, frames, and colors and download your code after testing and scanning to ensure it’s functioning correctly. Remember […]
Keep your AirPods protected when not in use by keeping them inside a waterproof charging case to protect them from falling into liquid environments such as puddles, sinks or other sources of liquid contamination. This can protect them from becoming submerged by moisture. The second-gen AirPods Pro have an IPX4 rating, meaning they can withstand […]
The iPhone offers multiple ways of scanning QR codes, but the quickest and easiest method is using its built-in camera app. Open your camera app and point at a QR code; a notification will appear in the lower-right corner of the screen. Follow the QR code link, and you’ll reach its content or link. How […]
Instagram doesn’t inform its users when their Story or Reel has been screengrabbed – no matter whether they have millions of followers or just an everyday account – which means their content could go unnoticed if it gets screengrabbed. Once again, users will not receive a notification if someone takes screenshots of their dissolving DM […]
AirPods work well with Android, but the experience may be less satisfying or convenient compared to Apple’s ecosystem. Certain features are unavailable such as customizing double-tap functionality and access to Siri voice assistant. To pair AirPods with your Android device, open their case and press and hold the “Setup” button until an LED flashes, followed […]
An inactive Facebook business page won’t do your brand any good; sometimes, it may be best to delete it and start fresh. Deleting a page is straightforward and can be undone within 14 days, as here’s how you do it. 1. Go to your Page’s profile No matter the reason, there may come a point […]
Instagram is an amazing social platform where you can stay in touch with your friends and influencers, but sometimes it can be too much. Taking a break may help. Instagram makes it easier than Twitter to deactivate an account temporarily – log back in again when ready! Reactivation can happen just as quickly! How to […]
CVE-2023-35628 is a critical remote code execution (RCE) vulnerability affecting the Microsoft Windows MSHTML platform, with a Common Vulnerability Scoring System (CVSS) score of 8.1, indicating a high level of risk. This flaw is particularly concerning because it can be exploited without any interaction from the user. The vulnerability can be triggered when Microsoft Outlook […]
A new botnet consisting of firewalls and routers from Cisco, DrayTek, Fortinet, and NETGEAR is being used as a covert data transfer network for advanced persistent threat actors, including the China-linked threat actor called Volt Typhoon. Dubbed KV-botnet by the Black Lotus Labs team at Lumen Technologies, the malicious network is an amalgamation of two […]
Crypto hardware wallet maker Ledger published a new version of its “@ledgerhq/connect-kit” npm module after unidentified threat actors pushed malicious code that led to the theft of more than $600,000 in virtual assets. The compromise was the result of a former employee falling victim to a phishing attack, the company said in a statement. This […]
Multiple security vulnerabilities have been discovered in the open-source Netgate pfSense firewall solution called pfSense that could be chained by an attacker to execute arbitrary commands on susceptible appliances. The issues relate to two reflected cross-site scripting (XSS) bugs and one command injection flaw, according to new findings from Sonar. “Security inside a local network […]