The highly respected security software vendor Malwarebytes, slipped up this time, classifying Google and YouTube as malware for short time: Malwarebytes mistakenly blocks Google, YouTube for malware (bleepingcomputer.com) I recently wrote about false positives and their possible impact on the cyber security stance of an organisation – if you did …
The ups and downs of ransomware software development
Threat actors are always changing their malware and tactics to evade the technical solutions the anti-virus and other security solution vendors distribute. So it is no surprise that malware gets patches and updates as well: Colonial Pipeline hackers add startling new capabilities to ransomware operation – The Record by Recorded …
Continue reading “The ups and downs of ransomware software development”
Credential stuffing attacks
This research by Okta highlights the issue of users recycling passwords: Okta: Credential stuffing accounts for 34% of all login attempts (bleepingcomputer.com) There were more login attempts by threat actors than legitimate ones! They were just trying out passwords to see if someone was stupid, (sorry if you do not …
Security updates for Mozilla and Microsoft Products
US Cybersecurity and Infrastructure Security Agency has issued advisories for various security updates: Microsoft Releases Out-of-Band Security Update for Microsoft Endpoint Configuration Manager | CISA Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird | CISA
If there is way for threat actors to abuse legitimate tools, of course they do it! No, it is not deja vu!
The headline equally applies to the abuse of LinkedIn Smart Links: LinkedIn Smart Links abused in evasive email phishing attacks (bleepingcomputer.com) This is a feature in the LinkedIn Sales Navigator and Enterprise versions and allows packages of documents to be sent out and the metrics for the documents can be …
