News
-
Researchers Hack Olympic Games App
Researchers Hack Olympic Games App Cybersecurity researchers in Canada have found a “devastating flaw” in the MY2022 app, designed for use by attendees of this year’s Winter Olympic Games in Beijing. The vulnerability was discovered by the Citizen Lab – an academic research laboratory based at the Munk School of Global Affairs at the University of Toronto. In findings published Tuesday,…
-
Ransomware Attack on Moncler
Ransomware Attack on Moncler Cyber-criminals have stolen data from Italian luxury fashion brand Moncler and published it on the dark web. The maker of down jackets confirmed Tuesday that it had suffered a data breach after being attacked by the AlphV/BlackCat ransomware operation in December. Attackers hit Moncler in the final week of 2021, causing a temporary outage of…
-
IRS Will Soon Require Selfies for Online Access
If you created an online account to manage your tax records with the U.S. Internal Revenue Service (IRS), those login credentials will cease to work later this year. The agency says that by the summer of 2022, the only way to log in to irs.gov will be through ID.me, an online identity verification service that…
-
Oracle January 2022 Critical Patch Update Addresses 266 CVEs
Oracle addresses 266 CVEs in its first quarterly update of 2022 with 497 patches, including 25 critical updates. Background On January 18, Oracle released its Critical Patch Update (CPU) for January 2022, the first quarterly update of the year. This CPU contains fixes for 266 CVEs in 497 security updates across 39 Oracle product families.…
-
Supply chain vulnerability allows attackers to manipulate SAP transport system
A supply chain vulnerability in the SAP transport system that allows attackers to infiltrate the change management or software deployment process has been identified by a cybersecurity provider based in Germany. A patch has been published by SAP SE to fix the issue that threatens all SAP environments that share a single transport directory. SAP…
-
The 2021 Threat Landscape Retrospective: Targeting the Vulnerabilities that Matter Most
A review of the year in vulnerabilities and breaches, with insights to help guide cybersecurity strategy in 2022 and beyond. “We do not learn from experience… we learn from reflecting on experience.” – John Dewey, American philosopher We all know that the best way to improve is by debriefing, especially when it comes to reviewing…
-
The Prometheus traffic direction system is a major player in malware distribution
Cybercrime is fueled by a complex ecosystem of criminal groups that specialize on different pieces of the final attack chains experienced by victims. There are the malware developers, the access brokers, the spammers, the private information sellers, the botnet operators, the malvertizers and more. One service that is often overlooked but still plays an important…
-
Are Fake COVID Testing Sites Harvesting Data?
Over the past few weeks, I’ve seen a bunch of writing about what seems to be fake COVID-19 testing sites. They take your name and info, and do a nose swab, but you never get test results. Speculation centered around data harvesting, but that didn’t make sense because it was far too labor intensive for…
-
Exploring influences on SSC grades for insurance companies
This blog was written by an independent guest blogger. There are more online stores and services available than ever, and you are able to shop for almost anything online whether it’s groceries or insurance. There are many ways to protect yourself while browsing the internet, and one of those ways is to choose reputable businesses…
-
Microsoft’s Pluton security processor tackles hardware, firmware vulnerabilities
While this year’s Consumer Electronics Show was impacted by COVID, it didn’t stop Lenovo from announcing the first Microsoft Pluton-powered Windows 11 PCs. First announced in 2020, the Pluton is a security processor that Microsoft developed in partnership with AMD and Qualcomm to provide what they called “chip to cloud” security. Pluton is designed to…