Hot Topics

Chinese hackers are gathering passenger details from airlines across the world to track high-value targets' movements.  The intrusions have been linked to a threat actor that the cyber-security has been tracking under the name of Chimera.  The initial report mentioned...

FireEye Mandiant announced the release of an open source tool designed to check Microsoft 365 tenants for the use of techniques associated with UNC2452, the threat group that attacked IT management company SolarWinds.  UNC2452 has used some sophisticated techniques to...

The Federal Bureau of Investigation has issued a Private Industry Notification (PIN) to warn of attacks targeting enterprises, in which threat actors attempt to obtain employee credentials through vishing or chat rooms.  The COVID 19 pandemic has forced the broad...

In an advisory issued on Wednesday, CISA (Cybersecurity and Infrastructure Security Agency) revealed that hackers have been employing successful phishing campaigns, brute force login attempts, and potentially pass-the-cookie attacks to exploit weaknesses in cloud...

Austria-based cybersecurity consultancy SEC Consult discovered five types of vulnerabilities in Pepperl+Fuchs Control industrial products, including cross-site request forgery (CSRF), reflected cross-site scripting (XSS), blind command injection, and denial-of-service...

The Chinese company has been accused of spying on millions of Android TikTok users using a technique banned by Google.  According to a Wall Street Journal report, TikTok used a banned tactic to bypass the privacy safeguard in Android to collect unique identifiers from...

Microsoft is urging users to abandon telephone-based multi-factor authentication (MFA) solutions like one-time codes sent via SMS and voice calls and instead replace them with newer MFA technologies, like app-based authenticators and security keys.  Microsoft said...

Sakura Samurai security researchers identified exposed GitHub credentials on a United Nations Environment Program (UNEP) subdomain, which allowed them to access a trove of data, including more than 100,000 employee records.  The researchers discovered an ilo.org...

Emotet has secured its spot as the most prolific malware threat.  Over the Christmas and New Year period a spam campaign using Emotet targeted over 100,000 users a day.  Emotet was used to target 7% of organizations around the world during December. The malware...

The FBI warns the Egregor ransomware, offered under a Ransomware-as-a-Service (RaaS) business model, poses a great threat to businesses due to the use of double extortion.  Egregor has claimed more than 150 victims to date, all around the world. Following network...

Threat Alerts Jan7 2021   This new phishing attack uses an odd lure to deliver Windows trojan malware Be warned: COVID-19 vaccine scams are now appearing online, over text, and by email Businesses are overconfident about the state of their security Lightning does...

Setting up a Microsoft account doesn't begin to describe its value, especially if you use that account for crucial email and cloud storage. Follow these seven steps to establish a solid baseline of security and protect that account from intruders.  Below are seven...