Threats & Vulnerabilities
Covers ransomware, phishing, malware trends, zero-day exploits.
-
Preventing QR Code Phishing Attacks in Small Businesses
QR codes have become a staple in small businesses. From quick payments to instant access to menus and promotions, they offer speed and convenience. However, with increased adoption comes a growing threat: QR code phishing, also known as quishing. Cybercriminals exploit QR codes to trick customers into sharing sensitive data or downloading malware.
-
Sophos Firewall Vulnerabilities: Critical Fixes You Shouldn’t Ignore
Sophos has rolled out hotfixes to fix three serious security flaws in its firewall products. These vulnerabilities could let attackers execute remote code and gain privileged system access under specific conditions. While there’s no sign of active exploitation, the risks are too significant to overlook.
-
HubPhish Targets European Businesses Using HubSpot Tools
Cybersecurity experts have uncovered a phishing campaign, dubbed HubPhish, that has targeted over 20,000 users in Europe. The attackers aim to steal login credentials and infiltrate Microsoft Azure cloud systems. This operation focused on industries like automotive, chemical, and industrial manufacturing.
-
Attackers Use Microsoft Teams and AnyDesk to Spread DarkGate Malware
Attackers are exploiting Microsoft Teams and AnyDesk in a new social engineering campaign to deploy DarkGate malware. This attack highlights how easily cybercriminals can manipulate users through remote access tools and impersonation tactics.
-
Bitsight Uncovers Proxy Service Powered by the Socks5Systemz Botnet
According to a recent report from Bitsight, a malicious botnet called Socks5Systemz is fueling a proxy service known as PROXY.AM. This proxy software adds anonymity layers to criminal activities on public networks. Attackers can execute malicious actions using connections from infected machines or unrelated users, hiding the true source of their attacks.
-
Vulnerability in iOS and macOS Allowed Bypassing TCC Privacy Protections
Apple recently patched a security flaw in iOS and macOS that could bypass the Transparency, Consent, and Control (TCC) mechanism. TCC is designed to safeguard user privacy by controlling app access to sensitive data like location, contacts, microphone, and camera. If exploited, the flaw would allow attackers unauthorized access to this data without user awareness.
-
Common WhatsApp Scams and How to Avoid Them
With over 2 billion users, WhatsApp attracts scammers looking for easy targets. These scams use clever tricks to steal money, data, or even control your account. Here are the most common WhatsApp scams and how you can protect yourself.
-
AuthQuake: How Attackers Bypassed Microsoft’s MFA with Ease
Cybersecurity researchers have discovered a critical flaw in Microsoft’s multi-factor authentication (MFA) system. The vulnerability, called AuthQuake, allowed attackers to bypass MFA protections and access accounts without much effort.
