The Phishing-as-a-Service (PhaaS) platform called 'Greatness' has increased activity as it targets organizations using Microsoft 365 in the US, Canada, the UK, Australia, and South Africa. Many organizations use the Microsoft 365 cloud-based productivity…

Push protection, a security feature designed to automatically prevent the leakage of secrets to repositories, is now free for all public repository owners on GitHub. Previously, only private repositories with a GitHub Advanced Security license had access…

In a campaign that has been ongoing since October 2021, a China-aligned threat actor has targeted a gambling company in the Philippines. The cybersecurity company ESET is tracking the attacks against Southeast Asian gambling companies under the name…

Since 2017, hackers have been able to imitate legitimate Node Package Manager (npm) packages by removing the capital letters from their titles. According to Checkmarx, npm did not address this type of typosquatting for years, which could have resulted in…

Based on one of the mysteries of human perception known as synesthesia, a researcher at the Oak Ridge National Laboratory (ORNL) developed a new method to hide sensitive electric grid information from malicious actors in a cyberattack. This method…

New research from the School of Management at the University of Bath reveals that privacy and security features designed to give consumers greater control over the sharing of their data by smartphone apps are widely misunderstood. For example, 43 percent…

In order to make multi-factor authentication (MFA) less susceptible to social engineering attacks, Microsoft Authenticator will now require number matching for all push notifications. The use of MFA fatigue attacks by cybercriminals has proven effective…

According to a new report from the cybercrime analytics company SpyCloud, the amount of data breaches and exfiltrated data from Fortune 1000 companies on the dark web has increased by 7 percent year-over-year. As a result, organizations are at more risk…

Delinea's new survey of over 2,000 Information Technology (IT) security decision-makers reveals that only 39 percent of respondents believe their company's leadership has a solid grasp of cybersecurity's role as a business enabler. In addition, more than…

Adobe recently announced security updates for its Substance 3D Painter product to address more than a dozen vulnerabilities.  This is the only product for which the software giant released updates this Patch Tuesday.  Adobe stated that the 3D…

Federal entities at the forefront of policing cybercrime and ransomware in the US urge organizations to continue reporting cyber incidents to help fill data gaps. Recent executive actions call for a stricter approach to penalizing ransomware incidents.…

Southern California News Group reported that a $1.1 million payment was made to resolve a ransomware attack on a California county’s law enforcement computer network.  The San Bernardino County Sheriff’s Department announced in April that a “network…