Fortinet addressed a critical vulnerability that gave remote access to numerous services and was being exploited by threat actors in the wild. The company described the vulnerability as an authentication bypass on the admin interface, allowing unauthenticated users to connect to FortiProxy web proxies, FortiGate firewalls, and FortiSwitch Manager on-prem management instances. Specifically, the flaw…
In light of a recent data breach, the City of Tucson, Arizona, is alerting approximately 123,000 citizens that their personal information has been compromised. The issue was detected in May 2022, but the city’s investigation didn’t conclude until last month. As detailed in the notification addressed to those impacted by the data breach, an attacker…
Having remote workers in your business is a great way to expand cost-effectiveness and helps your business grow. But, unfortunately, many businesses have issued remote workers limited access to the network to protect important information. Knowing this, hackers are finding creative ways to access networks and steal vital information. It is important to ensure your…
Malware as a Service (MaaS) has gained popularity over the past few years as a method of spreading malware. Typically, MaaS is provided at a monthly, annual, or lifetime subscription price. Once a threat actor obtains access to the malware, they can target individuals through various tactics. A relatively new MaaS has emerged, called Erbium.…
Recently, researchers at Mitiga have sounded the alarm about a new Business Email Compromise (BEC) campaign. They discovered evidence of the campaign responding to another incident and have watched the campaign grow in scope and scale over time. Here’s how the attack works: The individual targeted by the campaign receives an email that appears to…
Based on a recent survey conducted by the folks at Titaniam, a solid majority of organizations have robust security tools in place. Yet nearly 40 percent of them have fallen victim to a ransomware attack in the past year. How can this be? With conventional tools in place, how can this still be happening? The…
DuckDuckGo has a reputation for protecting the privacy of its users far more than most other companies. Last year, the tiny search engine announced that they were experimenting with a free service designed to dodge email trackers as a means of further protecting the privacy of its users. The company’s Email Protection service works by…
On September 7, 2022, Apple hosted its annual product release event at one pm Eastern Time (ET). Tim Cook, Apple’s CEO, took the stage at the Far Out event held at the company’s headquarters in Cupertino, California, to unveil a slew of brand-new and significantly enhanced devices. The iPhone 14 and several new smartwatches and…
Lenovo issued a security notice informing customers of multiple serious BIOS vulnerabilities affecting hundreds of Lenovo devices across various models (Desktop, All in One, IdeaCentre, Legion, ThinkCentre, ThinkPad, ThinkAgile, ThinkStation, ThinkSystem). Exploiting the vulnerabilities might result in the disclosure of sensitive information, an increase in privileges, a denial of service, and possibly even the execution…
An unknown hacker, who claims to be eighteen years old, acquired administrative access to Uber’s corporate network and proprietary internal tools on Thursday, September 15, 2022. On September 15, 2022, at 6:25 pm PT, Uber issued a statement on Twitter that it was “responding to a cybersecurity incident.” An attacker gained access to the account…