External Key Manager and Key Access Justification are intended to give organizations greater visibility into requests for data access. Google Cloud today debuted new capabilities, External Key Manager and Key Access Justifications, to give customers greater visibility into who requests access to their information and the reasoning behind these requests. They also have the ability to approve or deny them. Source: Dark Reading
Read moreDetails
Admins and owners of WordPress websites are urged to immediately apply the Jetpack 7.9.1 critical security update to prevent potential attacks that could abuse a vulnerability that has existed since Jetpack 5.1. You can update your installation to the 7.9.1 version through your dashboard, or manually download the Jetpack 7.9.1 release here. Source: Bleeping Computer
Read moreDetails
The Microsoft Security Response Center (MSRC) warned customers of the threat behind ongoing DoppelPaymer ransomware attacks and reminded them about misleading info on how it spreads. "There is misleading information circulating about Microsoft Teams, along with references to RDP (BlueKeep), as ways in which this malware spreads," MSRC Director of Incident Response Simon Pope says. Source: Bleeping Computer
Read moreDetails
A hacker hijacked the Twitter account of Arron Banks, chairman of the pro-Brexit UK political campaign organization Leave.EU, and leaked his private message history online earlier this week. The BBC yesterday reported that the culprit had access to thousands of private messages that had been sent and received by Banks over several years. The Register further reported that the hacked Twitter account was used to spread links to a Mega.nz download page that hosted a dump of the messages....
Read moreDetails
An exposed database belonging to PayMyTab leaked PII on customers who dined at restaurants using the mobile payment system. An anonymous third party discovered the open AWS S3 bucket and brought it to the attention of researchers at vpnMonitor through Helen Foster, a partner at the Davis Wright Tremaine law firm in Washington. Source: SC Magazine
Read moreDetailsIt’s one thing for employees to receive a phishing email that is purposefully crafted or spoofed to look like a genuine online communication. But when happens when people receive an actual, legitimate email that accidentally looks like a phishing scam? Source: SC Magazine
Read moreDetails
Two critical security vulnerabilities discovered in Oracle's E-Business Suite (EBS) could allow potential attackers to take full control over a company's entire enterprise resource planning (ERP) solution. Source: Bleeping Computer
Read moreDetails
Cybercriminals attempted to install Cyborg ransomware on target machines by deceiving victims with a fraudulent Windows update. Install Latest Microsoft Windows Update now! Critical Microsoft Windows Update! These are the two subject lines of fraudulent emails disguised to appear as Windows Update notifications while containing malicious attachments to infect targets with Cyborg ransomware. While the threat is not effective, experts warn its public builder can be used to create variants. Source: Dark Reading
Read moreDetails
A new spam campaign pretending to be a 'Critical Microsoft Windows Update' has been discovered that attempts to deliver the Cyborg Ransomware, but turns out to be an utter failure. Source: Bleeping Computer
Read moreDetails
A vulnerability in the Google Camera Application left millions of Google and Samsung smartphones open to being potentially abused potentially letting a malicious actor to take photos, download images and video and listen in to phone calls. Source: SC Magazine
Read moreDetails