Security Stop Press : Privacy Concerns Over Apple’s Photo Analysis
Apple is under fire for enabling its Enhanced Visual Search feature by default on iOS 18.1 and macOS 15.1 devices, analysing users’ photos for landmarks without prior notice or consent. The feature uses local machine learning to identify landmarks in photos, encrypts the data, and sends it to Apple’s servers for matching against a global […]
Security Stop Press : Potential ‘DeleFriend’ Security Flaw Found in Google Workspace
Researchers from cyber security firm Hunters have reported finding a Google Workspace design flaw that could allow attackers to steal emails from Gmail, data from Google Drive, and carry out other unauthorised actions within Google Workspace APIs on all of the identities in a target domain. The design flaw (a fact reportedly disputed by Google), […]
Security Stop-Press : Plex Warns Users To Reset Password After Suspected Hack
Home media streaming service Plex has warned users to reset their passwords following a suspected hack that could affect up to up to half of its 30 million users. Plex has apologised and said that it has discovered how the threat actor accessed the system and is tightening security to prevent future incidents. This story […]
Security Stop-Press : Phishing Threat In Microsoft Customer Feedback Tool
Avanan researchers have warned that threat actors could send a phishing email through Microsoft’s Dynamics 365 Customer Voice CRM tool. This could be done by disguising it as an important voicemail from the customer where the “Play Voicemail” button redirects the victims to a phishing landing page. The advice to users is to look carefully […]
Security Stop-Press : Phishing-as-a-Service Warning
Cisco Talos researcher, Tiago Pereira, has warned of the dangers of a new phishing-as-a-service (PaaS) tool called “Greatness.” The Greatness tool has been designed to compromise Microsoft 365 users and can make phishing pages especially convincing and effective against businesses. Greatness incorporates many advanced features including multi-factor authentication (MFA) bypass, IP filtering and integration with […]
Security Stop-Press : PayPal Data Breach
PayPal has confirmed that nearly 35,000 users may have been affected following a data breach between December 6 and December 8, 2022. The suspected ‘credential stuffing’ attack may have meant that details like users’ names, addresses, Social Security numbers, tax ID numbers, and/or dates of birth may have been viewed but there is no current […]
Security Stop-Press: Parking Scam Alert
A rise in parking scams is catching out UK drivers, with criminals using fake fines, phishing texts and QR codes to steal money and personal data. Cyber security experts report that scammers are leaving fake tickets on windscreens with QR codes linking to fraudulent payment sites. Others are sending texts claiming a fine is owed, […]
Security Stop-Press : Office Open XML Signatures Have Security Flaws
Researchers from Ruhr University Bochum in Germany have reported that the Office Open XML (OOXML) Signatures, an Ecma/ISO standard used in Microsoft Office applications and open source OnlyOffice, have security flaws that could allow attackers to modify the content in signed documents, while the signatures are still displayed as valid. The researchers have informed Microsoft […]
Security Stop-Press : New Trend : Multiple Ransomware Gangs Attacking Victims In Short Space Of Time
A security company task force Sophos X-Ops has reported to Black Hat USA 2022 in Las Vegas that ransomware gangs are competing for resources, leading to a trend of victims being attacked by multiple gangs over a short space of time. It even suggested that collaboration between ransomware gangs is possible. The advice to businesses […]
Security Stop Press : New Phishing Campaign Targeting Teams
Microsoft has warned of a new phishing campaign from the “financially motivated” Storm-0324 threat actor which uses an open-source tool to send phishing lures through Microsoft Teams chats. The goal is accessing corporate networks and enabling follow-on attacks like ransomware, i.e. handing off access to compromised networks to other threat actors. The campaign leverages the […]