Recently, researchers at Mitiga have sounded the alarm about a new Business Email Compromise (BEC) campaign. They discovered evidence of the campaign responding to another incident and have watched the campaign grow in scope and scale over time. Here’s how the attack works: The individual targeted by the campaign receives an email that appears to…
Based on a recent survey conducted by the folks at Titaniam, a solid majority of organizations have robust security tools in place. Yet nearly 40 percent of them have fallen victim to a ransomware attack in the past year. How can this be? With conventional tools in place, how can this still be happening? The…
In June, Wiz engineers discovered and reported #AttachMe, a critical cloud isolation flaw in Oracle Cloud Infrastructure (OCI). Due to its potential to affect all OCI customers, the #AttachMe cloud vulnerability is one of the most severe vulnerabilities discovered to date. The majority of the time, cloud isolation flaws only impact a single cloud service.…
Recently, Google’s engineers introduced a small but important feature to their Calendar app. If you haven’t used the “known senders” option, you owe it to yourself to check it out. It allows you to toggle a setting that will filter out invites from people you don’t know, with an eye toward eliminating or drastically reducing…
DuckDuckGo has a reputation for protecting the privacy of its users far more than most other companies. Last year, the tiny search engine announced that they were experimenting with a free service designed to dodge email trackers as a means of further protecting the privacy of its users. The company’s Email Protection service works by…
On September 7, 2022, Apple hosted its annual product release event at one pm Eastern Time (ET). Tim Cook, Apple’s CEO, took the stage at the Far Out event held at the company’s headquarters in Cupertino, California, to unveil a slew of brand-new and significantly enhanced devices. The iPhone 14 and several new smartwatches and…
Microsoft Teams is a part of the 365 product family and is used by more than 270 million people for exchanging text messages, videoconferencing, and file storage. In August of 2022, the team at Vectra Protect discovered a post-exploitation vulnerability in the plaintext storage disk used by Microsoft Teams while conducting research for a client.…
Lenovo issued a security notice informing customers of multiple serious BIOS vulnerabilities affecting hundreds of Lenovo devices across various models (Desktop, All in One, IdeaCentre, Legion, ThinkCentre, ThinkPad, ThinkAgile, ThinkStation, ThinkSystem). Exploiting the vulnerabilities might result in the disclosure of sensitive information, an increase in privileges, a denial of service, and possibly even the execution…
An unknown hacker, who claims to be eighteen years old, acquired administrative access to Uber’s corporate network and proprietary internal tools on Thursday, September 15, 2022. On September 15, 2022, at 6:25 pm PT, Uber issued a statement on Twitter that it was “responding to a cybersecurity incident.” An attacker gained access to the account…
Tech giant Google recently announced that it’s closing the doors on its IoT Core service. Their stated reason for doing so was that their strategic partners can better manage customers’ IoT services and devices. Time will tell if the company’s decision was a good one. Another tech giant, Microsoft, is wasting no time and is…