0 Comments
Security software company Sophos has released a patch update for its firewall product after it was discovered that attackers were exploiting a new critical zero-day vulnerability to attack its customers’ network. The issue, tracked as CVE-2022-3236 (CVSS score: 9.8), impacts Sophos Firewall v19.0 MR1 (19.0.1) and older and concerns a code injection vulnerability in the
0 Comments
The cyber mercenary group, Void Balaur, continues expanding its hack–for–hire campaigns despite disruptions to its online advertising personas. The new information comes from cybersecurity experts at SentinelLabs, who recently published an advisory detailing Void Balaur’s latest campaigns. Written by senior threat researcher Tom Hegel, the document discusses the findings that SentinelLabs first unveiled at its
0 Comments
Here’s to the hashtags, the likes, the followers, the DMs, and the LOLs—June 30th marks Social Media Day, a time to celebrate and reflect on how social media has changed our lives over the years.  Started in 2010 by media and entertainment company Mashable, celebrations have taken on all kinds of forms. Meetups, contests, calls to increase your social circle
0 Comments
A major financial services company has learned the hard way about the importance of proper disposal of customers’ personal data The U.S. Securities and Exchange Commission (SEC) has announced that Morgan Stanley has agreed to pay a penalty of $35 million for exposing the personal information of 15 million customers. According to SEC, the financial
0 Comments
Threat actors deployed OAuth applications on compromised cloud tenants and then used them to control Exchange servers and spread spam. The news is the result of an investigation by Microsoft researchers. It revealed the threat actors launched credential–stuffing attacks (which use lists of compromised user credentials) against high–risk, unsecured administrator accounts that didn’t have multi–factor authentication (MFA)
0 Comments
GitHub has put out an advisory detailing what may be an ongoing phishing campaign targeting its users to steal credentials and two-factor authentication (2FA) codes by impersonating the CircleCI DevOps platform. The Microsoft-owned code hosting service said it learned of the attack on September 16, 2022, adding the campaign impacted “many victim organizations.” The fraudulent
0 Comments
The Department of Air Force (DAF) Enterprise IT as a Service’s (EITaaS) Base Infrastructure Modernization (BIM) procurement said it will evolve its digital modernization strategy to an “as a Service” model that will integrate network, end–user services and computing platforms. According to an announcement by technology company Lumen, which will collaborate with the DAF on the
0 Comments
*TW: Mentions Suicide Our passion for protecting people doesn’t stop with online safety. We deeply care for our people, their families and friends, and our communities. To recognize World Suicide Prevention on Sept. 10 and help normalize and encourage conversations about mental health year-round, we recently hosted a discussion with McAfee colleagues and suicide prevention
0 Comments
Australian unit of telecoms firm Singapore Telecommunications Optus said earlier today it was investigating the unauthorized access of customer data after a cyber–attack. The company confirmed it immediately stopped the attack, preventing customers’ payment details and account passwords from being stolen. However, Optus confirmed some home addresses, driver’s licenses and passport numbers were potentially accessed
0 Comments
Microsoft has released a new update bringing several new security features to its Windows 11 operating system (OS). The list includes application control enhancements, vulnerable drivers protection, enhanced identity protection and simplified password management, among others. Writing in a blog post, Microsoft said that it has added a series of functionalities it calls Smart App
0 Comments
If you recently found yourself looking for a new job, you are far from alone. According to the Institute of Labor Economics, more Canadians were seeking new employment opportunities at the height of the pandemic than during the previous three recessions combined. Job hunters only used to have to worry about the clarity of their cover letters and impressing interviewers. Now, however,
0 Comments
A threat cluster linked to the Russian nation-state actor tracked as Sandworm has continued its targeting of Ukraine with commodity malware by masquerading as telecom providers, new findings show. Recorded Future said it discovered new infrastructure belonging to UAC-0113 that mimics operators like Datagroup and EuroTransTelecom to deliver payloads such as Colibri loader and Warzone
0 Comments
Uber appears to have been breached again, after a threat actor reportedly accessed its email and cloud systems, code repositories, internal Slack account and HackerOne tickets. The ride-hailing giant released a terse message on Twitter yesterday saying it is “currently responding to a cybersecurity incident” and is in touch with law enforcement. Meanwhile, the alleged hacker