Latest Microsoft Patch Fixes Dozens of Bugs
Even if you don’t consistently install Microsoft’s security patches as soon as they’re released, the September 2022 patch released this week deserves immediate attention. Dozens of bugs, flaws, and vulnerabilities were addressed in this iteration, including fixes for: *30 Remote Code Execution vulnerabilities 18 Elevation of Privilege vulnerabilities 16 Edge/Chromium vulnerabilities 7 Information Disclosure […]
New Phishing Service Is Targeting Banks
Hackers are increasingly adopting practices that legitimate business owners will immediately recognize. Recently, a new PhaaS (Phishing as a Service) operation has surfaced that specifically targets major banks. These banks include Bank of America, Wells Fargo, Citibank, Capital One, PNC, US Bank, Lloyds Bank, Santander, and the Commonwealth Bank of Australia. Snarkily named “Robin Banks,” […]
RDP Brute Force Attacks Blocked By Windows 11
A small but important feature was recently incorporated by the Windows 11 design team. A new Account Lockout Policy enabled by default has been added. This policy automatically locks user accounts (including Admin accounts) after ten failed sign-in attempts. The account remains in a locked state for ten minutes, requiring users to wait that amount […]
New Android Malware Disables WiFi To Attempt Toll Fraud
There’s a new threat to be aware of if you own an android device. Microsoft recently warned that their researchers had spotted a new toll fraud malware strain wreaking havoc in the Android ecosystem. Toll fraud is a form of billing fraud. It is a scheme whereby bad actors attempt to trick unsuspecting victims into […]
WordPress Plugin Leaves Sites Vulnerable
Researchers at Defiant authored the popular Wordfence security solution for WordPress users and they have detected a massive campaign that has seen hackers actively scanning for websites employing the Kaswara Modern WPBakery Page Builder plugin. The plugin was recently abandoned by the creative team behind it before receiving a patch for a critical security flaw. […]
Skimmers Are Stealing Credit Card Information From US Restaurants
If you eat out or are in the habit of ordering take-out on a regular basis, be aware. Recently, a large, well-organized web-skimming campaign has been uncovered that allowed hackers to swipe the payment card details for more than 300 restaurants, impacting more than 50,000 customers. Web-skimmers are sometimes called Magecart malware and they are […]
Large Scale Okta Phishing Campaign Targets Many Organizations
According to ongoing research by Group-IB, a massive phishing campaign is currently underway. This is a campaign that has impacted no less than 130 organizations across a broad range of industries. These include but are not limited to professional recruiting firms and companies connected to finance and technology. Some of the companies targeted include giants […]
Healthcare Data Breach Exposes 1.3 Million Patients
Do you make use of the “MyChart” portal to refill prescriptions, contact your healthcare providers or make appointments? If so, you should know that recently, the healthcare giant Novant disclosed a data breach that impacted more than 1.3 million patients. Impacted patients had their personal information collected by a Meta Pixel ad tracking script. Meta […]
LastPass Has Been Hacked
Using different passwords on every website and storing them in a secure password manager is a standard best practice in data security. It’s generally good advice, but what happens when the makers of password vaults get hacked? That’s what the more than twenty-five million users of LastPass are now finding out. LastPass is one of […]
New Tools Available With Kali Linux 2022.3
Do you have the Kali Linux distribution running on one of the machines you own? If you’re not sure what that is, then you almost certainly don’t. Kali is a Linux distro used mostly by “ethical hackers” who use it mainly to perform security audits, cybersecurity research, penetration testing and the like. Offensive Security has […]