When Microsoft kicked off the Copilot+ PC era earlier this year, one of the more highly touted features was Recall, which would create a searchable history of everything a user did on their PC. It was immediately torn apart by many security researchers and criticized by many users. This backlash led to the company... Read more...
The Irish Data Protection Commission (DPC) is levying a $102 million fine against Meta for violating the General Data Protection Regulation (GDPR) principles of integrity and confidentiality. After a five-year investigation, the watchdog found that the social media giant was inadvertently storing user passwords in... Read more...
Microsoft is making some changes to SymCrypt, which is the core cryptographic function library currently used by Windows. These changes are based on the guidance provided by the National Institute of Standards and Technology (NIST). This is to prepare for a future where quantum computers, which are vastly more... Read more...
Security researchers at Cisco Talos have discovered a set of vulnerabilities affecting macOS users who have Microsoft applications installed on their computers, providing more attack vectors for malicious actors. The researchers say that “an attacker could bypass the operating system’s permission model by using... Read more...
Yet another leak of stolen data has made its way to Breach Forums, a popular site for bad actors who traffic in this kind of data theft. The data originates from the breach of National Public Data, which is a service that gathers information from separate sources to form profiles on individuals located in several... Read more...
Earlier this month, Microsoft discovered a vulnerability pattern in Android applications that could enable overwriting files and allow remote code execution. This issue that could be leveraged by attackers has also been seen in the wild with several applications, but organizations have seemingly been quick to rectify... Read more...
Over the weekend, the hero shooter game Apex Legends, made by EA and Respawn Entertainment, held a tournament that was reportedly compromised by hackers. Multiple players' systems were breached, and game cheats such as X-ray vision and aimbots were installed. How exactly this happened is unclear at this time, but it seems as if it is an issue Read more...
Facebook, Instagram, and other Meta-owned properties went down earlier today and are still suffering from the aftershocks. Reports initially started to surface suggesting that threat actors were behind this and that it was a DDoS attack, but Meta appears to be claiming otherwise. Whether this was a technical issue or... Read more...
The State of Maine is informing the public of the impact to the State’s computer systems due to a security vulnerability found in the MOVEit file transfer tool, a software suite developed by Progress Software. This incident took place between May 28, 2023 and May 29, 2023. During this time, cybercriminals were able to... Read more...
Microsoft’s traditional Patch Tuesday has arrived, bringing with it a slew of security fixes for 130 vulnerabilities and two published advisories. This update comes at the perfect time, as threat actors have been exploiting some of these vulnerabilities for espionage against defense and government organizations in... Read more...
Security experts confirmed a major bug in a core Windows app last week, and Microsoft is already rolling out a fix. As we learned recently, the Windows 11 Snipping Tool was susceptible to the "Acropalypse" bug initially discovered in Google's Pixel phones. Google is already patching that one up, and Microsoft isn't... Read more...
Mortal Kombat has a reputation for being brutal, but rather than exacting excessive violence on video game characters, unknown threat actors are brazenly brutalizing their victims’ finances in a Mortal Kombat-themed ransomware campaign. Aside from ransomware, this campaign also makes use of the Laplas Clipper malware... Read more...
Joint research conducted by cybersecurity firms Checkmarx and Illustria has revealed a massive phishing campaign that flooded open source repositories with over 144,000 packages. Unlike many other campaigns that involve the distribution of software packages, this newly discovered campaign didn’t attempt to distribute... Read more...
The cybersecurity firm Cyjax has published a new report detailing an ongoing phishing campaign that has made use of over 42,000 domains going back to 2017. The campaign targets WhatsApp users with surveys promising rewards from major international brands, such as McDonald’s and Coca-Cola. Cyjax researchers have... Read more...
On September 24, the cyber threat intelligence company SOCRadar notified Microsoft that one of its Azure Blob Storage servers was misconfigured and leaking customer information. Now, almost a month later, both Microsoft and SOCRadar have released blog posts warning businesses that some of their transaction data and... Read more...
On October 10, less than a month after Australia was hit by its largest ever data breach, the Australian online retail store MyDeal was struck by a data breach. According to Woolworths Group, which recently acquired the online retailer, an unknown actor used a set of compromised employee credentials to access MyDeal’s... Read more...
This week, Cloudflare released a threat report detailing the state of distributed-denial-of-service (DDoS) attacks in the third quarter of 2022. Cloudflare is a major provider of DDoS mitigation services, giving the company insight into the frequency, strength, and nature of DDoS attacks. The largest attack Cloudflare... Read more...
Earlier this week, Microsoft confirmed a “new” 0-Day remote code execution vulnerability within Exchange Servers. While it isn’t necessarily new in the family of Proxy-Exploits, critical infrastructure is still being attacked now, and hundreds of thousands of servers are potentially vulnerable to this issue, so patch... Read more...
Cybersecurity researchers from Palo Alto Networks’ Unit 42 have discovered a campaign exploiting multiple vulnerabilities in D-Link routers to spread botnet malware. A botnet is a network of compromised consumer or enterprise devices controlled by a threat actor to carry out malicious tasks, such as mining... Read more...
The international phenoms that are Minecraft and Roblox are practically ubiquitous in gaming today. The two games are available on multiple platforms including consoles, PC, and even mobile devices. Unfortunately, their significant popularity, especially amongst younger generations, makes them an excellent target for... Read more...
A new report by Microsoft details a vulnerability in the TikTok Android app that threat actors could have exploited to hijack user accounts with a single click. The vulnerability appears in the National Vulnerability Database with the Common Vulnerabilities and Exposures (CVE) identifier CVE-2022-28799 and a high... Read more...
A new report by cybersecurity firm Mandiant details an ongoing hacking campaign targeting Microsoft 365. The threat actor behind this campaign is an advanced persistent threat (APT) known as “Cozy Bear” or simply “APT29.” APT29 is thought to be a Russian hacking group sponsored by the Russian Foreign Intelligence... Read more...
1 2 3 4 5 Next