Security News
According to cloud security company Wiz, the inactive Microsoft account consumer signing key used to forge Azure Active Directory tokens to gain illicit access to Outlook Web Access and Outlook.com could also have allowed the adversary to forge access tokens for various types of Azure AD applications. Wiz's analysis fills in some of the blanks, with the company discovering that "All Azure personal account v2.0 applications depend on a list of 8 public keys, and all Azure multi-tenant v2.0 applications with Microsoft account enabled depend on a list of 7 public keys."
Learn how a malicious driver exploits a loophole in the Windows operating system to run at kernel level. Cisco Talos discovered a new Microsoft Windows policy loophole that allows a threat actor to sign malicious kernel-mode drivers executed by the operating system.
Findings in network intelligence firm Gigamon's Hybrid Cloud Security Survey report suggest there's a disconnect between perception and reality when it comes to vulnerabilities in the hybrid cloud: 94% of CISOs and other cybersecurity leaders said their tools give them total visibility of their assets and hybrid cloud infrastructure, yet 90% admitted to having been breached in the past 18 months, and over half fear attacks coming from dark corners of their web enterprises. Key to understanding hybrid cloud security Must-read security coverage Google offers certificate in cybersecurity, no dorm room required The top 6 enterprise VPN solutions to use in 2023 EY survey: Tech leaders to invest in AI, 5G, cybersecurity, big data, metaverse Electronic data retention policy.
A new report from Kaspersky reveals the top cyber threats for SMBs in 2023. The biggest cybersecurity threat to SMBs is the use of exploits by attackers; there were 483,980 detections in the five first months of 2023.
Network and IT admins have been dealing with ongoing Microsoft 365 issues this week, reporting that some end users cannot use Microsoft Outlook or other Microsoft 365 apps. The issues started Monday, with numerous admins contacting BleepingComputer to say that some of their users are experiencing disruptive issues in Microsoft Outlook, with the program not opening, freezing after opening, seeing delays in mail delivery, or errors saying there is no valid license associated with the user.
More details have emerged about the spyware implant that's delivered to iOS devices as part of a campaign called Operation Triangulation. The Russian cybersecurity company has codenamed the backdoor TriangleDB. "The implant is deployed after the attackers obtain root privileges on the target iOS device by exploiting a kernel vulnerability," Kaspersky researchers said in a new report published today.
A team of university researchers has devised a new side-channel attack named 'Freaky Leaky SMS,' which relies on the timing of SMS delivery reports to deduce a recipient's location. The researchers developed a machine learning algorithm that analyzes timing data in these SMS responses to find the recipient's location at an accuracy of up to 96% for locations across different countries and up to 86% for two locations in the same country.
The Russian threat actor known as Shuckworm has continued its cyber assault spree against Ukrainian entities in a bid to steal sensitive information from compromised environments. Targets of the recent intrusions, which began in February/March 2023, include security services, military, and government organizations, Symantec said in a new report shared with The Hacker News.
A survey of global cybersecurity leaders through the 2023 Certified CISO Hall of Fame Report commissioned by EC-Council identified 4 primary areas of grave concern: cloud security, data security, security governance, and lack of cybersecurity talent. EC-Council, the global leader in cybersecurity education and training, released its Certified Chief Information Security Officer Hall of Fame Report today, honoring the top 50 Certified CISOs globally.
Verizon Business today released the results of its 16th annual Data Breach Investigations Report, which analyzed 16,312 security incidents and 5,199 breaches. Chief among its findings is the soaring cost of ransomware - malicious software that encrypts an organization's data and extorts large sums of money to restore access.