Microsoft Teams Vulnerability Discovered

Microsoft Teams is a part of the 365 product family and is used by more than 270 million people for exchanging text messages, videoconferencing, and file storage. In August of 2022, the team at Vectra Protect discovered a post-exploitation vulnerability in the plaintext storage disk used by Microsoft Teams while conducting research for a client. This vulnerability gives malicious actors, …

Lenovo Issues Important Update

Lenovo issued a security notice informing customers of multiple serious BIOS vulnerabilities affecting hundreds of Lenovo devices across various models (Desktop, All in One, IdeaCentre, Legion, ThinkCentre, ThinkPad, ThinkAgile, ThinkStation, ThinkSystem). Exploiting the vulnerabilities might result in the disclosure of sensitive information, an increase in privileges, a denial of service, and possibly even the execution of arbitrary code in some …

Uber Hacked Again

An unknown hacker, who claims to be eighteen years old, acquired administrative access to Uber’s corporate network and proprietary internal tools on Thursday, September 15, 2022. On September 15, 2022, at 6:25 pm PT, Uber issued a statement on Twitter that it was “responding to a cybersecurity incident.” An attacker gained access to the account of an Uber EXT contractor. …

Google Leaving IoT Services

Tech giant Google recently announced that it’s closing the doors on its IoT Core service.  Their stated reason for doing so was that their strategic partners can better manage customers’ IoT services and devices. Time will tell if the company’s decision was a good one. Another tech giant, Microsoft, is wasting no time and is moving heavily in the opposite …

Cyber Security Best Practices For Businesses

Smaller companies often struggle to develop and invest in robust IT security systems, which can leave them relatively more vulnerable to cyber attacks. If that’s the situation you’re in and you’re trying to decide what to invest in and where to use the money that you have to spend on IT security, here’s a quick overview of the basics you …

Latest Microsoft Patch Fixes Dozens of Bugs

Even if you don’t consistently install Microsoft’s security patches as soon as they’re released, the September 2022 patch released this week deserves immediate attention. Dozens of bugs, flaws, and vulnerabilities were addressed in this iteration, including fixes for:   *30 Remote Code Execution vulnerabilities 18 Elevation of Privilege vulnerabilities 16 Edge/Chromium vulnerabilities 7 Information Disclosure vulnerabilities 7 Denial of Service …

New Phishing Service Is Targeting Banks

Hackers are increasingly adopting practices that legitimate business owners will immediately recognize. Recently, a new PhaaS (Phishing as a Service) operation has surfaced that specifically targets major banks. These banks include Bank of America, Wells Fargo, Citibank, Capital One, PNC, US Bank, Lloyds Bank, Santander, and the Commonwealth Bank of Australia. Snarkily named “Robin Banks,” the service also offers templates …

RDP Brute Force Attacks Blocked By Windows 11

A small but important feature was recently incorporated by the Windows 11 design team.  A new Account Lockout Policy enabled by default has been added.  This policy automatically locks user accounts (including Admin accounts) after ten failed sign-in attempts. The account remains in a locked state for ten minutes, requiring users to wait that amount of time before they can …

New Android Malware Disables WiFi To Attempt Toll Fraud

There’s a new threat to be aware of if you own an android device.  Microsoft recently warned that their researchers had spotted a new toll fraud malware strain wreaking havoc in the Android ecosystem. Toll fraud is a form of billing fraud. It is a scheme whereby bad actors attempt to trick unsuspecting victims into either calling or sending an …