Security Stop-Press : Multi-Factor Authentication Limitations Highlighted
It has been reported that although Multi-factor Authentication (MFA) has long been a standard security practice for guarding against account takeovers, it does nevertheless have limitations. For example, as highlighted by The Hacker News, MFA solutions don’t offer protection to remote command line access tools like PsExec, Remote PowerShel. This means that even though a […]
Security Stop Press : Most Zero-Day Exploitations Are Espionage
A recent analysis by Google’s Threat Analysis Group (TAG) and Google Cloud’s Mandiant has suggested that government-backed threat actors are more likely to be behind most exploitations of zero-day vulnerabilities than money-motivated cyber criminals. In the report outlining the findings of the analysis, of the 58 zero-days in 2023 that could be attributed to the […]
Security-Stop-Press : Most Consumers Will Ditch Brands Hit By Ransomware
Research from Object First has revealed that 75 per cent of consumers would ditch a company known to hit by a ransomware attack in favour of a safer competitor. The research results emphasise how seriously today’s consumers take their data protection. The message to businesses is to prioritise cyber security and data protection measures such […]
Security Stop-Press : Millions At Risk From Malicious Browser Extensions
A new report from Kaspersky says that millions of people may be at risk from adware hiding in browser extensions, and from malware, adware, and riskware disguised as browser extensions. The advice is to protect devices from malicious browser plugins by only downloading them from trusted sources, and to always check reviews and ratings.
Security Stop Press : Microsoft’s RSA Key Policy Change
Microsoft is making a security-focused policy change that will see RSA keys with lengths shorter than 2048 bits deprecated. RSA keys are algorithms used for secure data encryption and decryption in digital communications, i.e. to encrypt data for secure communications over an enterprise network. However, with RSA encryption keys becoming vulnerable to advancing cryptographic techniques […]
Security Stop Press : Microsoft Reports 600 Million Daily Identity Attacks
Microsoft has revealed it tracks over 600 million identity attacks per day, as cybercriminals refine their tactics and work together more closely. In its ‘Digital Defense Report 2024’, Microsoft highlighted that identity-based attacks have surged due to the widespread shift to cloud services. The report noted that Microsoft Entra blocked 7,000 password attacks per second […]
Security-Stop-Press : Microsoft Office Users Warned About Word Malware Scam
Cybersecurity expert, Kevin Beaumont, has warned Microsoft Office users about a scam that uses a hole in a Microsoft Word. The scam, dubbed “Follina”, involves cybercriminals leveraging a Windows utility called msdt.exe to cause victims to download a malware-loaded Word file. The malware could allow attackers to run arbitrary code, install programs, change or delete […]
Security Stop Press : Microsoft Disrupts Major Cybercrime Gateway Service
Microsoft’s Digital Crimes Unit has reported disrupting the activities of major cybercrime-as-a-service provider Storm-1152. Microsoft says Storm-1152 has created for sale approximately 750 million fraudulent Microsoft accounts, earning the group millions of dollars in illicit revenue, and costing Microsoft and other companies even more to combat their criminal activity. Fraudulent online accounts of the type […]
Security Stop Press : Microsoft Disrupts 240 Phishing Sites Amid Surge in AiTM Attacks
Microsoft’s Digital Crimes Unit (DCU) has reported dismantling 240 fraudulent websites linked to an Egypt-based cybercrime group, thereby disrupting a key operation within the expanding “Phishing-as-a-Service” (PhaaS) industry. Central to the threat is the rapid rise of “Adversary-in-The-Middle” (AiTM) phishing attacks, which allow attackers to intercept and manipulate communications, bypassing multifactor authentication (MFA) protections. Microsoft’s […]
Security Stop-Press : Microsoft Customer Data Found On Public Server
Researchers at cyber security company SOCRadar have reported finding sensitive data belonging to thousands of Microsoft customers on a on a misconfigured public server. The researchers have reported that the data includes over 335,000 emails, 133,000 projects, and that 548,000 exposed users and could be the most significant B2B data leak in the recent […]