Here’s How to Protect Your Organization The alarming increase in the use of a phishing-as-a-service (PhaaS) toolkit called EvilProxy to execute account takeover attacks on executives at prominent companies has become a significant cybersecurity concern. Between March and June 2023, Proofpoint has identified an ongoing hybrid campaign that has targeted thousands of Microsoft 365 user […]
Tag: ontario
Microsoft’s Update: A Comprehensive Response to 74 Vulnerabilities
Introduction In its most recent update, Microsoft has addressed 74 flaws across its software spectrum as part of the August 2023 Patch Tuesday. This number, although significant, shows a decrease from the 132 vulnerabilities that were patched in the previous month. Details of the Security Patch This latest security patch encompasses six critical and 67 […]
Microsoft Resolves Significant Power Platform Vulnerability Amid Delay and Controversy
Introduction: Microsoft publicly acknowledged on Friday that it has resolved a critical security flaw within Power Platform. The company faced notable criticism for the delayed response, shedding light on a critical challenge that emphasizes both the significance and complexity of cybersecurity in today’s environment. Section 1: The Vulnerability Microsoft disclosed that the Power Platform flaw […]
Unveiling Space Pirates’ Expanding Cyber Campaign in Russia and Serbia
In a startling revelation, the notorious threat actor known as Space Pirates has been exposed for orchestrating attacks against 16 organizations across Russia and Serbia over the past year. Armed with novel tactics and a growing cyber arsenal, these cybercriminals have expanded their interests and geographical reach, posing a significant threat to government agencies, educational […]
Windows 10 Security Checklist: CIS Benchmark Simplified
Ensuring the security of your Windows 10 system is a complex task, but an essential one to protect your data and maintain system integrity. The Center for Internet Security (CIS) offers comprehensive benchmarks to help you improve your cybersecurity posture. We’ve provided a simplified version of the Windows 10 CIS benchmark in this article, although […]
Major MikroTik RouterOS Flaw Puts Over Half a Million Devices at High Risk
CVE-2023-30799 MikroTik RouterOS Security Gap An acute privilege elevation vulnerability in MikroTik RouterOS exposes devices to potential remote hacking, allowing attackers to execute arbitrary code and gain total control over the compromised equipment. Labelled as CVE-2023-30799 (CVSS score: 9.1), this weakness is believed to place between 500,000 and 900,000 RouterOS systems at risk of being […]
US Companies to Disclose Cyber Attacks in 4 Days, As Per New SEC Regulations
The U.S. Securities and Exchange Commission (SEC) has put forth new regulations that obligate publicly listed companies to reveal cyber attack details within four days, if such attacks significantly impact their financial standing. This decision marks a significant transformation in the disclosure procedures of cyber breaches. SEC chair Gary Gensler stated, “Whether a company loses […]
Exploitation of Windows Search Feature by Hackers to Deploy Remote Access Trojans
As per cybersecurity analysts at Trellix, an authentic Windows search feature has become the latest tool in the hacker’s arsenal. Malicious actors are exploiting this feature to download arbitrary payloads from remote servers and compromise targeted systems with remote access trojans, specifically AsyncRAT and Remcos RAT. The unique attack technique misuses the “search-ms:” URI protocol […]
Massive Data Breach: Over 400 Organizations Hit by CLOP Ransomware’s MOVEit Exploitation
CVE-2023-34362 The Russian cybercriminal group known as ‘Clop’ leveraged a weakness in the MOVEit product suite by Progress Software in late May, leading to extensive data theft from unguarded networks. As per the German cybersecurity research enterprise, KonBriefing, the MOVEit security breach has affected a staggering 421 organizations and over 22 million individuals to date. […]
Zimbra Issues Alert About Actively Exploited Critical Vulnerability in Email Software
CVE-2023-34192 Zimbra, the email software provider, has raised an alert about a severe zero-day vulnerability in its software that’s currently being exploited in real-world attacks. The company has identified a security flaw in the Zimbra Collaboration Suite Version 8.8.15 that could potentially compromise the privacy and integrity of users’ data, according to its advisory. While […]