Catching up with US Cybersecurity and Infrastructure Security Agency latest advisories

Whilst I have been away CISA has continued issuing useful advice. It added a Google Chromium vulnerability to the Known Exploited Vulnerabilities Catalog. Google Chromium is an open–source browser project and is behind many widely used browsers including Google Chrome and Microsoft Edge. CISA Has Added One Known Exploited Vulnerability …

Hacking is not just data theft and ransomware – it can be reputation damage. Some advice about your WordPress website and your reputation.

wordpress

Fast Company an American magazine was hacked and abusive articles added to its news feeds, resulting in this material getting a wider audience through syndication on the Apple News app. The Apple News channel was quickly disabled and Fast Company took its site down pending a fix but the damage was …

Mass spamming starts with no MFA and credential stuffing

Microsoft has been monitoring and seeing an increase in attacks using malicious OAuth applications, installed on compromise cloud servers that then facilitate mass spamming from Exchange Online servers. Malicious OAuth applications abuse cloud email services to spread spam – Microsoft Security Blog The attack started with the threat actor launching …