Written by Catalin Cimpanu for Zero Day – December 1st, 2020 FBI: "The web-based client's forwarding rules often do not sync with the desktop client, limiting the rules' visibility to cyber security administrators." The US Federal Bureau of Investigation says that cyber-criminals are increasingly relying on email forwarding rules in order to disguise their presence inside hacked ...
Written by lonut Ilascu on November 27th, 2020 A rather complex phishing scheme for stealing Office 365 credentials from small and medium-sized businesses in the U.S. and Australia combines cloud services from Oracle and Amazon into its infrastructure. The campaign has been active for more than half a year and uses a network of legitimate websites that ...
Written for Krebs on Security – November 20th, 2020 An increasing number of websites are asking visitors to approve “notifications,” browser modifications that periodically display messages on the user’s mobile or desktop device. In many cases these notifications are benign, but several dodgy firms are paying site owners to install their notification scripts and then selling ...
Written by Jim Hansen – November 20th, 2020 The sudden and massive shift to a remote work policy across the Department of Defense and the contracting community has created a perfect storm of cyber challenges needing to be addressed. Keenly aware of this, threat actors are taking advantage. A few months into the COVID-19 crisis, the Pentagon ...
At the present time, the Cybersecurity Maturity Model Certification (CMMC) is fast gaining steam in the defense industry. A previous whitepaper has explored the CMMC in much more detail, but essentially, this is where any defense contractors and any subcontractors must be certified at a certain level before the Department of Defense (DoD) will allow ...
Written by Deeba Ahmed – HackRead – November 16th, 2020 Microsoft wants users to opt for securer technologies citing multi-factor authentication (MFA) as the “least secure” method available nowadays. Microsoft’s identity security director, Alex Weinert, wrote in a blog post that the time has come to ditch SMS and voice multi-factor authentication (MFA) tools in favor of ...
Ransomware is a threat variant that has existed for quite some time. It is actually a sophisticated form of malware, and in these types of attacks, the victim’s device gets hijacked. The screen becomes locked, and all of the files become encrypted with some unknown algorithm. The only way that the victim can recover them ...
Written by Kelly Sheridan – November 16th, 2020 The analysis of an industrial ransomware attack reveals common tactics and proactive steps that businesses can take to avoid similar incidents. While no two organizations are the same, they can learn from one another's mistakes. A step-by step analysis of a ransomware investigation can prove fruitful in helping organizations ...
Written by Catalin Cimpanu for Zero Day – November 13th, 2020 Microsoft says it detected three state-sponsored hacking operations (also known as APTs) that have launched cyber-attacks on at least seven prominent companies involved in COVID-19 vaccines research and treatments. Microsoft traced the attacks back to one threat actor in Russia and two North Korean hacking groups. Known ...
For the most part, we all have our own individual email-based mailboxes, whether it is personal or for business use. Typically, nobody else can access them, unless of course we give out our username and password (which would not be a good thing to do!). But there are times, when it is necessary to create ...
