Recent Security News
-
5 Ways to Reduce SaaS Security Risks
January 3, 2024 at 06:18AM As technology adoption becomes more employee-driven and from any location or device, IT and security teams face challenges in managing the expanding SaaS attack surface. CrowdStrike’s report indicates that compromised identities are a leading cause of breaches. Nudge Security offers solutions including real-time SaaS discovery and monitoring, managing OAuth risks,…
-
SMTP Smuggling: New Flaw Lets Attackers Bypass Security and Spoof Emails
January 3, 2024 at 06:18AM A new exploitation technique called SMTP smuggling allows threat actors to send malicious emails with fake sender addresses, bypassing security measures. The method exploits vulnerabilities in messaging servers from Microsoft, GMX, and Cisco, impacting SMTP implementations from Postfix and Sendmail. Cisco users are advised to change settings to avoid receiving…
-
Attackers Abuse Google OAuth Endpoint to Hijack User Sessions
January 3, 2024 at 06:08AM Prisma uncovered a critical exploit within an undocumented Google OAuth endpoint, enabling attackers to hijack user sessions and maintain continuous unauthorized access to Google services. The exploit has been integrated into various malware and has continued to evolve, posing a significant threat. CloudSEK has emphasized the need for enhanced cybersecurity…
-
Formal ban on ransomware payments? Asking orgs nicely to not cough up ain’t working
January 3, 2024 at 03:37AM Emsisoft advocates for a total ban on ransom payments following a surge in ransomware attacks on US organizations, costing nearly $1.5 million each on average to rectify. It pointed to record-breaking attacks in 2023, including those on hospitals, schools, and government bodies. The report also highlights concerns about the need…
-
DOJ Slams XCast with $10 Million Fine Over Massive Illegal Robocall Operation
January 3, 2024 at 03:12AM The U.S. Department of Justice settled with VoIP provider XCast for illegal telemarketing campaigns. The agreement requires compliance measures and a $10 million penalty, suspended due to financial inability. XCast must sever ties with non-compliant firms. FTC also banned Response Tree for illegal robocalls and deceptive website practices, selling consumer…