-
Phishing Campaigns featuring Ursnif Trojan on the Rise
PRIVACY PRIVACY Authored by Jyothi Naveen and Kiran Raj McAfee Labs have been observing a spike in phishing campaigns that utilize Microsoft office macro capabilities. These malicious documents reach victims via mass spam E-mail campaigns and generally invoke urgency, fear, or similar emotions, leading unsuspecting users to promptly open them. The purpose of these spam…
-
A Guide to Identity Theft Statistics for 2022
PRIVACY PRIVACY There’s a digital counterpart for nearly everything we do, which means more of our personal information is online. And although this tends to make our lives easier, it opens the door for information to land in the wrong hands. Identity theft happens when someone uses your personal identifiable information (PII) for their own…
-
Smashing Security podcast #275: Jail for Bing, and mental health apps may not be good for you
PRIVACY PRIVACY A man hacks his employer to prove its security sucks, Telegram provides a helping hand to the Eternity Project malware, and what the heck do mental health apps think they’re up to? All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans…
-
CVE-2022-22972: VMware Patches Additional Workspace ONE Access Vulnerabilities (VMSA-2022-0014)
PRIVACY PRIVACY Organizations and government agencies are strongly advised to patch two newly disclosed vulnerabilities in VMware products, following warnings from VMware and the Cybersecurity and Infrastructure Security Agency. Background On May 18, VMware published an advisory (VMSA-2022-0014) to address two vulnerabilities across several VMware products: CVE Description CVSSv3 CVE-2022-22972 Authentication Bypass Vulnerability 9.8 CVE-2022-22973…
-
Deepfence Cloud builds on ThreatStryker security observability platform
PRIVACY PRIVACY Deepfence, a security observability and protection company, has launched Deepfence Cloud, a fully managed, cloud-native security SaaS observability system built on the company’s on-premises ThreatStryker software. Deepfence Cloud, unveiled at the KubeCon + CloudNativeCon Europe 2022 event this week, is aimed at observing runtime indicators of attack (IOA), and indicators of compromise (IOC)…
-
How SAML works and enables single sign-on
PRIVACY PRIVACY What is SAML and what is it used for? The Security Assertion Markup Language (SAML) is an open standard that allows security credentials to be shared by multiple computers across a network. It describes a framework that allows one computer to perform some security functions on behalf of one or more other computers.…
-
Senators Urge FTC to Probe ID.me Over Selfie Data
PRIVACY PRIVACY Some of more tech-savvy Democrats in the U.S. Senate are asking the Federal Trade Commission (FTC) to investigate identity-proofing company ID.me for “deceptive statements” the company and its founder allegedly made over how they handle facial recognition data collected on behalf of the Internal Revenue Service, which until recently required anyone seeking a…
-
Pharmacy Giant Hit By Data Breach Affecting 3.6 Million Customers
PRIVACY PRIVACY Pharmacy retailer Dis-Chem announced that an unauthorized party gained access to its customer database Read More
-
Personal Information of Nearly Two Million Texans Exposed
PRIVACY PRIVACY The leak was caused by a programming issue at the Texas Department of Insurance Read More
-
WFH Unprotected: How Organizations Can Keep Their Employees and Their Business Safer
PRIVACY PRIVACY The devices employees use as they work from home could be the ones that put their companies at risk. With businesses continuing to support remote and hybrid workplaces, more employees are connecting more of their personal devices to corporate networks, yet these devices aren’t always well protected from malware, breaches, and theft—which can…