July 9, 2024 at 12:59PM In May 2024, the City of Philadelphia disclosed a data breach affecting over 35,000 individuals’ personal and protected health information. The breach, which occurred between May and July 2023, exposed demographic, medical, and limited financial data. The City has notified affected individuals and is taking steps to improve security and … Read more
July 8, 2024 at 11:48AM A threat actor hacked into Ethereum Foundation’s account on a mailing list platform, using it to send phishing emails to over 35,794 addresses. The emails, appearing to be from a legitimate source, promoted a Lido scam and contained a link to a malicious site. The Foundation took immediate action to … Read more
June 28, 2024 at 02:04PM Microsoft’s corporate infrastructure hack by the Russian government continues to have far-reaching impact as it’s revealed that customers’ emails were also stolen by the Midnight Blizzard hackers. The company is notifying affected customers and providing a secure portal for them to review the compromised emails. The hacking group seems to … Read more
June 21, 2024 at 09:45AM Cybersecurity researchers have uncovered a new phishing campaign targeting people in Pakistan, utilizing military-themed documents to deploy a custom backdoor called PHANTOM#SPIKE. The unsophisticated campaign’s ZIP file, posing as meeting minutes for a legitimate event, contains a CHM file and an executable backdoor, enabling remote access and command execution. Based … Read more
June 20, 2024 at 01:31PM The need for enhanced email security is evident as cyber threats continue to rise in remote work environments. In 2023, Trend Micro discovered over 45 million high-risk email threats, emphasizing the insufficiency of native security in popular email services. Phishing incidents surged by 40%, with credential phishing and BEC attacks … Read more
June 20, 2024 at 12:45PM The text highlights the increasing risks associated with email threats in 2023, with a rise in phishing, malware attacks, and business email compromise (BEC) incidents. It emphasizes the limitations of built-in security for popular email services and recommends leveraging a SaaS-based platform like Cloud App Security for comprehensive visibility and … Read more
June 19, 2024 at 04:03AM Two security vulnerabilities in Mailcow, impacting versions prior to 2024-04, were disclosed by SonarSource. CVE-2024-30270 allows arbitrary code execution via path traversal, and CVE-2024-31204 enables cross-site scripting. Exploiting both could hijack admin sessions and execute arbitrary code. Mailcow users are urged to update to the latest version to mitigate these … Read more
June 17, 2024 at 03:56PM The Los Angeles County Department of Public Health suffered a phishing attack on Feb. 19-20, leading to the compromise of 53 employees’ credentials and personal information of over 200,000 people. After disabling affected email accounts, the department launched an investigation and notified law enforcement. Potentially accessed sensitive information includes medical … Read more
June 15, 2024 at 01:15PM Microsoft’s ‘Secure Future Initiative’ for Outlook personal email accounts includes deprecating basic authentication by September 16, 2024. It aims to enhance cybersecurity by phasing out unsafe practices and replacing them with modern authentication methods backed by multi-factor authentication. Deprecations include ‘Mail’ and ‘Calendar’ apps on Windows and Outlook Light, with … Read more
June 12, 2024 at 06:33PM A new phishing campaign uses HTML attachments to exploit the Windows search protocol, enabling remote servers to deliver malware via batch files. Attackers can manipulate the search window’s title and force searches on remote hosts. The technique was highlighted by Prof. Dr. Martin Johns in 2020 and is now used … Read more