New Windows exploit lets you instantly become admin. Have you patched?

“Researchers have developed and published a proof-of-concept exploit for a recently patched Windows vulnerability that can allow access to an organization’s crown jewels—the Active Directory domain controllers that act as an all-powerful gatekeeper for all machines connected to a network.”

September 17, 2020

Why vishing is the new phishing and how to guard against it [Q&A]

“We’re all familiar with the menace of phishing but, particularly following the recent Twitter attack, other methods of stealing credentials have been on the rise. These include ‘smishing’ (phishing via SMS) and ‘vishing’ (phishing by voice call).”

September 12, 2020

The death of remote access VPN

“Remote Access VPN, also known as business VPN, is an important technology that has been around for decades. It allows remote workers to connect their devices to the company network over the public internet; thus allowing them to function as if they were inside the corporate network.”

September 10, 2020

Why You Should Stop Sending Photos On Apple iMessage

“Our smartphones leak our personal information—we all know this. There’s a multi-multi-billion-dollar marketing industry tracking where we go, who we visit and what we buy.”

September 7, 2020

Phishing scam uses Sharepoint and One Note to go after passwords

“Here’s a phishing email we received recently that ticks all the cybercriminal trick-to-click boxes. From BEC, through cloud storage to an innocent-sounding One Note document, right into harm’s way.”

September 4, 2020

Hackers Are Attempting to Cripple Cisco Networking Kit via New 0Day

“Hackers are actively trying to exploit several high-severity memory exhaustion weaknesses in Cisco software that runs carrier-class routers, the company has warned.”

September 3, 2020

Files by Google officially rolling out PIN-encrypted ‘Safe Folder’

“Back in June, we spotted Google’s Files app working on a password-protected “Safe Folder.” This feature is now rolling out in beta, while the company reports 150 million monthly users.”

September 2, 2020

Office 365 now opens attachments in a sandbox to prevent infections

“Microsoft today announced the launch of Application Guard for Office in public preview to protect enterprise users from threats using malicious attachments as an attack vector.”

August 31, 2020

Google Drive flaw may let attackers fool you into installing malware

“Google Drive may have a way for hackers to trick you into installing rogue code. System administrator A. Nikoci has told The Hacker News about a flaw in Drive’s “manage versions” feature that could let attackers swap a legitimate file with malware.”

August 25, 2020

Outlook “mail issues” phishing – don’t fall for this scam!

“Thanks to Michelle Farenci of the Sophos Security Team for her behind-the-scenes work on this article. Here’s a phish that our own security team received themselves.”