Insights

Beware of Free File Converters

Converting a file from one format to another is something almost everyone has to do at some point. Do a search and many sites show up offering a conversion service. Some are free. But are they really free? This Insight looks at what you may get that you don’t expect and pay for the mistake for a long time. 

 

Free file converters may come with a high price


How to delete your 23andMe data

23andMe was a DNA testing company used by many to find ancestors, family connections and possible genetic weaknesses. The company just declared bankruptcy meaning all your information is up for sale. The new owner may not be bound by the privacy policy of 23andMe. This article explains how to delete your data. 

 

Delete your data to be safe


New Security Flaws Found in VMware Tools and CrushFTP — High Risk, No Workaround

A new vulnerability has been discovered in VMware tools and CrushFTP. It is rated 7.8 out of 10 meaning it is serious. The vulnerability allows attackers to perform high privilege operations that the compromised account should not have permission to do. 

 

Serious VMware Flaw


Critical 'IngressNightmare' Vulns Imperil Kubernetes Environments

Kubernetes is a popular opensource container manager for distributing software. A serious vulnerability allows attackers to execute code and take over the entire environment. 

 

Serious Kubernetes vulnerability


'Lucid' Phishing-as-a-Service Exploits Faults in iMessage, Android RCS

Many people believe their messaging services are secure. But cybercriminals have found ways to compromise iMessage and Android RCS. Be careful what you send. 

 

Apple and android messaging services compromised


What Is Your Auto-Malware Doing?

Anti-malware collects information about us to help keep us safe. But does it collect more information than is necessary for that role? And what does it do with it? This Insight looks at that and provides suggestions to be safer.  

 

 Anti-malware information collection


VexTrio Using 20,000 Hacked WordPress Sites in Traffic Redirect Scheme

WordPress is one of cyberattackers favorite targets. Now we hear of another attack that is using 20,000 WordPress sites to redirect traffic to compromised sites.  

 

WordPress Again


New 'Rules File Backdoor' Attack Lets Hackers Inject Malicious Code via AI Code Editors

Attackers have found a vulnerability in code editors that are AI powered. The vulnerability allows the attackers to insert code that performs malicious actions. 

 

 AI Code Editors Hacked


Mobile Jailbreaks Exponentially Increase Corporate Risk

Jailbreak means a user has removed or circumvented safety features of their phone. This is popular among people who want to do things that the phones attempt to prevent. New research shows the jailbroken devices are significantly more likely to be infected with malware. 

 

Jailbroken phones have high risk


Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility

Cisco is a major player in the network space. Attackers have found a way to use the Smart Licensing utility to stage attacks. These vulnerabilities are serious 9.78 on CVSS. Cisco has issued patches. Be sure to apply them.  

 

Serious Cisco Vulnerability

 


One Token To Rule Them All

A token provides access to a single system, application or site. This makes them desired by cybercriminals. Microsoft has issued their Primary Refresh Token that provides access to all the Microsoft services you have permission to use. One token and access to all. This makes them a big target of attackers. 

 

PRT - convenient but dangerous


XCSSET macOS malware variant targets Xcode projects of app developers

A new attack has been found that targets macOS developers using Xcode. Another example of an attack that doesn’t go after single users but a supply chain style attack in that if will infect any user of the app. 

 

Developers targeted


Volt Typhoon Strikes Massachusetts Power Utility

In disturbing news attackers were found in a Massachusetts power utility. As if that isn’t bad enough, they were there for over 300 days before being discovered. 

 

Over 300 days to be discovered


OBSCURE#BAT Malware Uses Fake CAPTCHA Pages to Deploy Rootkit r77 and Evade Detection

Another scam using fake Captcha pages. Be sure before you click. This one deploys a rootkit. Very dangerous and difficult to remove. 

 

Another fake Captcha scam


Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails

A phishing campaign looks to take advantage of people through bogus emails that appear to come from Booking.com. If you have ever booked on the site it won’t be a surprise to get an email. But don’t click anything!

 

Travel bookings phishing