Security News

Get 15 hours of basic cybersecurity education online for just $29 We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships. Whether you're interested in protecting your own digital life or you might want to pursue a new career in cybersecurity, check out the Dynamic 2022 Data & IT Security Training Bundle.

Pre-pandemic, most online fraud was committed by individuals or small groups and were straightforward attempts to access individual's data or business accounts or were applicant-level identity fraud. It's rarely one-and-done with fraud rings as they thrive like any other business by creating repeatable solutions and seeking out ideal "Customers." Once a fraud ring identifies a weakness in a technology, outdated legacy fraud detection stacks, or poor process and procedures in place, they'll continue to commit fraud until the vulnerability is closed.

The US government is pushing federal agencies and private corporations to adopt the Modern Authentication method in Exchange Online before Microsoft starts shutting down Basic Authentication from the first day of October. "Federal agencies should determine their use of Basic Auth and migrate users and applications to Modern Auth," CISA wrote.

CISA has urged government agencies and private sector organizations using Microsoft's Exchange cloud email platform to expedite the switch from Basic Authentication legacy authentication methods without multifactor authentication support to Modern Authentication alternatives. Basic Auth is an HTTP-based auth scheme used by apps to send credentials in plain text to servers, endpoints, or online services.

Gen Zers might seem like digital pros but, they often aren't armed with enough resources to keep themselves safe online. The FBI reported that, in 2020 alone, there were 23,200 internet crime complaints filed by victims under 20 years old, which resulted in a $71 million loss for their families.

Over 900,000 misconfigured Kubernetes clusters were found exposed on the Internet to potentially malicious scans, some even vulnerable to data-exposing cyberattacks. Researchers at Cyble have conducted an exercise to locate exposed Kubernetes instances across the itnernet, using similar scanning tools and search queries to those employed by malicious actors.

An ongoing outage affects multiple Microsoft 365 services, with customers worldwide reporting delays, sign-in failures, and issues accessing their accounts. The affected services include the Exchange Online hosted email platform for businesses and the Microsoft Teams communication platform, as well as SharePoint Online, the Graph API, and Universal Print.

A researcher has discovered how to use your installed Google Chrome extensions to generate a fingerprint of your device that can be used to track you online. Yesterday, web developer 'z0ccc' shared a new fingerprinting method called 'Extension Fingerprints' that can generate a tracking hash based on a browser's installed Google Chrome extensions.

An ambitious project spearheaded by the World Economic Forum is working to develop a map of the cybercrime ecosystem using open source information. Instead of only looking at highly technical indicators of compromise, the researchers are also relying on publicly available sources of information: social media accounts, which can reveal who in the criminal world is "Friends" with whom, as well as public information including indictments and other court documents as well as published blogs and analysis of various crime rings.

Two two American gun shops, Rainier Arms and Numrich Gun Parts, that operate e-commerce sites have disclosed data breaches resulting from card skimmer infections on their sites. Credit card skimmers are malicious JavaScript code either embedded on the sites or fetched from a remote resource by a seemingly innocuous element, such as a favicon.