20 May 2021

Android apps exposed data of millions of users through cloud authentication failures

Check Point Research published a report on Thursday detailing Android apps that contain critical cloud misconfiguration that allow for the potential exposure of data belonging to 100 million users. The report states that 23 popular mobile apps contain a variety of misconfiguration of third-party cloud services, which are widely used

Read More
19 May 2021

RDP Hijacked for Lateral Movement in 69% of Attacks

According to a new report called the Active Adversary Playbook 2021, 90% of cyberattacks investigated by Sophos last year involved abuse of the Remote Desktop Protocol (RDP). Sophos states that 81% of these attacks featured ransomware. The new report details the experiences of frontline threat hunters and incident responders to

Read More
18 May 2021

Consumers Warned About Surge in Meal Kit Delivery Scams

Cybersecurity firm Tessain has warned consumers to be vigilant about a surge in meal kit delivery scams after uncovering SMS scams impersonating popular companies such as Gousto and HelloFresh. The uptick in meal kit delivery scams is likely a result of their increase in popularity during the Covid-19 lockdown. The

Read More
17 May 2021

Cisco Patches Code Execution Flaw in VPN Product 6 Months After Disclosure

Earlier this week, Cisco announced that it had released patches for a high-severity vulnerability that lies in its AnyConnect Secure Mobility Client that can be exploited for remote code execution. The flaw was initially disclosed in November of 2020, and it has taken roughly six months for the company to

Read More
17 May 2021

‘Scheme Flooding’ Allows Websites to Track Users Across Browsers

Security researchers have discovered a new vulnerability that allows browsers to enumerate applications on a machine, threatening cross-browser anonymity in popular search engines such as Chrome, Firefox, Microsoft Edge, Safari, and Tor. The vulnerability is referred to as “scheme flooding,” and allows websites to identify users across different desktop browsers,

Read More
17 May 2021

‘We won’t pay ransom,’ says Ireland after attack on health service

Ireland’s Health Service Executive (HSE) was recently the victim of a ransomware attack that took some services offline temporarily as the organization attempted to mitigate any further risks. The HSE has now stated that it does not plan on paying ransom despite struggling to restore its IT systems. HSE has

Read More
14 May 2021

Cyber-attacks Cost Small US Businesses $25k Annually

Although most of the attacks that make headlines pertain to large companies and organizations, a new report found that cyberattacks are costing small businesses in the US an average of $25,000 annually. The report was published by an international insurance company called Hiscox and it surveyed 6,000 cybersecurity professionals in

Read More
11 May 2021

DHS Drops Proposal to Expand Immigration-Related Biometrics Collection

The Department of Homeland Security has withdrawn a proposal that was introduced within the last few months of the Trump administration that would have expanded the collection to biometric data relating to immigration. The rule was first published in the Federal Register on September 11, and would have removed age

Read More
11 May 2021

Lemon Duck Cryptojacking Botnet Changes Up Tactics

The Lemon Duck cryptocurrency mining botnet has adapted its tactics, now targeting Microsoft Exchange servers via ProxyLogon in a new campaign against North American targets. The botnet is leveraging the ProxyLogon exploits to conduct effective attacks while incorporating new techniques such as anti-detection capabilities and the addition of the Cobalt

Read More
07 May 2021

Critical Cisco SD-WAN, HyperFlex Bugs Threaten Corporate Networks

Cisco has rolled out patches addressing severe vulnerabilities that could be exploited to perform remote code execution and privilege escalation. The flaws lie in the SD-WAN vManage Software. The bugs could allow an unauthenticated attacker to steal information from vulnerable networks. Cisco also disclosed a denial-of-service issue in the same

Read More