Years of security issues and mounting criticism have left Microsoft needing to overhaul its cybersecurity. The world’s largest tech company has a security problem. A series of high-profile security incidents have rocked Microsoft over the past few years, and a scathing report from the Cyber Safety Review Board recently concluded that “Microsoft’s security culture wasContinue reading “Microsoft needs to win back trust.”
Category Archives: Hack
Watch out for weird phishing promises like free transit to Elon Musk’s off-world colonies
Bizarre phishing lures include furious customer service complaints, Uzbek sales opportunities, and complimentary interplanetary voyages. What kind of convincing does it take to dupe your average email sender to engage in risky download behavior? Some scammers’ lists of lures include opportunities to profit off war, angry customer complaints, and even a free trip to theContinue reading “Watch out for weird phishing promises like free transit to Elon Musk’s off-world colonies”
North Korean hackers may be plotting to steal threat intel from cybersecurity researchers.
Suspected North Korean threat actor ScarCruft appears to be dabbling in new ways to target cybersec pros. A threat actor believed to operate on behalf of the North Korean government is continuing to target media organizations and academics—and its newest malware indicates it’s on the hunt for insider tips against cybersecurity pros, according to SentinelLabs.Continue reading “North Korean hackers may be plotting to steal threat intel from cybersecurity researchers.”
QR Codes – what’s the real risk?
How safe is it to scan that QR code in the pub? Or in that email? QR codes have been around since the 90s, although in the UK they really came to prominence during COVID lockdowns where they were used for everything from ordering food to indicating vaccination status. They’re widely used today for thingsContinue reading “QR Codes – what’s the real risk?”
SEC disclosure rules leave IT pros asking: What’s ‘material’?
Ransomware can be material or not material, says one legal pro. SEC disclosure rules now require publicly traded companies to disclose impactful—or more specifically, “material”—cybersecurity events, leaving many organizations running to both dictionaries and legal teams to learn the definition. Understanding the term will be an important aspect of pre-incident planning, according to legal experts and industryContinue reading “SEC disclosure rules leave IT pros asking: What’s ‘material’?”
Over 178,000 SonicWall firewalls for enterprises still vulnerable to DOS, RCE attacks.
“The impact is worse for devices like this, because of their positioning on the network,” Bishop Fox researcher Jon Williams says. Nearly 180,000 SonicWall firewalls remain vulnerable to an exploit first discovered in April 2022, despite the availability of a patch to manage the issue. Bishop Fox researchers wrote in a recent blog post thatContinue reading “Over 178,000 SonicWall firewalls for enterprises still vulnerable to DOS, RCE attacks.”
Hackers are abusing a Google OAuth endpoint to hijack user sessions.
“Millions each and every month” could be affected, according to CloudSEK researcher Pavan Karthick M. You may have just changed your password, but an exploit using an undocumented Google OAuth endpoint to allow continual account access—even if the user changes their password—might make you feel like changing it again. That’s according to research from securityContinue reading “Hackers are abusing a Google OAuth endpoint to hijack user sessions.”
Phishers survey new tactic: Google Forms.
The phishing method is “about as zero-risk” as it gets, says CISO Mike Britton. By incorporating a widely used survey tool, phishers have found another inventive way to get past email security gateways: Google Forms. “From an attacker’s perspective, the effective part is [that] I can pretty much craft it and customize it, because it’sContinue reading “Phishers survey new tactic: Google Forms.”
Hackers can hijack your Bosch Thermostat and Install Malware.
Firmware Vulnerability Found in Bosch Thermostat Model BCC100: Patch Now or Freeze. Bitdefender Labs has discovered that the popular Bosch thermostat model BCC100 is vulnerable to cybersecurity threats. This vulnerability could allow a remote attacker to manipulate settings and install malware on the device. Researchers have discovered vulnerabilities in the Bosch BCC100 thermostat, which couldContinue reading “Hackers can hijack your Bosch Thermostat and Install Malware.”
Hyundai Motor India fixes bug that exposed customers’ personal data.
Hyundai’s India subsidiary has fixed a bug that exposed its customers’ personal information in the South Asian market. TechCrunch reviewed a portion of the exposed data that included the registered owner name, mailing address, email address and phone number of Hyundai Motor India customers who have serviced their vehicles at any of the company’s authorizedContinue reading “Hyundai Motor India fixes bug that exposed customers’ personal data.”
You must be logged in to post a comment.