0 Comments
*TW: Mentions Suicide Our passion for protecting people doesn’t stop with online safety. We deeply care for our people, their families and friends, and our communities. To recognize World Suicide Prevention on Sept. 10 and help normalize and encourage conversations about mental health year-round, we recently hosted a discussion with McAfee colleagues and suicide prevention
0 Comments
GitHub has put out an advisory detailing what may be an ongoing phishing campaign targeting its users to steal credentials and two-factor authentication (2FA) codes by impersonating the CircleCI DevOps platform. The Microsoft-owned code hosting service said it learned of the attack on September 16, 2022, adding the campaign impacted “many victim organizations.” The fraudulent
0 Comments
Threat actors deployed OAuth applications on compromised cloud tenants and then used them to control Exchange servers and spread spam. The news is the result of an investigation by Microsoft researchers. It revealed the threat actors launched credential–stuffing attacks (which use lists of compromised user credentials) against high–risk, unsecured administrator accounts that didn’t have multi–factor authentication (MFA)
0 Comments
American financial services giant Morgan Stanley agreed to pay the Securities and Exchange Commission (SEC) a $35m penalty on Tuesday over data security lapses. According to the SEC’s complaint, the firm would have allowed roughly 1000 unencrypted hard drives (HDDs) and about 8000 backup tapes from decommissioned data centers to be resold on auction sites without
0 Comments
If you recently found yourself looking for a new job, you are far from alone. According to the Institute of Labor Economics, more Canadians were seeking new employment opportunities at the height of the pandemic than during the previous three recessions combined. Job hunters only used to have to worry about the clarity of their cover letters and impressing interviewers. Now, however,
0 Comments
The UK’s National Cyber Security Centre (NCSC), part of GCHQ, has launched two pieces of guidance on September 21, 2022 to help organizations protect themselves and their customers online. The two guides, respectively called ‘Authentication methods: choosing the right type’ and ‘Removing malicious content to protect your brand,’ are specifically suited to companies with online
0 Comments
Threat actor Lapsus$ is now seemingly responsible for hacking gaming giant Rockstar Games after targeting mega-brands like Microsoft, Cisco, Samsung, Nvidia, Okta and probably Uber. An account operating name ‘teapotuberhacker’ posted on GTAForums around 90 videos of what appeared to be in-development footage of the upcoming Rockstar Games installment, Grand Theft Auto 6 – that
0 Comments
A threat cluster linked to the Russian nation-state actor tracked as Sandworm has continued its targeting of Ukraine with commodity malware by masquerading as telecom providers, new findings show. Recorded Future said it discovered new infrastructure belonging to UAC-0113 that mimics operators like Datagroup and EuroTransTelecom to deliver payloads such as Colibri loader and Warzone
0 Comments
Uber appears to have been breached again, after a threat actor reportedly accessed its email and cloud systems, code repositories, internal Slack account and HackerOne tickets. The ride-hailing giant released a terse message on Twitter yesterday saying it is “currently responding to a cybersecurity incident” and is in touch with law enforcement. Meanwhile, the alleged hacker
0 Comments
Hackers associated with North Korea are using trojanized versions of the PuTTY SSH open-source terminal emulator to install backdoors on victims’ devices. Discovered by Mandiant, the threat actor responsible for this campaign would be ‘UNC4034’ (also known as Temp.Hermit or Labyrinth Chollima). “Mandiant identified several overlaps between UNC4034 and threat clusters we suspect have a North
0 Comments
Have you ever said something you wish you could take back? Maybe it was a comment muttered in the heat of the moment that hurt someone’s feelings. Or maybe you just had a night out full of silly antics that you wouldn’t want your boss or grandma to see.   These are completely normal occurrences that
0 Comments
Cybersecurity agencies in the US, UK, Australia and Canada have warned that Iranian state-sponsored hackers are exploiting Log4j vulnerabilities in ransomware campaigns. An alert published this week said Tehran’s Islamic Revolutionary Guard Corps (IRGC) was behind multiple attacks exploiting VMware Horizon Log4j bugs on unprotected networks to enable disk encryption and data extortion. These include