My TechDecisions

Search Results: malware

iPhone security bug, Apple, Kaspersky

Kaspersky Discovers New 0-Click iOS Exploit

Russia-based cybersecurity firm Kaspersky warns of new 0-click exploit targeting Apple iOS devices as Russia accuses NSA.

June 1, 2023 Zachary Comeau Leave a Comment

Cybersecurity firm Kaspersky says it is investigating “previously unknown” malware targeting the company’s own employee’s Apple iOS devices that can compromise devices via the iMessage service with an attachment without any user interaction. According to Kaspersky, the message triggers a vulnerability that leads to code execution, and the code within the exploit downloads several subsequent […]

Read More
spear phishing, Phishing bait alert concept on a smartphone screen

Barracuda: Half of Organizations Fell Victim to Spear Phishing in 2022

Barracuda report reveals the high success rate of spear-phishing attacks in 2022, despite their low-volume, but widespread nature.

May 30, 2023 Alyssa Borelli Leave a Comment

A recent Barracuda Networks Inc. (Barracuda) report shows that 50% of organizations were victims of spear-phishing in 2022 — and 24% had at least one email account compromised through account takeover. Cybercriminals continue to barrage organizations with targeted email attacks, and many companies are struggling to keep up, says the Campbell, Calif.-based cloud security solutions […]

Read More
China, Hacking, Microsoft, Routers, Volt Typhoon

Microsoft, NSA Warn of Stealthy China-Sponsored Hacking Group Volt Typhoon

Microsoft, U.S. agencies say Volt Typhoon is a China-based state-sponsored threat actor that is stealthily targeting critical infrastructure.

May 24, 2023 Zachary Comeau Leave a Comment

Microsoft is sounding the alarm on a group it calls Volt Typhoon, another state-sponsored hacking group based in China that is targeting critical infrastructure organizations and leveraging living-off-the-land techniques and proxying its network traffic through compromised network edge devices and routers to evade detection. Microsoft says Volt Typhoon is pursing development of capabilities that could […]

Read More
Business email compromise

Business Email Compromise is on the Rise

Business email compromise attacks are increasing in sophistication, allowing attackers to quietly take over email accounts, Microsoft says.

May 22, 2023 Zachary Comeau Leave a Comment

Business email compromise has emerged as a critical threat as threat actors shift their tactics and increase the sophistication of attacks designed to takeover business emails, including leveraging residential IP addresses to hide the attacks, Microsoft says in a new Cyber Signals report. The report, the fourth such edition of Microsoft’s cybersecurity research report, finds […]

Read More
MOVEit, ransomware, CVE-2023-34362,

BianLian Ransomware Group Skips Encryption and Goes Straight to Exfiltration

The BianLian group is a ransomware actor that is targeting organizations with a data extortion model, bypassing traditional encryption.

May 17, 2023 Zachary Comeau Leave a Comment

Cybersecurity officials the, FBI, Microsoft and Sophos are warning organizations to limit their use of some legitimate tools as they are being leveraged by the BianLian group, a ransomware group that has targeted organizations with a data extortion model, bypassing the need to encrypt victims’ data. According to a joint advisory from CISA, its Australian […]

Read More
Google, AI, Google Security AI Workbench

Google at RSA: AI, LLMs Meet Security with Security AI Workbench

Google is enhancing its security tools with Google Cloud Security AI Workbench, an extensible platform powered by a specialized security LLM.

April 27, 2023 Zachary Comeau Leave a Comment

Google is beefing up its security offerings by integrating new generative AI tools and large language models (LLMs) into its security product suite, including a new Google Cloud Security AI Workbench designed to address threat overload, tooling issues and talent shortages. According to the company, which announced the news during the annual RSA Conference, Google […]

Read More
3CX Hack Supply Chain attack compromise

‘Cascading Supply Chain Compromise’ Led to 3CX Compromise

The malicious activity that led to the supply chain attacks leveraging the 3CX desktop app was actually another supply chain compromise.

April 20, 2023 Zachary Comeau Leave a Comment

The compromise that led to the supply chain attack leveraging the 3CX desktop app was actually another supply chain compromise, according to cybersecurity forensics firm Mandiant. The Google-owned company published a blog detailing the supply chain compromise that affected the 3CX desktop app, which was allegedly perpetrated by a North Korean entity. However, the 3CX […]

Read More
Subdomain Hijacking, http domain concept background

One in Five DNS Records are Susceptible to Subdomain Hijacking

Subdomain hijacking is possible with insufficient cyber hygiene, says CSC; launches first subdomain monitoring solution.

April 18, 2023 TD Staff Leave a Comment

CSC, the enterprise domain name registrar and security threat intelligence providers’ latest report found that over 21% of DNS records point to content that does not resolve; thus, leaving many companies vulnerable to subdomain hijacking. Additionally, over 277,000 (63%) show error status codes such as “404 not found” or “502 bad gateway.” According to Wilmington, […]

Read More
Cybersecurity testing, penetration testing, cyber threats

Is Your Organization Testing Against the Right Cyber Threats?

New research shows that organizations are testing against cyber threats in the headlines rather than attacks they're more likely to face.

April 12, 2023 Zachary Comeau Leave a Comment

Ransomware, supply chain attacks and nation-state threat actors have grabbed mainstream headlines in recent years, and organizations are largely recognizing that they must invest more in cybersecurity to defend against those emerging techniques. However, new research shows that some organizations are prioritizing defending against those trending, newsworthy threats at the expense of the threats actually […]

Read More
Cloud, SASE, Aryaka

7 Strategies for Improving Your Business’s Security in the Cloud

Complexity of the cloud can make it difficult to protect data. Here are seven strategies to Improve your business’s security in the cloud.

April 11, 2023 Joseph Carson Leave a Comment

Editor’s note: This article was originally published on March 13, 2023 and has since been updated as of April 11, 2023.  Cloud computing offers numerous advantages, including flexibility, cost-effectiveness, scalability, rapid deployment and storage capacity. Still, there are inherent cybersecurity risks with cloud infrastructure, including data breaches and leaks, compromised credentials, and human errors that […]

Read More