Scammers Impersonating Refund Payment Portals

The FBI warns about scammers pretending to be refund payment gateways from financial institutions to steal sensitive information from unsuspecting victims. The federal law enforcement agency stated that scammers deceive victims into granting them access to their computers via email or phone calls by posing as representatives of technical or …

Twitter’s Data Leak Exposes Over 5.4 Million Users

Earlier this year, Twitter confirmed that an API vulnerability had caused a massive data leak containing non-public information for over 5.4 million Twitter users. Twitter denied claims that hackers had leaked the private information priorly. However, Pompompurin, the owner of the hacking forum Breached, stated they were responsible for exploiting …

Phishing-as-a-Service on the Rise with Caffeine

Threat actors may now launch their own sophisticated assaults thanks to the emergence of Phishing as a Service (PhaaS) platforms like “Caffeine.” Through an open registration procedure, anyone who wishes to launch their phishing campaign can sign up on these platforms. Security experts at Mandiant discovered the first sighting of …

Vice Society Claims Cincinnati State College Cyberattack

Data allegedly stolen from Cincinnati State Technical and Community College has been leaked after Vice Society attacked the campus. Many of the stolen documents were posted on the hackers’ websites. These documents date from several years ago until November 24, 2022, suggesting that threat actors still have access to the …

Hackers Execute Arbitrary Code with Microsoft Office

According to cybersecurity experts at Cisco Talos, Microsoft Office has a high-severity vulnerability that could allow prospective cyber attackers to execute malicious code on the target device remotely. Microsoft announced the issue in a brief blog post, stating that its researcher Marcin ‘Icewall’ Noga had identified a class attribute double-free …

Malicious SEO Campaign Affects Thousands of Sites

In a massive malicious SEO campaign, cybercriminals are promoting low-quality Q&A sites by redirecting visitors to fake discussion forums. As a result, almost 15,000 sites have been compromised. In September 2022, researchers at Sucuri discovered the attacks. Each compromised site was found to contain approximately 20,000 files that were utilized …

Phishing Kit Targets US Shoppers

Security experts at Akamai have discovered a campaign that uses an elaborate phishing kit. This campaign targets Americans using lures centered around holidays like Labor Day and Halloween. The kit combines several methods and employs several evasion detection techniques to prevent non-victims from visiting its phishing pages. One of the …

Lenovo Patches Critical Security Flaws

Lenovo reports that it has patched two critical security flaws that affected several of its ThinkBook, IdeaPad, and Yoga laptops. Lenovo is also recommending that consumers update their systems immediately. The flaws make it possible for cybercriminals to deactivate the UEFI Secure Boot tool, allowing them to load and run …

DuckDuckGo Releases App Tracking Protection Beta for Android

The feature is comparable to Apple’s ‘App Tracking Transparency. However, unlike Apple, DuckDuckGo’s method does not rely on app developers’ compliance with user choice. All known trackers are blocked. According to DuckDuckGo, Android users have an average of 35 applications installed on their smartphones, resulting in between 1,000 and 2,000 …

How To Develop Accountability In Remote Workers

Accountability can be a tricky thing when it comes to your remote employees.  It’s something that even seasoned managers struggle with. If that’s the boat you find yourself in, take notes!  In this article, we’ll outline some simple and effective ways you can foster and develop accountability in your remote …