21
Jul
8 common work-from-home scams to avoid
That ‘employer’ you’re speaking to may in reality be after your personal information, your money or your help with their illegal activities
Read More
21
Jul
Microsoft Cloud Hack Exposed More Than Exchange, Outlook Emails
Researchers at cloud security startup Wiz have an urgent warning for organizations running Microsoft’s M365 platform: That stolen Microsoft Azure AD enterprise signing key gave Chinese hackers access to data beyond Exchange Online and Outlook.com. “Our researchers concluded that the compromised MSA key could have allowed the threat actor to forge access tokens for multiple types of Azure Active Directory applications, including every application that supports personal account authentication, such as SharePoint, Teams, OneDrive,” Wiz…
Read More
21
Jul
In Other News: Military Emails Leaked, Google Restricts Internet Access, Chinese Spyware
SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and…
Read More
21
Jul
Russia Seeks 18 Years in Jail for Founder of Cybersecurity Firm
A Russian prosecutor on Friday requested an 18-year prison sentence for Ilya Sachkov, founder of one of the country’s topcybersecurity firms, on treason charges. Sachkov, 37, co-founded the Group-IB cybersecurity firm in 2003. It specializes in the detection and prevention of cyberattacks and works with Interpol and several other global institutions. “State prosecutors requested that Sachkov be sentenced to 18 years in prison,” his lawyer Sergei Afanasyev was quoted as saying by Russian news agencies.…
Read More
20
Jul
S3 Ep144: When threat hunting goes down a rabbit hole
by Paul Ducklin SING US A CYBERSECURITY SONG Why your Mac’s calendar app says it’s JUL 17. One patch, one line, one file. Careful with that {axe,file}, Eugene. Storm season for Microsoft. When typos make you sing for joy. No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify and anywhere that…
Read More
20
Jul
Adobe Releases New Patches for Exploited ColdFusion Vulnerabilities
Adobe has released a second round of patches for some recently disclosed ColdFusion vulnerabilities, including flaws that appear to have been exploited in attacks. On July 11, Adobe announced patches for CVE-2023-29298, an improper access control issue that can lead to a security feature bypass. On July 14, the company informed customers about fixes for CVE-2023-38203, a deserialization issue that could lead to arbitrary code execution. A few days later, cybersecurity firm Rapid7 reported seeing…
Read More
19
Jul
Protect yourself from ticketing scams ahead of the Premier League Summer Series USA Tour
There is a significant secondary marketplace where tickets can sell for several times their original value, opening the opportunity for scammers and fraud As European football teams prepare to kick-off their summer soccer tours in the USA it provides a huge opportunity for local fans to see some of the top teams and players in the world on their home turfs. For many English Premier League teams this is an established annual occurrence and is…
Read More
19
Jul
Child identity theft: how do I keep my kids’ personal data safe?
Why is kids’ personal information in high demand, how do criminals steal it, and what can parents do to help prevent child identity theft? Total identity fraud losses in the US were estimated at a whopping $43bn last year. While many of us are getting savvier about how we protect our personal information online, can we say the same about our children’s data? Child identity theft is more common than you might think. Almost a…
Read More
19
Jul
Google Virus Total leaks list of spooky email addresses
by Paul Ducklin Early disclaimer: this isn’t quite the mother of all data breaches, nor even perhaps a younger cousin, so you can stand down from Blue Alert right away. As far as we can tell, only names, email addresses and employers were leaked in the wrongly shared document. But what names they were! The leaked list apparently made up a handy email Who’s Who list of global cybersecurity experts from intelligence agencies, law enforcement…
Read More
19
Jul
Microsoft hit by Storm season – a tale of two semi-zero days
by Paul Ducklin At the tail-end of last week, Microsoft published a report entitled Analysis of Storm-0558 techniques for unauthorized email access. In this rather dramatic document, the company’s security team revealed the background to a previously unexplained hack in which data including email text, attachments and more were accessed: from approximately 25 organizations, including government agencies and related consumer accounts in the public cloud. The bad news, even though only 25 organisations were apparently…
Read More