Attackers used malicious “verified” OAuth apps to infiltrate organizations’ O365 email accounts
Malicious third-party OAuth apps with an evident “Publisher identity verified” badge have been used by unknown attackers to target organizations in the UK and Ireland, Microsoft has shared. The attacks were first spotted by Proofpoint res.....»»
Here’s how to protect against iPhone password reset attacks
One of the latest attacks on iPhone sees malicious parties abuse the Apple ID password reset system to inundate users with iOS prompts to take over their accounts. Here’s how you can protect against iPhone password reset attacks (often called “MF.....»»
Zero-day exploitation surged in 2023, Google finds
2023 saw attackers increasingly focusing on the discovery and exploitation of zero-day vulnerabilities in third-party libraries (libvpx, ImagelO) and drivers (Mali GPU, Qualcomm Adreno GPU), as they can affect multiple products and effectively offer.....»»
Ubuntu will manually review Snap Store after crypto wallet scams
Former Canonical employee calls out the "Safe" label applied to Snap apps. Enlarge / One thing you can say about this crypto wallet: You can't confuse it for any other. (credit: Getty Images) The Snap Store, where contai.....»»
PyPI halted new users and projects while it fended off supply-chain attack
Automation is making attacks on open source code repositories harder to fight. Enlarge / Supply-chain attacks, like the latest PyPI discovery, insert malicious code into seemingly functional software packages used by developers......»»
For struggling organizations, fostering social connections can help recruit and retain scarce volunteers
At a time when America needs volunteers more than ever, to tackle social problems from homelessness to disaster recovery, fewer people have been volunteering......»»
Snowflake Data Clean Rooms helps organizations preserve the privacy of their data
Snowflake introduced Snowflake Data Clean Rooms to customers in AWS East, AWS West, and Azure West, revolutionizing how enterprises of all sizes can securely share data and collaborate in a privacy-preserving manner to achieve high value business out.....»»
NHS Scotland confirms ransomware attackers leaked patients’ data
NHS Dumfries and Galloway (part of NHS Scotland) has confirmed that a “recognised ransomware group” was able to “access a significant amount of data including patient and staff-identifiable information,” and has published R.....»»
Beware of fake CleanMyMac installers that will infect your Mac
Cybersecurity experts recently uncovered a sophisticated scheme where attackers disguise malware as CleanMyMac to steal Mac users' data.MacPaw team finds malware disguised as CleanMyMacMacPaw, the creator of CleanMyMac and other utilities, has a cybe.....»»
Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955)
The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-24955 – a code injection vulnerability that allows authenticated attackers to execute code remotely on a vulnerable Microsoft SharePoint Server – to its KEV ca.....»»
AI weaponization becomes a hot topic on underground forums
The majority of cyberattacks against organizations are perpetrated via social engineering of employees, and criminals are using new methods including AI to supercharge their techniques, according to ReliaQuest. Some 71% of all attacks trick employees.....»»
How CISOs tackle business payment fraud
In this Help Net Security video, Shai Gabay, CEO of Trustmi, discusses why payments are a source of cyber worry for CISOs. CISOs are worried about Business Email Compromise (BEC), cyber attackers’ use of AI, and securing the supply chain. These.....»»
Thousands of Asus routers taken over by malware to form new proxy service
Outdated Asus routers are being assimilated into a malicious botnet used by hackers to hide their traces.....»»
Attackers leverage weaponized iMessages, new phishing-as-a-service platform
Scammers are leveraging the Darcula phishing-as-a-service platform, iMessages and Google Messages to great effect. The platform allows them to impersonate a variety of brands based in over 100 different countries: postal services, public and private.....»»
AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022)
Attackers are leveraging a vulnerability (CVE-2023-48022) in Anyscale’s Ray AI software to compromise enterprise servers and saddle them with cryptominers and reverse shells. “To our knowledge, the attack started 7 months ago,” Avi.....»»
Android 15 will block the installation of super old apps
In Android 15, it seems that Google will block users from installing apps that was built for Android Marshmallow. The post Android 15 will block the installation of super old apps appeared first on Phandroid. One of the reasons why compani.....»»
Bedrock Security protects sensitive data within one unified platform
Bedrock Security unveiled its data security platform. Empowering organizations to manage data risk introduced by cloud and generative AI, Bedrock continuously discovers, manages, and protects sensitive data. The platform is powered by data AI Reasoni.....»»
Canva acquires Affinity apps in multi-million dollar deal to compete with Adobe
The Affinity suite of apps, which includes Affinity Photo, Designer, and Publisher, has become known as an excellent alternative to the Adobe Creative Cloud suite. But there’s a lot going on behind the scenes, as Serif – the company behind the Af.....»»
Manila confronts its plastic problem through a community-guided protocol
Governments and international organizations have touted the circular economy, in which materials and products stay in circulation for as long as possible, as an antidote to our global plastic problem. (The equivalent of 2,000 garbage trucks of plasti.....»»
Vercara UltraAPI offers protection against malicious bots and fraudulent activity
Vercara has launched UltraAPI, a product suite that protects APIs and web applications from malicious bots and fraudulent activity while ensuring regulatory compliance. Powered by Cequence Security UltraAPI helps organizations protect applications an.....»»
Kids face social media app ban in Florida; teens will need parental permission
Floridian kids aged 13 or younger face a social media app ban in Florida, while those aged 14 to 16 will only be allowed to use the apps with parental permission. Opponents argue that the new law, known as HB 3, will do more harm than good, puttin.....»»