Cybersecurity Starts in the Boardroom
There is an active email phishing campaign infecting both home users and organisations. The malicious emails contain a .zip attachment. The payload is called IceXLoader and it primarily exfiltrates sensitive information from infected systems: Phishing drops IceXLoader malware on thousands of home, corporate devices (bleepingcomputer.com) The threat actors are not …
Continue reading “You should be on the lookout for this phishing campaign…”
Everyone needs policies and procedures that address the potential risk of business email compromise (BEC). That is when the threat actors through impersonation or compromised credentials get inside an email system and send malicious business instructions to your team pretending to senior people in your organisation or trusted partners. Here …
Just when it looked like the Emotet spamming/malware operation had stopped, there are widespread reports that it has restarted. Emotet botnet starts blasting malware again after 5 month break (bleepingcomputer.com) Infected Microsoft Office documents are Emotet’s favoured method of malware distribution. Once the email has slipped past your technical defences, …
Dropbox has admitted that 130 of its confidential private GitHub repositories were coped by a threat actor. Among the haul were secret APUI codes. They do reassure users that no user content, usernames or passwords were stolen. Well of course not. That is not the issue. Why bother stealing those …
Whilst I have been away CISA has continued issuing useful advice. It added a Google Chromium vulnerability to the Known Exploited Vulnerabilities Catalog. Google Chromium is an open–source browser project and is behind many widely used browsers including Google Chrome and Microsoft Edge. CISA Has Added One Known Exploited Vulnerability …
A report from SonicWall shows that the number of Ransomware has dropped over the past months – however this is not the good news it appears to be as they have only dropped from the record highs of 2020/2021 and are still way above levels previous to that. 2022 SonicWall …
Passwordlessness now extends to PayPal… …at least if you have an iPhone. PayPal ditches passwords, at least on Apple devices • The Register Ditching passwords is the best step in preventing the recycling of passwords by users and the subsequent credential stuffing attacks by threat actors. Find out in this …
Continue reading “What do you know about going passwordless? Find out here why you should do it.”
