Security News

LastPass says attackers got users' info and password vault dataThe information couldn't come at a worst time, as businesses are winding down their activities and employees and users are thick in the midst of last-minute preparations for end-of-year holidays. New Microsoft Exchange exploit chain lets ransomware attackers inRansomware-wielding attackers are using a new exploit chain that includes one of the ProxyNotShell vulnerabilities to achieve remote code execution on Microsoft Exchange servers.

Microsoft warned today that it will permanently turn off Exchange Online basic authentication starting early January 2023 to improve security. "Beginning in early January, we will send Message Center posts to affected tenants about 7 days before we make the configuration change to permanently disable Basic auth use for protocols in scope," The Exchange Team said on Tuesday.

Advertisers have responded by pioneering a new method for tracking users across the Web, known as user ID smuggling, which does not require third-party cookies. Researchers at UC San Diego have for the first time sought to quantify the frequency of UID smuggling in the wild, by developing a measurement tool called CrumbCruncher.

Uber has suffered a new data breach after a threat actor leaked employee email addresses, corporate reports, and IT asset information stolen from a third-party vendor in a cybersecurity incident. Early Saturday morning, a threat actor named 'UberLeaks' began leaking data allegedly stolen from Uber and Uber Eats on a hacking forum known for publishing data breaches.

As the holiday season approaches, online shopping and gift-giving are at the top of many people's to-do lists. But before you hit the "buy" button, it's important to remember that this time of...

Scammers have scammed their fellow cybercriminals out of more than $2.5 million on three dark web forums alone over the last 12 months, according to Sophos researchers. In a Black Hat Europe session, Sophos threat hunters detailed their investigation, which examined scams on two well-established Russian-language marketplaces, Exploit and XSS. They also looked at BreachForums, which launched in April 2022 after a Europol-led operation shut down the earlier version of the stolen-data souk, RaidForums.

Over 5.4 million Twitter user records containing non-public information stolen using an API vulnerability fixed in January have been shared for free on a hacker forum. Last July, a threat actor began selling the private information of over 5.4 million Twitter users on a hacking forum for $30,000.

The state-sponsored cyber programs of China, Russia, Iran, and North Korea continue to pose the greatest strategic cyber threat to Canada. From a government cybersecurity perspective, Canada has a robust framework and clear governance mechanisms to support the defense of government networks against cyber attacks.

E-commerce fraud is expected to cost merchants in excess of US$48 billion globally in 2023, up from over $41 billion in 2022 according to Juniper Research. It predicted that this growth will be accelerated by increasing use of alternative payment methods, such as digital wallets and BNPL, which are creating new fraud risks.

Recently, California passed the California Age-Appropriate Design Code Act, a bill designed to protect children online. Although the bill has presented notable concerns regarding privacy and other practical challenges, we've reached an inflection point where children roaming freely on the web should no longer be tolerated.