Bullet Points: Account credentials as a sought-after item in cybercrime – a single stolen set can jeopardize whole networks. The 2023 Verizon Data Breach Investigation Report states external parties accounted for 83 percent of breaches from Nov 2021 to Oct 2022. 49 percent of these breaches were facilitated by the abuse of identity, accentuating the
Read More
Cybersecurity Researchers Unearth “Forced Authentication” Exploitable Vulnerability with Microsoft Access Files Main Points: Cybersecurity researchers discover a new potential exploit known as “forced authentication.” The vulnerability could allow pernicious agents to leak a Windows user’s NT LAN Manager (NTLM) tokens. Victims can be tricked into opening corrupted Microsoft Access files, leaving their system at risk.
Read More
Identity and Access Management: Your Digital Knights in Shining Armor – Identity and Access Management (IAM) systems are critical for the protection of businesses’ sensitive information and assets. – Over 80% of recent cyber attacks involve identity compromise, stolen credentials, or authentication bypass. – Recent high-profile breaches among companies like MGM and Caesars underline the
Read More
North Korean Threat Actors Up Their macOS Menace Game With Mixed Malware Techniques – North Korean threat actors behind macOS malware strains RustBucket and KANDYKORN have adopted a new technique: combining their strengths. – According to cybersecurity firm SentinelOne, the actors have been using RustBucket droppers to deliver KANDYKORN. Merging Malware: RustBucket and KANDYKORN If
Read More
Big Spenders and Big Data: Powering the Retail Game via SaaS applications and CRM platforms Main Points: – Consumers are projected to spend $13.7 billion in a single day – Almost every interaction is logged by a Customer Relationship Management (CRM) system – Inventory software will automatically reorder products as needed – Communication applications will
Read More
Cracking the Code: Could SSH Server Connections Be Vulnerable? RSA Host Keys Plundered • A recent study has highlighted the possibility for passive network attackers to access private RSA host keys. • This vulnerability arises during the establishment of a connection to an SSH server, when naturally occurring computational faults occur. Paraphrasing these main points,
Read More
Global Guidelines for Safer AI: A Cyber-Security Symphony The U.K., U.S. and 16 other international partners issue new guidelines for developing secure AI systems. The strategy focuses on customer’s ownership of security outcomes, extreme transparency, and accountability. It also emphasizes the need to prioritize safe design in organizational structures. A Union of Nations for Safer
Read More
Unveiling the HrServ Cyber Attack on an Afghan Government Entity • A previously unknown web shell named HrServ targeted with Advanced Persistent Threat (APT) attack an unspecified Afghan government department. • HrServ is a dynamic-link library (DLL) named “hrserv.dll”. • The web shell showcases sophisticated features such as custom encoding methods for client communication and
Read More
ownCloud Security Loopholes: A Closer Look The open-source ownCloud software has three critical security flaws. These vulnerabilities could allow unauthorized disclosure of sensitive information and alteration of files. The issue affects graphapi versions from 0.2.0 to 0.3.0 in containerized deployments. The flaw has a high severity CVSS score of 10.0, indicating imminent danger. Why ownCloud’s
Read More
The Lowdown on the Telekopye Bot – ESET warned about a malicious bot called Telekopye on Telegram being used for large-scale phishing scams. – Telekopye is capable of crafting phishing websites, emails, SMS messages, and more. – The perpetrators behind the operation, dubbed ‘Neanderthals’, operate it as a service. Talking ‘Bot the Threat: Telekopye Unveiled
Read MoreNo products in the cart.