Security
Report: 84% of Fortune 500 companies scored a D or worse for their cybersecurity efforts
The increasing sophistication of cyberattacks, coupled with the expanding attack surface due to cloud adoption, remote work, and complex supply chains, has made robust cybersecurity risk assessment more critical than ever.
Read more about Report: 84% of Fortune 500 companies scored a D or worse for their cybersecurity efforts
Byte Federal’s bitter bite: thousands of crypto ATM users’ data exposed
Byte Federal, one of the largest bitcoin ATM operators in the US, has had tens of thousands of its customers exposed, revealing anything from phone numbers to selfies.
Read more about Byte Federal’s bitter bite: thousands of crypto ATM users’ data exposed
Researchers bypass Microsoft’s MFA by simply guessing possible 6-digit codes
Microsoft accounts, including Outlook, OneDrive, Teams, Azure Cloud, and more, had no rate limiting, and potential attackers could bypass the multifactor authentication just by guessing authenticator app codes. And what's even more worrying, according to the Oasis Security report, is that users weren’t provided with any notification or indication of trouble.
Read more about Researchers bypass Microsoft’s MFA by simply guessing possible 6-digit codes
Massive data leak might have exposed locations of millions of Muslims online
The Turkish app Quran Kuran has exposed over 3.6 million records of highly sensitive data that could have been used for unauthorized surveillance.
Read more about Massive data leak might have exposed locations of millions of Muslims online
Firefox ditches “Do Not Track” option after admitting that it didn’t work anyway
A once-promising beacon of online privacy, undermined by non-compliance and occasional misuse by websites, has reached its end. Starting in Firefox version 135 (current version is 133), the “Do Not Track” (DNT) checkbox will no longer exist.
Read more about Firefox ditches “Do Not Track” option after admitting that it didn’t work anyway
Chinese hacker part of espionage plot exploited 81,000 Sophos firewalls, DOJ says
A Chinese hacker indicted on Tuesday and the PRC-based cybersecurity company he worked for are both sanctioned by the US government for compromising “tens of thousands of firewalls” – some protecting US critical infrastructure, putting human lives at risk.
Read more about Chinese hacker part of espionage plot exploited 81,000 Sophos firewalls, DOJ says
Mexican fintech startup Kapital leaves client IDs and selfies leaking for months
Small business owners in Mexico should know that their financial partners might leak sensitive personal information. Researchers have discovered a huge exposed database containing voter IDs and selfies collected by the financial technology firm Kapital.
Read more about Mexican fintech startup Kapital leaves client IDs and selfies leaking for months
Researchers bypass iPhone security controls to access sensitive data
A serious security flaw in Apple iOS and macOS enables malicious apps to bypass security controls and secretly access personal information. Apple patched the issue in its September 16th releases of iOS 18 and macOS 15.
Read more about Researchers bypass iPhone security controls to access sensitive data
Cloudflare: 6.5% of global traffic, 4.3% of emails potentially malicious
In 2024, Cloudflare’s systems mitigated 6.5% of global internet traffic as being potentially malicious. The security firm also estimates that 4.3% of emails are malicious and most often include deceptive links and identity deception.
Read more about Cloudflare: 6.5% of global traffic, 4.3% of emails potentially malicious
Password reuse and the problems that come with it
2024 saw one of the biggest data leaks, exposing the login credentials of billions of users. This spells disaster for...
Read more about Password reuse and the problems that come with it
Russian hacktivists increasingly attacking US water and energy, researchers warn
Researchers have observed increasing threat activity from two Russian hacktivist groups attacking US energy and water sectors. In one incident, the hackers attacked a water treatment plant in Stanton, Texas, opening valves and releasing untreated water.
Read more about Russian hacktivists increasingly attacking US water and energy, researchers warn
Top tips and tricks to upgrade your OSINT skills
Having OSINT skills in a data-driven environment is vital and can help you navigate a world that tries to hide and obfuscate the truth.
Read more about Top tips and tricks to upgrade your OSINT skills
Windows zero-day: attackers can steal NTLM credentials with little user interaction
All Windows Workstation and Server versions from 7 to the latest 11 v24H2 and Server 2022 are affected by a zero-day vulnerability, researchers from 0patch warn.
Read more about Windows zero-day: attackers can steal NTLM credentials with little user interaction
UK-led operation dismantles huge Russian cybercrime network: 84 arrested, $25 million seized
An international operation dubbed “Destabilize” has disrupted illicit Russian money laundering and cash courier networks and an underground crypto exchange linked to ransomware, drugs, and espionage, the UK National Crime Agency (NCA) announced.
Read more about UK-led operation dismantles huge Russian cybercrime network: 84 arrested, $25 million seized
Russian FSB-linked hackers rely on other cybercriminals’ infrastructure, report finds
A hacking group linked to Russia's Federal Security Service (FSB) has been stealthily relying on the tools and infrastructure of at least six other threat actors for the past seven years, Microsoft Threat Intelligence (MTI) reports. The hackers have been sneaking into the systems of other cybercriminals to attack targets in Afghanistan and India.
Read more about Russian FSB-linked hackers rely on other cybercriminals’ infrastructure, report finds
Fourteen million telecom customers' phone numbers and locations exposed
Millions of Iraqis had their phone numbers and associated locations exposed after somebody left an open dataset containing user data allegedly from two major Middle Eastern telecommunication providers.
Read more about Fourteen million telecom customers' phone numbers and locations exposed
No one is safe from Pegasus: spyware detected on ordinary people’s phones
Self-scans reveal that Pegasus, an invasive and powerful spyware that can secretly control phones and track owners, might be more widespread than previously thought. It was discovered on the phones of everyday phone users.
Read more about No one is safe from Pegasus: spyware detected on ordinary people’s phones
Ransomware gang claims Deloitte UK
Brain Cipher, a ransomware gang that emerged in early June 2024, claims to have stolen 1TB of data from Deloitte UK. Deloitte says its systems haven't been impacted and is investigating the claims.
Read more about Ransomware gang claims Deloitte UK
FBI and CISA say to use encrypted messengers as Chinese hackers attack networks
The Chinese threat actor Salt Typhoon might still be lurking in US telecommunication networks, as attacks are “ongoing,” officials say. They recommend switching to encrypted communication methods.
Read more about FBI and CISA say to use encrypted messengers as Chinese hackers attack networks
Critical flaw in Zabbix monitoring tool: attackers can take over thousands of systems
Zabbix, a widely used IT infrastructure management and monitoring tool, recently patched a critical 9.9 out of 10 defect. The SQL injection vulnerability allows unprivileged users to gain complete control of vulnerable servers, and thousands of vulnerable systems are easily discoverable online.
Read more about Critical flaw in Zabbix monitoring tool: attackers can take over thousands of systems
