Amazon refuses Microsoft 365 deployment

Amazon Refuses Microsoft 365 Deployment Over Lax Cybersecurity: A Wake-Up Call for the Industry

Avatar Image 60x60Amazon
Amazon publicly criticized Microsoft 365 for insufficient cybersecurity, delaying its internal deployment due to inadequate logging, authentication protocols, and overall security transparency. This bold move sparked debate, with some praising Amazon for raising cybersecurity standards and others suspecting a marketing ploy to promote Amazon Web Services (AWS). The incident highlights the disparity in cybersecurity leverage between large and small businesses and underscores the need for improved industry-wide security measures. Microsoft is reportedly addressing Amazon's concerns. The situation ultimately raises the bar for enterprise cybersecurity expectations. ... Read More
Google Calendar & Drawings to Bypass Email Security

Hackers Exploit Google Calendar & Drawings to Bypass Email Security

Avatar Image 60x60Cyber Security
Cybercriminals are exploiting Google Calendar and Google Drawings to launch sophisticated phishing attacks. These attacks involve manipulated email headers and links to malicious websites disguised within seemingly legitimate calendar invites and drawings. The attacks aim to steal sensitive data like credentials and payment information. Both individuals and organizations are advised to implement strong security measures, including multi-factor authentication and advanced email security solutions, to protect themselves. Google is also encouraging users to utilize its security features and recommends employing advanced security software. ... Read More
Rhode Island's RIBridges Data Breach

Deloitte Alerts Rhode Island to Significant Data Breach in RIBridges System

Avatar Image 60x60Cyber Security
A significant data breach affecting Rhode Island's RIBridges social services system, managed by Deloitte, exposed sensitive personal information including Social Security numbers and banking details. The breach, potentially linked to the hacking group Brain Cipher, prompted immediate system shutdown and investigations by state and federal authorities. Deloitte partnered with Experian to support affected individuals, and the incident highlights the urgent need for robust cybersecurity measures. The article also promotes Technijian's cybersecurity services as a preventative solution for similar future breaches. The impact includes personal data exposure, service interruptions, and erosion of public trust. ... Read More
Glutton Malware Exploits Popular PHP Frameworks

New Glutton Malware Exploits Popular PHP Frameworks Like Laravel and ThinkPHP

Avatar Image 60x60Cyber Security
Glutton, a newly discovered modular malware, exploits vulnerabilities in popular PHP frameworks like Laravel and ThinkPHP to steal data and deploy backdoors. Initially linked to the Winnti (APT41) group, its unusual lack of encryption and obfuscation raises questions about its true origin. The malware targets both legitimate systems and other cybercriminals, showcasing a unique "no honor among thieves" approach. Its capabilities include file manipulation, command execution, and data exfiltration, posing significant risks to organizations. Protecting against Glutton requires updating PHP frameworks, using strong passwords, and deploying advanced security solutions. ... Read More
Urgent Windows Zero Day Vulnerability: CVE 2024 49138

New Windows 0-Day Attack Strikes: Microsoft Warns Millions to Update Now

Avatar Image 60x60Cisco Catalyst
A critical zero-day vulnerability, CVE-2024-49138, affecting all versions of Windows from Server 2008 onwards, allows attackers to completely compromise systems. This heap-based buffer overflow in the Windows Common Log File System (CLFS) driver is actively being exploited, prompting Microsoft and CISA to issue urgent warnings. Microsoft has released a patch as part of its December 2024 updates, which users should install immediately to prevent ransomware attacks and data breaches. The article also highlights another serious vulnerability, CVE-2024-49112, affecting LDAP. Immediate action is crucial to protect against these threats. ... Read More