The loud pleas made by the cybersecurity industry, along with the repeated examples of what happens when login credentials are reused, seemingly have fallen on deaf ears as Microsoft found more than 44 million repeated passwords just for its Azure AD and Microsoft Services Accounts. According to a newly published Microsoft Security Intelligence Report, the…
The Fort Worth, Texas Water Department is notifying about 3,000 customers that their payment information may have been exposed during a data breach. The utility reported that payments made between August 27, 2019 and October 23, 2019 were included in the breach and the content exposed included cardholder’s name, credit card billing address, credit card…
One day after news broke that data center provider CyrusOne was reportedly hit with a combination ransomware/data breach involving the REvil (aka Sodinokibi) ransomware the company issued a statement confirming the incident. Initially, CyrusOne did not release any details, but ZDNet reported the attack took place on December 4. A screenshot of the ransom note…
Today, most companies know cybersecurity diligence is an essential part of doing business. Yet, it may still be a bit of a surprise how extensively cybersecurity has evolved to become an elemental business component that grows revenue and opens doors for market expansion. From contracts and financing to mergers and acquisitions, an organization’s information security…
Mozilla issued patches for Firefox 71 and Firefox ESR 68.3 fixing 11 high- and moderate-rated vulnerabilities. The majority of the patches were shared between Firefox 71 and ESR 68.3 with Firefox 71 receiving an additional three fixes. The most severe of the shared patches are: CVE-2019-17008 is a use-after-free in worker destruction issue that if…
Looking at the rapidly evolving role of CISOs and their teams, many organizations have yet to optimize their approach to cybersecurity to a place where it’s not just a preventative business function but assumes a wider role in business success, be that customer acquisition, retention or any number of other critical factors. It’s an approach…
There is a vulnerability in specific Microsoft OAuth 2.0 applications that could let an attacker gain access and control of a victim’s Azure account. The flaw was found by Cyberark researchers who noticed that many white-listed OAuth applications, at least 54, automatically trust domains and sub-domains that are not registered by Microsoft so anyone can…
Facebook ads are being targeted by a new trojan which could allow a malicious actor to access not only regular advertisements but the growing number of political spots being posted to the social media giant. The trojan, called Socelars, is distributed through a fake PDF editing app named PDFreader attempts to mine data from Facebook…
The North American Electric Reliability Corporation (NERC) recently posted a document confirming a cyber event that occurred on a western U.S. electrical grid in spring 2019, marking the first cyberattack on an American grid and, more importantly, striking a chord among operators. The case, which is ironically labeled a “lesson” by NERC, is a glaring…
A new remote access trojan whose name reminds one of a fairytale and not the potential nightmare it could bring to its victim has been disclosed by Cylance. PyXie Python RAT has been flitting about since 2018 helping deliver ransomware and other malware to the healthcare and education industries. The RAT has been tracked being…
