The news tends to blame hackers for cyber breaches. But research shows there is another cause for over 80% of breaches. This Insight looks at that cause, how it occurs, and suggests ways to be safer.
Apple aims to keep tight control over its environment. This has led to lawsuits to force acceptance of app stores other than Apple’s. In this case browser extension apps in the other stores were corrupted. Anyone downloading apps from the non-Apple store got malware in the app that could steal your data.
Apple's tight security vindicated
Ransomware attackers are exploiting Amazon Web Services own encryption to encrypt user data. If the demanded ransom is not paid within 7 days, the data is deleted by the attackers.
Go Daddy, a popular web hosting platform, has been warned by the FTC to improve their cyber security or face stiff fines.
Tools used to keep us safer don’t always do the job. In this case attackers exploited a vulnerability in VPNs and more.
Are they really safer than passwords as much publicity says? This Insight looks at how they work and their pros and cons. Spoiler alert, they are safer than passwords alone.
Using Apple’s Xprotect encryption techniques allows this infostealer to avoid detection. Hackers are getting better. Stay up to date to be safe.
Serious Ivanti flaw, rated at CVSS 9.0, is being exploited. Be sure to patch now and have the most current version.
In a new attack, Microsoft 365 is being used to send payment requests. If the user then logs into their PayPal account the attacker steals the credentials and takes over the account. Be sure before logging in.
WordPress is a popular platform for website publishing and now e-commerce. This fake app impersonates payment service sites like Stripe to steal the payment processing information from people using real sites. .
Search engine use is a daily occurrence for many people. But many do not know how the results can be manipulated to direct you to corrupt sites. This Insight looks at how that occurs and suggests ways to be safer.
All users of calendar apps are familiar with invitations for meetings. But attackers have found a way to spoof Google Calendar invites to steal credentials. Malicious calendar invites were getting flagged and blocked so attackers found a way around that by using spoofing the invite and using Google Drawings and Google Forms to disguise things. Confirm the invite form the supposed sender before accepting it.
AI systems are proliferating. Now a number of desktop systems, Microsoft 365 Copilot, Google Gemini, and Apple Intelligence include AI capabilities. But as we have written many times before, AI systems have many risks. These systems bring it to the desktop and possibly beyond the ability of IT to control. This can be very dangerous to any company or organization.
Two Rspack npm packages in the repository have been compromised and deliver malware in every download. Both have been pulled from the repository. Fortunately, there is a newer package, version 1.1.8 that is safe. If you use version 1.1.6 or version 1.1.7 replace them immediately.
Apache Struts 2 is an older framework for building Java applications. But it is still in use especially for legacy systems. The problem is serious, CVSS 9.5. But how old it is creates problems and a simple patch won’t fix it.