News: Hackers Force Chrome Users To Hand Over Google Passwords. Here’s How
| Newly published research has revealed how threat actors are using a devious new technique to force Chrome browser users to reveal their Google account passwords out of nothing more than sheer frustration. The credential-stealing campaign, which uses malware called StealC, locks the user’s browser in kiosk mode while blocking both the F11 and ESC keys to prevent them from escaping out of this full-screen mode. |  |
News: Cloudflare outage cuts off access to websites in some regions
 |
A rolling Cloudflare outage is impacting access to web sites worldwide, including BleepingComputer, with sites working in some regions and not others. |
News: Ransomware gangs now abuse Microsoft Azure tool for data theft
| Ransomware gangs like BianLian and Rhysida increasingly use Microsoft’s Azure Storage Explorer and AzCopy to steal data from breached networks and store it in Azure Blob storage. |  |
Cyber Savvy AI Antics |
 |
|
Happy Cybersecurity Awareness Month! In October’s chill, the spooks arise, Beware the emails that seem too sweet, Passwords strong, like a fortress wall, Enable two-factor, don’t be shy, Don’t trust the Wi-Fi at your café, So this October, don’t just scream, Cybercrime’s real, it’s no fun and games, |
News: Chrome Introduces One-Time Permissions and Enhanced Safety Check for Safer Browsing
| Google has announced that it’s rolling out a new set of features to its Chrome browser that gives users more control over their data when surfing the internet and protects them against online threats. |  |
News: Healthcare’s Diagnosis is Critical: The Cure is Cybersecurity Hygiene
 |
Cybersecurity in healthcare has never been more urgent. As the most vulnerable industry and largest target for cybercriminals, healthcare is facing an increasing wave of cyberattacks. When a hospital’s systems are held hostage by ransomware, it’s not just data at risk — it’s the care of patients who depend on life-saving treatments. |
News: QR Phishing Scams Gain Motorized Momentum in UK
| Criminal actors are finding their niche in utilizing QR phishing codes, otherwise known as “quishing,” to victimize unsuspecting tourists in Europe and beyond. |  |
News: Contractor Software Targeted via Microsoft SQL Server Loophole
 |
By accessing the MSSQL, threat actors gain admin-level access to the application, allowing them to automate their attacks. |
News: Chrome Users Can Now Sync Passkeys Across Devices with New Google PIN Feature
| Google on Thursday unveiled a Password Manager PIN to let Chrome web users sync their passkeys across Windows, macOS, Linux, ChromeOS, and Android devices. |  |
News: The Microsoft 365 Backup Game Just Changed: Ransomware Recovery Revolutionized
 |
In today’s hyper-connected digital world, the importance of robust data protection is undeniable. For businesses of all sizes, the need to safeguard critical information has moved from a secondary IT concern to a boardroom-level issue. This heightened urgency is driven by the increasing frequency and complexity of cyberattacks, particularly ransomware, which have the potential to cripple operations, cause catastrophic financial losses, and in some cases, irreparably damage a company’s reputation. |
News: Why ‘Never Expire’ Passwords Can Be a Risky Decision
| Password resets can be frustrating for end users. Nobody likes being interrupted by the ‘time to change your password’ notification – and they like it even less when the new passwords they create are rejected by their organization’s password policy. IT teams share the pain, with resetting passwords via service desk tickets and support calls being an everyday burden. Despite this, it’s commonly accepted that all passwords should expire after a set period of time. |  |
News: New Microsoft Windows Warning—Fake CAPTCHAs Attacking PCs
 |
A new warning as we head into the weekend, that a “global attack” is now targeting Windows users in multiple countries around the world. The campaign is stupidly simple, but it hammers home the risk for the hundreds of millions of Windows 10 users heading for a world without security updates a year from now. |
News: Microsoft’s security culture reboot includes cyber governance council, all-staff trainings
| The tech giant launched its Secure Future Initiative after a string of major security breakdowns. |  |
News: Telegram Agrees to Share User Data With Authorities for Criminal Investigations
 |
In a major policy reversal, the popular messaging app Telegram has announced it will give users’ IP addresses and phone numbers to authorities in response to valid legal requests in an attempt to rein in criminal activity on the platform. |
News: CrowdStrike Overhauls Testing and Rollout Procedures to Avoid System Crashes
| CrowdStrike says it has revamped several testing, validation, and update rollout processes to prevent a repeat of the July BSOD incident. |  |
News: Hackers deploy AI-written malware in targeted attacks
 |
In an email campaign targeting French users, researchers discovered malicious code believed to have been created with the help of generative artificial intelligence services to deliver the AsyncRAT malware. |
Vulnerability Vortex
WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks
| A new high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable malicious actors to execute arbitrary JavaScript code under certain conditions. |  |
Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws
 |
Today is Microsoft’s October 2024 Patch Tuesday, which includes security updates for 118 flaws, including five publicly disclosed zero-days, two of which are actively exploited. |
Adobe Releases Security Updates for Multiple Products
| Adobe released security updates to address multiple vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. |  |
CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches
 |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Fortinet products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. |
Firefox Zero-Day Under Attack: Update Your Browser Immediately
| Mozilla has revealed that a critical security flaw impacting Firefox and Firefox Extended Support Release (ESR) has come under active exploitation in the wild. |  |
Read also
Welcome to v062 : Roses are red, violets are blue, cyber-hackers are waiting for you
Welcome to v061 : New Year’s Resolution: Strengthen Cybersecurity, Protect Missions.
About Us
Developing cybersecurity plans, evaluating and implementing technology, building effective software, and executing strategic initiatives.