-
Secure web browsers for the enterprise compared: How to pick the right one
PRIVACY PRIVACY The web browser has long been the security sinkhole of enterprise infrastructure. While email is often cited as the most common entry point, malware often enters via the browser and is more difficult to prevent. Phishing, drive-by attacks, ransomware, SQL injections, man-in-the-middle (MitM), and other exploits all take advantage of the browser’s creaky…
-
Friday Squid Blogging: Emotional Support Squid
PRIVACY PRIVACY The Monterey Bay Aquarium has a video—”2 Hours Of Squid To Relax/Study/Work To“—with 2.4 million views. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Read More
-
Report: Big U.S. Banks Are Stiffing Account Takeover Victims
PRIVACY PRIVACY When U.S. consumers have their online bank accounts hijacked and plundered by hackers, U.S. financial institutions are legally obligated to reverse any unauthorized transactions as long as the victim reports the fraud in a timely manner. But new data released this week suggests that for some of the nation’s largest banks, reimbursing account…
-
Top 20 CVEs Exploited by People’s Republic of China State-Sponsored Actors (AA22-279A)
PRIVACY PRIVACY Top 20 CVEs Exploited by People’s Republic of China State-Sponsored Actors (AA22-279A) CISA, the NSA and FBI issue a joint advisory detailing the top 20 vulnerabilities exploited by state-sponsored threat actors linked to the People’s Republic of China. Background On October 6, the Cybersecurity and Infrastructure Security Agency (CISA) along with the National…
-
LofyGang Group Linked to Recent Software Supply Chain Attacks
PRIVACY PRIVACY The group focuses on utilizing open-source software for malicious purposes Read More
-
RCE on Log4j Among Top CVEs Exploited By Chinese-Backed Hackers
PRIVACY PRIVACY In a joint advisory, three US agencies, NSA, CISA and FBI, warned about Chinese threat actors Read More
-
Russian Sanctions Instigator Lloyd’s Possibly Hit by Cyber-Attack
PRIVACY PRIVACY The insurance market has detected “unusual activity” and turned off its systems Read More
-
Businesses in Canada Warned Not to Overlook Cybersecurity As Recession Looms
PRIVACY PRIVACY CEOs put cybersecurity seventh behind near-term risks such as the economy and potential recession Read More
-
CVE-2022-40684: Critical Authentication Bypass in FortiOS and FortiProxy
PRIVACY PRIVACY Fortinet has patched a critical authentication bypass in its FortiOS and FortiProxy products that could lead to administrator access. Background On October 7, public reports began to circulate that Fortinet communicated directly with customers about a critical vulnerability in its FortiOS and FortiProxy products. This vulnerability, CVE-2022-40684, has been patched, but Fortinet has…
-
New cryptojacking campaign exploits OneDrive vulnerability
PRIVACY PRIVACY Cryptojacking is turning into a security nightmare for consumers and enterprises alike. Malicious actors have used a variety of techniques to install cryptojackers on victims’ computers and in a new development, cybersecurity software maker Bitdefender has detected a cryptojacking campaign that uses a Microsoft OneDrive vulnerability to gain persistence and run undetected on…