The holiday season is busy time for the retail industry. Cybercriminals know this and ramp up their attacks on retail businesses. The attacks range from annoying to disastrous. Knowing what may be coming helps you better protect against them.
Microsoft issued patches for 90 recently discovered vulnerabilities. Four of the vulnerabilities are rated as critical. Be sure to determine which of the patches apply to your systems and which have the most impact on you. Then install those first.
A Zero-Day in Citrix Recording Manager allows attackers to install and execute code on the platform with no authentication. A patch was just issued. Install it now!
For only $700 you can purchase a tool that steals email addresses from the public profiles on GitHub. The stolen emails help cybercriminals steal other credentials, deliver malware, circumvent access protections, and more.
Low code and no code make it easy for almost anyone to create something. Microsoft’s Power Pages use it to let people build websites quickly and easily. However, these environments do not help people understand the security implications. The result is massive cybersecurity gaps and confidential information exposures. A recent example is Microsoft’s Power Pages with millions of private pages exposed on websites built using this platform.
AI, Artificial Intelligence, offers many benefits in many arenas including IT and cybersecurity. But it also still suffers from problems. The problems can reduce the trust in the AI system and undermine its effectiveness.
Docusign is a widely used platform for e-signing documents. Attackers are
using a valid API in Docusign to send many phishing emails with invoices for signature and payment. The use of Docusign and its familiarity to those who pay invoices makes it a very effective scam.
PyPI, the Python package index, has been compromised for over three years! Everyone who downloaded the infected package got malware that stole Amazon Web Services credentials.
Roblox is a popular platform for developing and hosting online games. Attackers have compromised the open source repository so that anyone who downloads in gets malware and infostealers. Compromises of open source hae become a popular attack method.
QUMU, Quick Emulator, a tool used to emulate different hardware operating systems is used for testing things on the different platforms. A new attack creates a compromised version that steals information.
Fake Captcha screens are being inserted into legitimate apps to trick users into downloading infostealers. The infostealers are difficult to detect but are very good are stealing credentials and more.
A Zero-Day vulnerability for all Windows systems that was patched twice before, has resurfaced as attackers discover a new way to enable it. The vulnerability allows attackers to steal credentials. Patch as soon as it is available.
Cybercriminals are combining attack methods to go after Android phone users. The new attack uses fake phone calls to infect the mobile devices and gain control over them. Be very careful!
Rumors have been around for years about our devices listening to what we say. New evidence shows this is true. Companies are listening and mining it to create targeted ads.
WordPress is a favorite of cyber attackers. A new attack uses WordPress plugins to install infostealers. Infostealers are devious and dangerous. Be very careful!