Latest Microsoft Patch Fixes Dozens of Bugs

Even if you don’t consistently install Microsoft’s security patches as soon as they’re released, the September 2022 patch released this week deserves immediate attention. Dozens of bugs, flaws, and vulnerabilities were addressed in this iteration, including fixes for:   *30 Remote Code Execution vulnerabilities 18 Elevation of Privilege vulnerabilities 16 Edge/Chromium vulnerabilities 7 Information Disclosure vulnerabilities 7 Denial of Service …

RDP Brute Force Attacks Blocked By Windows 11

A small but important feature was recently incorporated by the Windows 11 design team.  A new Account Lockout Policy enabled by default has been added.  This policy automatically locks user accounts (including Admin accounts) after ten failed sign-in attempts. The account remains in a locked state for ten minutes, requiring users to wait that amount of time before they can …

New Android Malware Disables WiFi To Attempt Toll Fraud

There’s a new threat to be aware of if you own an android device.  Microsoft recently warned that their researchers had spotted a new toll fraud malware strain wreaking havoc in the Android ecosystem. Toll fraud is a form of billing fraud. It is a scheme whereby bad actors attempt to trick unsuspecting victims into either calling or sending an …

WordPress Plugin Leaves Sites Vulnerable

Researchers at Defiant authored the popular Wordfence security solution for WordPress users and they have detected a massive campaign that has seen hackers actively scanning for websites employing the Kaswara Modern WPBakery Page Builder plugin. The plugin was recently abandoned by the creative team behind it before receiving a patch for a critical security flaw. The flaw, tracked as CVE-2021-24284 …

Microsoft Releases PoC Code For MacOS App Sandbox Vulnerability

MacOS features a powerful sandbox restriction that helps keep modern Apple computers safe by limiting how code can run on the system. Unfortunately, no system is bullet proof. There’s a way that a determined attacker could bypass sandbox restrictions and execute malicious code arbitrarily.  Engineers at Microsoft discovered the vulnerability, and independent security researcher Arsenii Kostromin discovered it independently. Both …

IoT Security With Microsoft Defender

The Internet of Things (IoT) has seen explosive growth in recent years. If you like, you can now build your own smart home with intelligent toasters, washing machines, dishwashers, and refrigerators. They are all connected to your home network, and they all make vast amounts of data available to you at your fingertips. Unfortunately, security is slim to non-existent on …

Hackers Use VoIP Systems To Install PHP Web Shells

Security researchers at Unit 42, a division of Palo Alto Networks, have been tracking the efforts of a massive campaign aimed at Elastix VoIP telephony servers. They are used by companies of all shapes and sizes to unify their communications, and it is especially attractive because it can be used with the Digium phones module for FreePBX. So far, the …

Raspberry Robin Worm In Hundreds Of Windows Networks

Analysts at Red Canary Intelligence have recently spotted a Windows worm on hundreds of networks belonging to a wide range of organizations around the world. Dubbed “Raspberry Robin” by the research team that discovered it, this worm spreads via infected USB devices and was initially spotted in September of last year (2021).  Another firm, Sekoia, observed the worm even earlier, …

Business Email Compromise image

What Are The Dangers of Business Email Compromise?

What’s the most expensive cyberattack that businesses face today? If you said business email compromise (BEC) you’re right. The FBI IC3 2021 Internet Crime Report showed that BEC packed a powerful punch against U.S. businesses that year. BEC complainants to IC3 suffered $2,395,953,296 in losses in 2021, 28% higher than 2020’s record total of $1,866,642,107. These 10 facts about business …