Security – Page 149 – PossibleThreat Articles

Credit to Author: Katie McCafferty| Date: Sat, 01 Oct 2022 04:21:00 +0000

MSTIC observed activity related to a single activity group in August 2022 that achieved initial access and compromised Exchange servers by chaining CVE-2022-41040 and CVE-2022-41082 in a small number of targeted attacks.

The post Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082 appeared first on Microsoft Security Blog.

Security Wired

Go Update iOS, Chrome, and HP Computers to Fix Serious Flaws

September 30, 2022 0 Comments Security, Security / Security Advice

Credit to Author: Kate O’Flaherty| Date: Fri, 30 Sep 2022 11:00:00 +0000

Plus: WhatsApp plugs holes that could be used for remote execution attacks, Microsoft patches a zero-day vulnerability, and more.

Security Wired

A Matrix Update Patches Serious End-to-End Encryption Flaws

September 30, 2022 0 Comments Security, Security / Cyberattacks and Hacks

Credit to Author: Dan Goodin, Ars Technica| Date: Thu, 29 Sep 2022 16:00:00 +0000

The messenger protocol had gained popularity for its robust security, but vulnerabilities allowed attackers to decrypt messages and impersonate users.

Microsoft Security

ZINC weaponizing open-source software

September 29, 2022 0 Comments cybersecurity, Microsoft, Microsoft security intelligence, nation-state actor, Security, Social engineering, zinc

Credit to Author: Katie McCafferty| Date: Thu, 29 Sep 2022 16:00:00 +0000

In recent months, Microsoft detected weaponization of legitimate open-source software by an actor the Microsoft Threat Intelligence Center (MSTIC) tracks as ZINC, targeting employees at media, defense and aerospace, and IT service provider organizations in the US, UK, India, and Russia.

The post ZINC weaponizing open-source software appeared first on Microsoft Security Blog.

Security Wired

Mystery Hackers Are ‘Hyperjacking’ Targets for Insidious Spying

September 29, 2022 0 Comments Security, Security / Cyberattacks and Hacks, Security / Security News

Credit to Author: Andy Greenberg| Date: Thu, 29 Sep 2022 13:00:00 +0000

For decades, security researchers warned about techniques for hijacking virtualization software. Now one group has put them into practice.

Security Wired

The Race to Find the Nord Stream Saboteurs

September 29, 2022 0 Comments Security, Security / National Security, Security / Security News

Credit to Author: Matt Burgess| Date: Wed, 28 Sep 2022 20:00:26 +0000

Damage to the pipeline that runs between Russia and Germany is being treated as deliberate. Finding out what happened may not be straightforward.

ComputerWorld Independent

16 Wall Street firms fined $1.8B for using private text apps, lying about it

September 28, 2022 0 Comments Financial Services Industry, Government, messaging apps, Security

The US Securities and Exchange Commission (SEC) has fined big-name banks and brokerages a collective $1.8 billion over workers’ use of private texting apps to discuss work and for not always saving those messages. The fines include $1.1 billion assessed by the SEC and a $710 million fine from the Commodity Futures Trading Commission (CFTC).

The SEC investigation uncovered what the agency called “pervasive off-channel communications,” that were collected by the firms themselves from employee devices. The employees included senior and junior investment bankers and debt and equity traders.

To read this article in full, please click here

ComputerWorld Independent

How Ukraine’s MacPaw got its business ready for war

September 28, 2022 0 Comments Apple, MacOS, Mobile, Security, small and medium business

Vira Tkachenko, CTO at Ukraine software developer MacPaw, spoke remotely to Apple admins at Jamf’s JNUC event. A real-world example of a woman in a leadership position in tech, she explained how her company planned for business continuity during the war in Ukraine.

It’s an excellent lesson in crisis management and planning for any business leader. Here are some of the insights shared during her session.

To read this article in full, please click here

Security Wired