Microsoft paid Tenable a bug bounty for an Azure flaw it says doesn’t need a fix, just better documentation

June 5, 2024 at 02:48AM A vulnerability in Microsoft’s Azure cloud allows potential access to other users’ private web resources. The issue stems from Service Tags, potentially allowing cross-tenant attacks. Despite Microsoft’s initial refusal to classify it as a vulnerability, it confirmed the flaw and offered a bug bounty. Subsequently, Microsoft decided to address the … Read more

Cybercrooks get cozy with BoxedApp to dodge detection

June 4, 2024 at 08:09AM Malware creators are increasingly using legitimate packer apps like BoxedApp to evade detection, with a surge in usage over the past year. This has been observed especially in remote access trojans and ransomware. BoxedApp offers features that make it harder for security systems to detect malware, resulting in a high … Read more

How Attackers Can Own a Business Without Touching the Endpoint

April 19, 2024 at 07:48AM Attackers are increasingly targeting cloud apps and identities without requiring access to traditional networks. With the shift to SaaS adoption, interconnectedness and complexity of digital identities are vulnerable. Security controls for cloud identities are limited, leading to a rise in attacks. Techniques like AiTM phishing, IM phishing, SAMLjacking, Oktajacking, and … Read more

Chrome Enterprise gets Premium security but you have to pay for it

April 10, 2024 at 03:56PM Google has launched Chrome Enterprise Premium, an enhanced browser for organizations that offers extended security controls for a monthly fee per user. This upgrade from Chrome Enterprise Core provides increased threat and data protection, control options, and reporting capabilities. Users report significant and immediate benefits in improved security and risk … Read more

Chrome Enterprise Premium promises extra security – for a fee

April 10, 2024 at 02:31AM Google has introduced Chrome Enterprise Premium, targeting corporate users with AI-enhanced security features for $6 monthly per user. Gartner’s prediction about browsers becoming an enterprise platform by 2030 is becoming a reality, prompting a reevaluation of browser monetization. Chrome already offers strong security, but the Premium version provides additional AI-driven … Read more

Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites

March 18, 2024 at 08:45AM A new malware campaign using bogus Google Sites and HTML smuggling to distribute the AZORult malware for information theft has been discovered by cybersecurity researchers. The campaign employs stealthy tactics to bypass security controls, with findings revealing similar techniques used in recent phishing campaigns to disseminate other malware like Agent … Read more

Shadow AI – Should I be Worried?

March 14, 2024 at 07:57AM Since November 2022, the use of Generative AI has surged, with around 12,000 AI tools available for over 16,000 job tasks. Many employees are using these tools without employer approval, raising concerns about data protection and compliance. Security issues include privacy policies, prompt injection, and account takeover risks. Educating users … Read more

NSA’s Zero-Trust Guidelines Focus on Segmentation

March 8, 2024 at 08:07AM The NSA released guidelines for zero-trust network security, aiming to bridge the gap between desire and implementation. As businesses increasingly adopt zero trust in the cloud era, the approach to network security is evolving. The document emphasizes network segmentation as a fundamental practice and recommends a methodical approach in implementation … Read more

Seeing is Believing… and Securing

February 13, 2024 at 07:39AM Fitch Ratings reports a 178% increase in cyber insurance premium costs from 2017 to 2022, with a 51% rise in 2022. As insurers adjust pricing and clients bolster cybersecurity measures, costs are expected to stabilize. Lloyd’s of London and Munich Re emphasize the need for stronger security measures, outlining twelve … Read more

Leaky DICOM Medical Standard Exposes Millions of Patient Records

November 10, 2023 at 01:12PM Researchers have discovered that around 60 million personal and medical records may have been exposed due to the use of a legacy protocol in medical equipment. The researchers found that many users of the protocol do not implement security controls, leading to data leakage. The protocol does have security measures, … Read more