A bug recently discovered in the implementation of Azure Active Directory (AD) enables single-factor brute-forcing of a user's AD credentials. An attacker can have unlimited attempts at guessing a user's username and password as these attempts are not…

Security and privacy experts at Carnegie Mellon University (CMU) created an educational program called picoCTF, which is aimed at bringing more people into the cybersecurity field. The picoCTF team hosted a workshop at this year's conference for Women in…

Researchers at Cloudmark have discovered a new Android malware called TangleBot.  According to the researchers, the newly discovered mobile malware is spreading via SMS messaging in the U.S. and Canada, using lures about COVID-19 boosters and…

The remote code execution vulnerability, tracked as CVE-2021-22005 and contained by VMware's vCenter Server, is being targeted by malicious actors. Security researchers have seen different actors running mass scans for vulnerable instances. According to…

New research by Cyentia Institute and RiskRecon explores how a multi-party data breach affects many organizations. The study delved into 897 multi-party breaches that involved three or more interrelated companies. According to the study, 897 multi-party…

A new study conducted by cybersecurity researchers at Florida Tech found that the smartphone companion applications of 16 popular smart home devices have critical cryptographic flaws. The exploitation of these flaws allows attackers to intercept and…

Google’s Threat Analysis Group found that threat actors have recently used a new trick of code signing to avoid detection on Windows systems and have notified Microsoft of their findings. OpenSUpdater operations had used legitimate code-signing…

In an effort to strengthen security for Microsoft users, the company is now rolling out a way to access Microsoft accounts such as Microsoft 365, Teams, Outlook, OneDrive, and Family Safety without passwords. The feature is available after linking users…

Cyber criminals are flocking to the GENESIS marketplace, a one-stop shop for login credentials, cookies, device fingerprints, website vulnerabilities and other sensitive data on Hackers’ wish list. The invite-only market has become an important tool for…

An alert has been issued by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) over Conti ransomware.  In the warning, posted on September 22, the agencies observed the increased use of Conti in…

Guardicore security researchers have discovered a severe design bug in Microsoft Exchange’s autodiscover.  This protocol lets users easily configure applications such as Microsoft Outlook with just email addresses and passwords.  The…

It remains a significant challenge to mitigate the abuse of encrypted social media communication on WhatsApp, Signal, and other platforms while ensuring user privacy. This challenge is present across technological, legal, and social realms. A…