Warning! Hackers are coming after your travel accounts. Here's how to protect yourself.
Gen AI financial scams are getting very good at duping work email
Cybersecurity expert says the next generation of identity theft is here: ‘Identity hijacking’ | Tacoma News Tribune
What is catfishing and what can you do if you are catfished? | CNN Business
Data Privacy Week 2024 | WaTech
Data Privacy Week - National Cybersecurity Alliance
‘Spear phishing’ scams specifically target your personal and business email accounts
Microsoft issues alert to Windows 10 users - act now or your PC is at risk | Express.co.uk
Report: Hackers Shift from Malware to Less Detectable Credential Hijacking - Route Fifty
Adversaries are relying less on malware to conduct attacks that are consequently more difficult to detect, according to an annual report released by cybersecurity firm CrowdStrike.
Outlook and Gmail fans hit by new email threat that's worrying experts | Express.co.uk
Android users: Do not click on this text message •
Top 5 cybersecurity challenges in the hybrid office | 2021-06-16 | Security Magazine
The pandemic has caused a tectonic shift in how we live and work. Many companies are slowly returning to offices while an estimated 40% of the U.S. workforce continues to work remotely. A year into the pandemic and one thing is crystal clear, the future of work is hybrid. Regardless of whether employees are on-site or remote, this convenience is now a permanent cyber-risk for businesses.
Microsoft Patches Six Zero-Day Security Holes – Krebs on Security
Microsoft today released another round of security updates for Windows operating systems and supported software, including fixes for six zero-day bugs that malicious hackers already are exploiting in active attacks.
June’s Patch Tuesday addresses just 49 security holes — about half the normal number of vulnerabilities lately. But what this month lacks in volume it makes up for in urgency: Microsoft warns that bad guys are leveraging a half-dozen of those weaknesses to break into computers in targeted attacks.
Cyberattack on food supply followed years of warnings - POLITICO
Virtually no mandatory cybersecurity rules govern the millions of food and agriculture businesses that account for about a fifth of the U.S. economy. And now, the risk has become real.
A security researcher found Wi-Fi vulnerabilities that have existed since the beginning - The Verge
How to use authenticator apps like Google Authenticator to protect yourself online - Vox
Text-based 2FA, where a text with a six-digit code is sent to your phone to verify your identity, is better known and better understood because it uses technology most of us use all the time anyway. But it’s a technology that wasn’t meant to serve as an identify verifier, and it’s an increasingly insecure option as hackers continue to find ways to exploit it.
That’s why I recommend using an authenticator app, like Google Authenticator, instead. Don’t let the name intimidate you: There are a few extra steps involved, but the effort is worth it.
What is Social engineering? How Does it work? - CSN
Social Engineering is a technique that is performed by cybercriminals who indulge in exploiting human weaknesses. The act of Social Engineering involves various techniques all of which involve the manipulation of human psychology.
Phish Leads to Breach at Calif. State Controller — Krebs on Security
A phishing attack last week gave attackers access to email and files at the California State Controller’s Office (SCO), an agency responsible for handling more than $100 billion in public funds each year...“This isn’t even the full extent of the breach,” said the California state employee, who spoke on condition of anonymity.
Krebs on Security
Ne’er-do-wells leaked personal data — including phone numbers — for some 553 million Facebook users this week. Facebook says the data was collected before 2020 when it changed things to prevent such information from being scraped from profiles.
The HaveIBeenPwned project, which collects and analyzes hundreds of database dumps containing information about billions of leaked accounts, has incorporated the data into his service.
An Uprising of DDoS Attacks, a Cause of Concern for Organizations | Cyware Alerts - Hacker News
Did you think DDoS attacks were over? They are not. Actually, recent research has discovered that these attacks attained a record high during the pandemic.
Google Warns Mac, Windows Users of Chrome Zero-Day Flaw | Threatpost
Google is hurrying out a fix for a vulnerability in its Chrome browser that’s under active attack – its third zero-day flaw so far this year. If exploited, the flaw could allow remote code-execution and denial-of-service attacks on affected systems.
ZIPX files that aren't: Keep a weather eye out for disguised malware in email attachments • The Register
By using the .zipx extension to obfuscate EXE payloads, crooks might be hoping to sneak the elderly NanoCore remote-access trojan through users' email and endpoint-scanning software.
Mitigate Microsoft Exchange On-Premises Product Vulnerabilities | CISA
CISA issued ED 21-02 requiring federal civilian departments and agencies running Microsoft Exchange on-premises products to update or disconnect the products from their networks until updated with the Microsoft patch.
Microsoft Exchange hack, explained
Cyberattacks Are Inevitable. Is Your Company Prepared?
Cyberattacks always happen when you least expect them. And when they happen, they happen quickly. Responding appropriately is not just the responsibility of your cybersecurity team; everyone in the organization has a role to play.
Microsoft Patch Tuesday Updates Fix 14 Critical Bugs | Threatpost
Microsoft has released its regularly scheduled March Patch Tuesday updates, which address 89 security vulnerabilities overall.
Included in the slew are 14 critical flaws and 75 important-severity flaws. Microsoft also included five previously disclosed vulnerabilities, which are being actively exploited in the wild.
30,000 U.S. organizations breached by cyber espionage group Hafnium | 2021-03-09 | Security Magazine
At least 30,000 organizations in the U.S. have been hacked by a Chinese cyber espionage unit, known as "Hafnium." The group is targeting and exploiting security vulnerabilities in Microsoft Exchange Server email software.
Do I Need a VPN at Home? | PCMag
Staying in is the most effective way to protect yourself during the pandemic, and that means a lot more time online at home. A VPN can help secure that critical connection.
A Private Alternative to Google Maps: DuckDuckGo Maps
DuckDuckGo isn’t just a private alternative to Google and Bing’s web search. It has a built-in online mapping solution designed with privacy in mind. If you want to leave Google, you don’t have to stick around for Google Maps.
Malformed URL Prefix Phishing Attacks Spike 6,000% | Threatpost
“The URLs are malformed, not utilizing the normal URL protocols, such as http:// or https://,” researchers said in a blog post about their findings. “Instead, they use http:/\ in their URL prefix.”