“Inhospitality” malspam campaign targets hotel industry
Credit to Author: Andrew Brandt| Date: Tue, 19 Dec 2023 11:00:33 +0000
Social engineering drives password-stealing malware attack against the front desk
Read moreFCC wants cars to make life harder for stalkers
The FCC wants car makers and wireless providers to make it harder for stalkers to use your car against you.
Read moreJoomla! vulnerability is being actively exploited
A vulnerability in the popular Joomla! CMS has been added to CISA’s known exploited vulnerabilities catalog.
Read moreLuring with love, a network of pig butchering “mining” scams robbed millions from victims’ wallets
Credit to Author: gallagherseanm| Date: Mon, 18 Dec 2023 11:00:55 +0000
Three threat groups using the exact same scam kit stole from 90 victims, mostly during the period of June to August, using smart contracts to hijack wallets and transfer their contents without needing to bypass device security. To date, neary $3 million has been stolen by the coordinated groups.
Read moreAct now! Ivanti vulnerabilities are being actively exploited
Several international security agencies are echoing a warning by Ivanti about actively exploited vulnerabilities in its VPN solution.
Read moreFor Patch Tuesday, 48 updates, no zero-day flaws
Microsoft has eased us into the new new year with just 48 updates for the Windows, Office and .NET platforms. There were no zero-days for January, and no reports of publicly exposed vulnerabilities or exploited security issues.
Developers of complex, line-of-business applications might need to pay particular attention to how Microsoft has updated the Message Queue system. Printing has been patched and minor updates to bluetooth and Windows shell sub-systems (shortcuts and wallpaper) require some testing before deployment.
The team at Readiness has crafted a useful infographic that outlines the risks associated with each of the updates for this January release.
Security tips for Apple-using workers in co-working spaces
For Apple-using workers on the go, especially if you frequent shared co-working spaces or public places, don’t assume you’re as secure as you think you are.
Co-working spaces are particularly under threat, in part because criminals have already figured out that the people using them are good targets for data theft, ransomware, and more.
They’ve also realized that at least some of those working from such spaces might well be part of, or connected with, larger corporate entities — meaning a successful data heist could unlock the gates to greater and more profitable kingdoms. There are useful resources from government and industry aimed at helping workers lock down their devices and data. In the US, for instance, the National Institute of Standards and Technology has published a useful guide to explain some of the risks, while the US Office of Personnel Management offered up even more useful advice.
Info-stealers can steal cookies for permanent access to your Google account
Several info-stealers have incorporated an exploit that allows them to gain permanent access to your Google account
Read moreWill super chips disrupt the 'everything to the cloud' IT mentality?
Credit to Author: eschuman@thecontentfirm.com| Date: Wed, 10 Jan 2024 03:00:00 -0800
Enterprise IT for the last couple of years has grown disappointed in the economics — not to mention the cybersecurity and compliance impact — of corporate clouds. In general, with a few exceptions, enterprises have done little about it; most saw the scalability and efficiencies too seductive.
Might that change in 2024 and 2025?
Apple has begun talking about efforts to add higher-end compute capabilities to its chip, following similar efforts from Intel and NVIDIA. Although those new capabilities are aimed at enabling more large language model (LLM) capabilities on-device, anything that can deliver that level of data-crunching and analytics can also handle almost every other enterprise IT task.