Shadow IT is taking on new dimensions as Software as a Service or cloud-based applications gain in popularity. But with the benefits of SaaS come increased risks for the enterprise. This Insight looks at the growth of Shadow IT and the associated risks.
A serious vulnerability rated at 9.2 out of 10 is currently being exploited in Citrix NetScaler ADC. It allows attackers to gain access to the entire network when the device is configured as a gateway. Very dangerous! Patch as soon as possible.
Researchers found many bugs in printer systems. Brother is the one with the most bugs by far. Some are patchable and at least one very serious bug is not patchable. What will be done remains to be seen.
Microsoft Exchange servers are a popular target of cyberattackers and they have been hit again. Keyloggers that record all keystrokes infected the servers to steal credentials.
SIM (Subscriber Identity Module) swap is a technique where a cybercriminal convinces a mobile carrier to transfer an existing mobile number to a new SIM in a new device. That new SIM and device then get all the calls and texts intended for the original owner. It can be very difficult to convince a carrier that you are the real owner and to transfer the number back to you.
Think you can spot fake information and not click on bad links? Most people believe they can. But experience shows most people can’t identify fake information. Cybercriminals are using AI to make things even harder to detect. Fake information is a powerful force in phishing.
Two factor authentication is intended to make things safer than a password alone. However, the TFA codes sent by SMS, also called text messages, are not very safe. Over a million were captured.
Social Media has now topped television and other news sources as the most popular source of news. This obviously affects many companies that advertise on TV. But more worrisome is how easy it is to create fake SM accounts for people and bots and how successful they are at influencing public opinion, even by with completely false information.
Some of Google’s cloud servers were knocked out last weekend affecting their own customers. Google attributed the downed services to new features which were not tested thoroughly before being released.
GitHub is a repository used by countless developers for tools and common code. Attackers have launched a complex attack corrupting repositories and offering free pen testing tools to get developers to download the infected files. The corrupt files deliver malware giving attackers the ability to do data exfiltration, remote access, and long-term persistence on the compromised systems.
Cybercriminals like cash as much as any legitimate business. It is immediate and can’t be stopped like a check or a chargeback filed like with a credit card. This Insight looks at some of the current cash scams.
A new zero day vulnerability has been found in NetWeaver. It was assigned a CVSS score of 10 out of 10 meaning very dangerous. Be sure to install the patch as soon as possible.
MFA, Multi-Factor Authentication, is supposed to provide additional security beyond a username and password. But cybercriminals claim to have found a way around the M365 MFA and avoid detection. It is being sold as a tool to attackers.
Callers pretending to be from your mobile phone service provider offer special savings plans. They have enough information about your account to gain credibility. All you have to do is pay the money in advance which will be refunded as the special offer gets validated. Of course it was a scam.
AI companies are racing to enhance their systems to gain more users and customers. But the rush to release features doesn’t always help. ChatGPT company OpenAI had to remove a feature after numerous reports of unexpected and unwanted behavior.