Shadow IT is taking on new dimensions as Software as a Service or cloud-based applications gain in popularity. But with the benefits of SaaS come increased risks for the enterprise. This Insight looks at the growth of Shadow IT and the associated risks.
A serious vulnerability rated at 9.2 out of 10 is currently being exploited in Citrix NetScaler ADC. It allows attackers to gain access to the entire network when the device is configured as a gateway. Very dangerous! Patch as soon as possible.
Researchers found many bugs in printer systems. Brother is the one with the most bugs by far. Some are patchable and at least one very serious bug is not patchable. What will be done remains to be seen.
Microsoft Exchange servers are a popular target of cyberattackers and they have been hit again. Keyloggers that record all keystrokes infected the servers to steal credentials.
SIM (Subscriber Identity Module) swap is a technique where a cybercriminal convinces a mobile carrier to transfer an existing mobile number to a new SIM in a new device. That new SIM and device then get all the calls and texts intended for the original owner. It can be very difficult to convince a carrier that you are the real owner and to transfer the number back to you.
Think you can spot fake information and not click on bad links? Most people believe they can. But experience shows most people can’t identify fake information. Cybercriminals are using AI to make things even harder to detect. Fake information is a powerful force in phishing.
Two factor authentication is intended to make things safer than a password alone. However, the TFA codes sent by SMS, also called text messages, are not very safe. Over a million were captured.
Social Media has now topped television and other news sources as the most popular source of news. This obviously affects many companies that advertise on TV. But more worrisome is how easy it is to create fake SM accounts for people and bots and how successful they are at influencing public opinion, even by with completely false information.
Some of Google’s cloud servers were knocked out last weekend affecting their own customers. Google attributed the downed services to new features which were not tested thoroughly before being released.
GitHub is a repository used by countless developers for tools and common code. Attackers have launched a complex attack corrupting repositories and offering free pen testing tools to get developers to download the infected files. The corrupt files deliver malware giving attackers the ability to do data exfiltration, remote access, and long-term persistence on the compromised systems.