Malware

Researchers verified a small sample of the data and reached out to McGraw Hill, who did not initially respond. Finally, the company announced on September 21st that they had removed all sensitive data out of the public buckets. Due to the growing regulatory burden, it is highly recommended that organizations store sensitive customers data securely, and utilize third party cybersecurity services to verify the security of such data in order to avoid liability, regulatory fines,…

When developing tools, it can be easy to simply fall back on repositories to source libraries and packages to quickly fill gaps and reduce workload. However, especially when interfacing with commercial software, it is considered good practice to refer to documentation to identify approved sources for libraries and packages. For example, SentinelOne’s Frequently Asked Questions page reports that their SDK is available “directly from the Management console,” and not from any centralized repository like PyPI.…

Companies should strive to patch MacOS devices as soon as their change management allows. Exploitation of this vulnerability is not particularly involved, according to Microsoft’s reporting, so malware packaged to use Achilles could surface very soon. Additionally, malware leveraging Achilles would not be prevented by Lockdown Mode, Apple’s optional protection feature for stopping zero-click code execution, since Gatekeeper requires the end user to open the malicious file. https://www.bleepingcomputer.com/news/security/microsoft-finds-macos-bug-that-lets-malware-bypass-security-checks/

Some recommendations from the source article include: • Do not open suspicious links in emails.• Do not download the software from untrusted sources.• Use a reputed anti-virus and Internet security software package on your connected devices, including PC, laptop, and mobile.• Refrain from opening untrusted links and email attachments without verifying their authenticity. It is worth noting that if a link is visited and seems suspicious, it is recommended to navigate directly to the legitimate…

To protect against ransomware attacks, organizations should:• Regularly back up data, air gap, and password protect backup copies offline.• Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.• Implement network segmentation.• Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location• Install updates/patch operating systems, software, and firmware as soon as…

On the contrary, End-to-End Encryption (E2EE) is a communication technique in which data is encrypted on the sender’s device and can only be unlocked by the recipient’s device using a secret key that is shared between the sender and receiver. Other Google products outside of Gmail also have client-side encryption enabled. Earlier this year, the tech giant made the same feature available for Google Meet, Drive, and Calendar. Google Drive apps also support client-side encryption…