The End-User Password Mistakes Putting Your Organization at Risk
Businesses rely on their end-users, but those same users often don’t follow the best security practices. Without the right password security policies, a single end-user…
Category: Bleeping Computer
Latitude Financial data breach now impacts 14 million customers
Australian loan giant Latitude Financial Services (Latitude) is warning customers that its data breach is much more significant than initially stated, taking the number of…
Twitter takes down source code leaked online, hunts for downloaders
Twitter has taken down internal source code for its platform and tools that was leaked on GitHub for months. Now it’s using a subpoena to search…
New Microsoft Teams is twice as fast, available for all in June
Microsoft has unveiled a faster and redesigned version of its Microsoft Teams communication and collaboration software that has begun rolling out to Windows users today…
Apple fixes recently disclosed WebKit zero-day on older iPhones
Apple has released security updates to backport patches released last month, addressing an actively exploited zero-day bug for older iPhones and iPads. The vulnerability (CVE-2023-23529)…
Exchange Online to block emails from vulnerable on-prem servers
Microsoft is introducing a new Exchange Online security feature that will automatically start throttling and eventually block all emails sent from “persistently vulnerable Exchange servers” 90 days…
New IcedID variants shift from bank fraud to malware delivery
New IcedID variants have been found without the usual online banking fraud functionality and instead focus on installing further malware on compromised systems. According to Proofpoint,…
New MacStealer macOS malware steals passwords from iCloud Keychain
A new info-stealing malware named MacStealer is targeting Mac users, stealing their credentials stored in the iCloud KeyChain and web browsers, cryptocurrency wallets, and potentially sensitive…
Hackers earn $1,035,000 for 27 zero-days exploited at Pwn2Own Vancouver
Pwn2Own Vancouver 2023 has ended with contestants earning $1,035,000 and a Tesla Model 3 car for 27 zero-day (and several bug collisions) exploited between March…
Business email compromise tactics used to defraud U.S. vendors
The Federal Bureau of Investigation is warning companies in the U.S. of threat actors using tactics similar to business email compromise that allow less technical…
Emotet malware distributed as fake W-9 tax forms from the IRS
A new Emotet phishing campaign is targeting U.S. taxpayers by impersonating W-9 tax forms allegedly sent by the Internal Revenue Service and companies you work…
Russia’s Rostec allegedly can de-anonymize Telegram users
Russia’s Rostec has reportedly bought a platform that allows it to uncover the identities of anonymous Telegram users, likely to be used to tamp down…