Author: vCSO
-
Nigerian National Pleads Guilty of Conspiracy in BEC Operation
Henry Onyedikachi Echefu, a Nigerian national, pleaded guilty to conspiracy in a US court for his involvement in an elaborate business email compromise (BEC) scheme. Alongside co-conspirators, he gained unauthorized access to email accounts, tricking victims into wiring funds to drop accounts. Echefu faces a maximum 20-year sentence and must pay back $22,000.
-
Russian Hackers Stole Microsoft Code – and the Attack isn’t Over!
Microsoft recently disclosed that Russian hackers known as Nobelium have continued their attack on the company, accessing source code and internal systems. The group, responsible for the SolarWinds attack, has been leveraging exfiltrated email information to breach further into Microsoft’s systems. Despite the ongoing attack, there is no evidence of customer-facing systems being breached.
-
Hacked WordPress Sites Abusing Visitors’ Browsers for Distributed Brute-Force Attacks
Threat actors are conducting distributed brute-force attacks on WordPress sites by injecting malicious JavaScript, compromising innocent visitors’ browsers. This new tactic follows a wave of attacks using crypto drainers. The switch may be driven by profit motives, as compromised sites can be monetized. Security experts urge ongoing vigilance against evolving cyber threats.
-
Russia-Sponsored Cyberattackers Infiltrate Microsoft’s Code Base
Midnight Blizzard APT, a Russian state-sponsored advanced persistent threat group, has stolen Microsoft source code and is conducting a sustained cyber campaign. The group, also known as APT29, Cozy Bear, Nobelium, and UNC2452, is using stolen information to probe the company’s environment and may be preparing for future attacks. Microsoft noted a tenfold increase in…
-
Florida Middle Schoolers Arrested for Allegedly Creating Deepfake Nudes of Classmates
The repercussions of AI in the wrong or curious hands could escalate significantly!
-
VMware urges emergency action to blunt hypervisor flaws
Chinese researchers discovered critical vulnerabilities in VMware’s hypervisors, allowing malicious actors with local admin privileges to execute code outside the guest VM. The flaws pose a serious security risk, with workarounds impacting operational functionality. VMware has advised removal of virtual USB controllers and highlighted the severity of the vulnerabilities, thanking the researchers involved.
-
Criticality of the Cybersecurity Policy
In today’s digital landscape, cybersecurity policies are crucial for protecting an organization’s digital assets, sensitive information, and infrastructure from cyber threats. To ensure policy effectiveness, focus on establishing a strong tone at the top, outlining high-level expectations in simple terms, and clearly communicating the consequences of non-adherence. Additionally, the policy should reference security, privacy, and…
-
Apple’s new trend emphasizes user friendliness more!
iOS updates emphasize user-friendliness, but security and privacy may be de-emphasized. The new “NameDrop” in iOS 17.1 and “Journaling Suggestions” in iOS 17.2 default to potentially compromising settings. This could share private information with nearby users. Users may need to manually prioritize security over convenience.
-
Hackers Join In on Israel-Hamas War With Disruptive Cyberattacks
Several hacker groups have intensified cyberattacks amid the Israel-Hamas conflict, leading to disruptions and claims of compromise. Both state-sponsored actors and hacktivist groups have targeted infrastructure and organizations on both sides, using tactics such as DDoS attacks. Microsoft reported a Gaza-based threat group targeting Israeli organizations in defense, energy, and telecommunications sectors.
-
IP address X-posure now a feature on Musk’s social media platform
The audio and video calling features on X, originally for Premium users, have been expanded to all. However, concerns arise as the default setting exposes user IP addresses, making tracking and trolling easier. Encryption is unclear, and there’s no response on security measures from X. To protect privacy, it’s advised to disable these features.
You must be logged in to post a comment.