CyberSecure Specialist

Microsoft Patches Azure Cross-Tenant Data Access Flaw

Microsoft has silently fixed an important-severity security flaw in its Azure Container Service (ACS) after an external researcher warned that a buggy feature allowed cross-tenant network bypass attacks. The vulnerability, documented by researchers at Mnemonic, effectively removed the entire network and identity perimeter around  internet-isolated Azure Cognitive Search instances and allowed cross-tenant access to the data plane of ACS instances from any location, including instances without any explicit network exposure. According to Mnemonic researcher Emilien…

Read More

Facebook Agrees to Pay $725 Million to Settle Privacy Suit

Facebook parent Meta has agreed to pay $725 million to settle a long-running lawsuit that accused the social network of allowing third parties, including Cambridge Analytica, to access users’ private data. The amount was disclosed in a court filing late on Thursday. “The proposed settlement of $725,000,000 is the largest recovery ever achieved in a data privacy class action and the most Facebook has ever paid to resolve a private class action,” lawyers for the…

Read More

Customer details compromised in LastPass data breaches

The data breaches LastPass suffered in August and November 2022 resulted in confidential customer information being compromised. In a statement, LastPass explained that the August breach saw a malicious actor steal source code and technical information from LastPass’ development environment that was then used to target an employee. This allowed the hacker to gain access to credentials and keys, which they then used to access LastPass’ third-party cloud storage service in November 2022. Using the…

Read More

BetMGM Confirms Breach as Hackers Offer to Sell Data of 1.5 Million Customers

MGM Resorts-owned online sports betting company BetMGM confirmed suffering a data breach the same day hackers offered to sell a database containing the information of 1.5 million BetMGM customers. In a statement posted on its website on December 21, BetMGM said “patron records were obtained in an unauthorized manner”. The company said the compromised information includes name, email address, postal address, phone number, date of birth, hashed Social Security number, account identifier, and information related…

Read More

China’s ByteDance Admits Using TikTok Data to Track Journalists

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source of leaks to the media, the company admitted Friday. TikTok has gone to great lengths to convince customers and governments of major markets like the United States that users’ data privacy is protected and that it poses no threat to national security. But parent company ByteDance told AFP on Friday that…

Read More

Zerobot Botnet Emerges as a Growing Threat with New Exploits and Capabilities

The main methods that Zerobot uses to infect a system, via brute-force or vulnerability exploitation, can easily be prevented by following a few recommended steps. The first recommendation would be to make sure all devices on a network are up-to-date on their patches, particularly any Internet-facing devices. The threat actors rely on devices remaining unpatched to infect systems and grow their botnet, so by making sure all devices are up-to-date and not vulnerable, an organization…

Read More

FIN7 Cybercrime Syndicate Emerges as Major Player in Ransomware Landscape

To protect against ransomware attacks, organizations should: • Regularly back up data, air gap, and password protect backup copies offline.• Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.• Implement network segmentation.• Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location• Install updates/patch operating systems, software, and firmware as soon…

Read More

The Guardian Media Group Hit by Ransomware Attack

Companies looking to defend against ransomware should consider adopting a defense-in-depth strategy. Network segmentation, backups, regular patching, and vulnerability assessments are just a few of the measures that should be taken when attempting to lessen the likelihood of an attack. Promoting healthy cyber habits within a company is also crucial. https://www.infosecurity-magazine.com/news/ransomware-attack-guardian

Read More

‘Tis the season for gaming: Keeping children safe (and parents sane)

It’s all fun and games over the holidays, but is your young gamer safe from the darker side of the action? As Christmas draws nearer, parents are handling a barrage of requests from their kids for the latest gaming titles and consoles. Despite gathering macro-economic headwinds, US consumers are set to increase their total retail spending by around 7% year-on-year this holiday season, and by 3.5% on electronics. But while several weeks of uninterrupted gaming…

Read More

“Suspicious login” scammers up their game – take care at Christmas

by Paul Ducklin Black Friday is behind us, that football thing they have every four years is done and dusted (congratulations – spoiler alert! – to Argentina), it’s the summer/winter solstice (delete as inapplicable)… …and no one wants to get locked out of their social media accounts, especially when it’s the time for sending and receiving seasonal greetings. So, even though we’ve written about this sort of phishing scam before, we thought we’d present a…

Read More