Stay Safe from Silent Cyberattacks on IoT Devices
American university researchers uncovered a new cyberattack called Near-Ultrasound Inaudible Trojan (NUIT). It threatens devices with voice assistants, launching completely silent attacks. Fortunately, researchers exposed the vulnerability before threat actors could exploit it. The discovery is a warning to everyone to take the necessary precautions.
Protect Your Business from the Latest Emotet Phishing Scam Targeting Taxpayers
Scammers will use anything to target businesses, including tax forms. A new phishing campaign is spreading a malicious program disguised as documents from the IRS. With the tax season in full swing soon, business owners must take extra precautions to protect sensitive company data.
Firefox 111 Boosts Security, Fixes Bugs, and Adds New Features
Mozilla has released a new version of Firefox for Android, equipping it with a built-in PDF viewer. Firefox 111 also provides a more secure experience for users through its Total Cookie Protection feature. In addition, the upgrade addresses the security issues and unusual bugs in the last version.
How Cybercriminals are Exploiting the Silicon Valley Bank Shutdown
Recently, there was a rise in cybercrimes related to the closing of Silicon Valley Bank (SVB). Threat actors go after businesses and sometimes use them in their illegal activities.
SVB was the 16th largest bank in the U.S. The bank worked with tech giants like Buzzfeed, Roblox, and Roku. However, global inflation and a deposit run caused regulators to close the bank on Friday, March 10, 2023.
Hackers are using SVB-related content to manipulate people's emotions. Analysts are finding more phishing attacks connected to the SVB closure, and new threats appear daily.
Patched Microsoft Outlook Vulnerability
Microsoft recently fixed a serious security flaw in Outlook that scored a 9.8 on the Common Vulnerability Scoring System.
This flaw, CVE-2023-2339, is a zero-click vulnerability. It could let hackers steal sensitive information from user accounts and send malicious emails as if they were the user.
The CVE-2023-2339 flaw affects all supported Windows Outlook versions. However, Outlook on the web, Android, iOS, Mac, and Microsoft 365 services are unaffected.
SAP Releases Patches for Various Flaws
SAP, a leading business software company, recently released fixes for 19 bugs in its products.
Hackers could delete files, add code, or access sensitive data through some of these flaws. Four flaws have high severity, while 10 have a medium severity rating.
Slow File Transfer Windows 11 Solution
Microsoft has finally released a fix to address slow file transfer issues that plagued some Windows 11 users after an update. The slowdown has caused frustration for those who need to move large files or data quickly.
Bitwarden’s Iframe Flaw Explained
The purpose of password managers is to safeguard our login credentials and online accounts. However, a popular password manager recently made headlines for its major security flaw. Bitwarden is under scrutiny because its autofill feature gives hackers easy access to sensitive information. The company has known about the vulnerability for years but left the issue unaddressed.
If your company uses Bitwarden, here's everything you need to know about the issue. That way, you can take the necessary steps to secure your login credentials and other private data.
Everything to Know About Essendant’s Multi-Day Outage
Essendant, a Staples-owned wholesale distributor of office supplies and stationery, paused its operations recently because of a multi-day, network-wide outage. The system disruption has prevented customers from placing orders online or contacting the company’s customer care unit.
While Essendant has yet to disclose the reason behind the outage, many think someone had hacked into the company’s system. Customers are expressing their frustration over the company's lack of transparency.
Microsoft Patch Tuesday
Microsoft released on March 14, 2023, a security update that fixes at least 74 bugs in Windows and other software. Hackers are already attacking two flaws, including a very serious one in Microsoft Outlook.
AT&T Data Breach – 9 Million Affected
In a recent statement, telecommunications giant AT&T confirmed that a hack on a vendor it was working with exposed around 9 million accounts. AT&T said that the sensitive information was mainly about device upgrade eligibility.
The hacking happened in January 2023 using a weakness in the vendor's system. The hackers accessed customer data, such as their names, addresses, phone numbers, and account numbers.
Hiatus Malware Targets Business Routers
There is a new malware campaign targeting business-grade routers. It is called Hiatus, a complex operation that deploys the HiatusRAT malware. It is a kind of Remote Access Trojan (RAT) that cybercriminals use to gain remote control over a target system.
Hiatus is the first of its kind. Lumen's security experts say it has been around since July 2022 and is still active. It gives business owners another reason to tighten cybersecurity. To help you protect your organization, here's everything you need to know about the malicious campaign.
Cerebral Data Breach – 3.18 Million Affected
Cerebral, an online platform that offers mental health care services, recently suffered a data breach that may have affected up to 3.18 million users. According to its report, the breach was due to the company’s use of third-party pixel trackers.
Cerebral did not say the exact number of users affected. However, the company said it had taken steps to ease the breach’s impact.
Reduce the Risk of Business Email Compromise Attacks
Email threats have been around since the early 90s. But phishing techniques are much more sophisticated now than they were back then. One of the most successful and lucrative tactics is business email compromise (BEC). BEC scams have stolen over $43 billion from businesses worldwide between July 2019 and December 2021. Threat actors are making more money from it than ransomware.
It's not enough to have a simple email security solution in place. Business owners should do more to protect their companies from these malicious attacks. To help you, here's everything you should know about BEC scams and what you can do to safeguard your organization.
Hatch Bank Falls Victim to Data Breach
Hatch Bank confirmed a data breach that compromised its customers' personal data. The financial technology firm said hackers found a vulnerability in its internal file-transfer software. This allowed the hackers to access and steal around 140,000 customer names and social security numbers from Jan. 30-31, 2023.
Hatch is using Fortra's GoAnywhere file-transfer platform. Many other large businesses also use GoAnywhere to share sensitive files.
Chick-fil-A Confirms Credential Stuffing Attack
Credential stuffing is one of the many forms of cyberattacks on the rise. It's a low-risk, low-cost automated method. It uses bots to access username-password combinations from past data breaches. It then uses that information to exfiltrate data from a new target system. It relies on people's habit of reusing the same login credential across various sites.
Chick-fil-A is one of the most recent victims of a credential stuffing attack. That proves that even large companies aren't exempt from these malicious attempts. Here's everything you need to know about the incident so you can stay informed.
US Government: Royal Ransomware Targets Critical Infrastructure
The United States government is alerting organizations about the Royal ransomware operation. The Federal Bureau of Investigation (FBI) and the Cybersecurity & Infrastructure Security Agency (CISA) said in a joint advisory that the Royal ransomware gang poses an increasing threat to critical infrastructure of numerous sectors in the U.S.
The Royal ransomware group has been targeting different sectors across the country and abroad. Among its victims are health care, education, communications, and manufacturing organizations.
How to Protect Your Organization From Callback Phishing
Callback phishing scams are one of the worst cyberattacks you can encounter. It is devastating to experience on a personal level. But it is even more disastrous if it happens to your organization. To help you, here is a guide covering how callback phishing works and the steps you should take to address it.
Password Mask Attacks
Having a password for online accounts is not enough protection. Hackers and cybercriminals have found a way to crack passwords and hijack emails, bank accounts, social media pages, and other digital real estate. Through password mass attacks, cyber threat actors no longer have to spend a long time trying to guess your online credentials.
Microsoft Exchange Online Outage Blocks Access to Mailboxes Worldwide
Microsoft Corp. announced via Twitter on March 1 that a worldwide outage affected Exchange Online – its cloud-based email service.
According to the software giant in a series of tweets, Exchange Online users can't access their mailboxes. Users can't send or receive emails and got error messages.
The good news is that Microsoft resolved these technical issues in a few hours.