Author Archives: Unknown

New Android Flaw Affecting Over 1 Billion Phones Let Attackers Hijack Apps

Remember Strandhogg? A security vulnerability affecting Android that malicious apps can exploit to masquerade as any other app installed on a targeted device to display fake interfaces to the users, tricking them into giving away sensitive information. Late last year, at the time of its public disclosure, researchers also confirmed that some attackers were already exploiting the flaw in the

Brazil’s Biggest Cosmetic Brand Natura Exposes Personal Details of Its Users

Brazil's biggest cosmetics company Natura accidentally left hundreds of gigabytes of its customers' personal and payment-related information publicly accessible online that could have been accessed by anyone without authentication. SafetyDetective researcher Anurag Sen last month discovered two unprotected Amazon-hosted servers—with 272GB and 1.3TB in size—belonging to Natura that consisted of

Researcher Spots New Malware Claimed to be ‘Tailored for Air‑Gapped Networks’

A cybersecurity researcher at ESET today published an analysis of a new piece of malware, a sample of which they spotted on the Virustotal malware scanning engine and believe the hacker behind it is likely interested in some high-value computers protected behind air‑gapped networks. Dubbed 'Ramsay,' the malware is still under development with two more variants (v2.a and v2.b) spotted in the

An Undisclosed Critical Vulnerability Affect vBulletin Forums — Patch Now

If you are running an online discussion forum based on vBulletin software, make sure it has been updated to install a newly issued security patch that fixes a critical vulnerability. Maintainers of the vBulletin project recently announced an important patch update but didn't reveal any information on the underlying security vulnerability, identified as CVE-2020-12720. Written in PHP

7 New Flaws Affect All Thunderbolt-equipped Computers Sold in the Last 9 Years

A cybersecurity researcher today uncovers a set of 7 new unpatchable hardware vulnerabilities that affect all desktops and laptops sold in the past 9 years with Thunderbolt, or Thunderbolt-compatible USB-C ports. Collectively dubbed 'ThunderSpy,' the vulnerabilities can be exploited in 9 realistic evil-maid attack scenarios, primarily to steal data or read/write all of the system memory of a

Targeted Phishing Attacks Successfully Hacked Top Executives At 150+ Companies

In the last few months, multiple groups of attackers successfully compromised corporate email accounts of at least 156 high-ranking officers at various firms based in Germany, the UK, Netherlands, Hong Kong, and Singapore. Dubbed 'PerSwaysion,' the newly spotted cyberattack campaign leveraged Microsoft file-sharing services—including Sway, SharePoint, and OneNote—to launch highly targeted

Critical Security Patches Released for Magento, Adobe Illustrator and Bridge

It's not 'Patch Tuesday,' but software giant Adobe today released emergency updates for three of its widely used products that patch dozens of newly discovered critical vulnerabilities. The list of affected software includes Adobe Illustrator, Adobe Bridge, and Magento e-commerce platform, containing a total of 35 vulnerabilities where each one of them is affected with multiple critical

A Trillion $ Cyber Security Question for Microsoft and CISOs Worldwide

Folks,

Today, to give a hint for the answer to this 1 question, I asked possibly the most important cyber security question in the world, one that directly impacts the foundational security of 1000s of organizations worldwide, and thus one that impacts the financial security of billions of people worldwide -


What's the World's Most Important Active Directory Security Capability?




Those who don't know why this is the world's most important cyber security question may want to connect one, two and three

I sincerely hope that someone (anyone) at Microsoft, or that some CISO (any ONE) out there, will answer this ONE question.

Best wishes,
Sanjay.