Welcome to V069:  Ode to Cyber – How Do I Love Thee?

News: Top 10 Most Probable Ways a Company Can Be Hacked

How to win the battle with root cause analysis and a data-driven approach. READ MORE

 

News: RDP: a Double-Edged Sword for IT Teams – Essential Yet Exploitable

Remote Desktop Protocol (RDP) is an amazing technology developed by Microsoft that lets you access and control another computer over a network. It’s like having your office computer with you wherever you go. For businesses, this means IT staff can manage systems remotely, and employees can work from home or anywhere, making RDP a true game-changer in today’s work environment. READ MORE

 

AI: It’s bad enough we have to turn on cams for meetings, now the person staring at you may be an AI deepfake

High-profile deepfake scams that were reported here at The Register and elsewhere last year may just be the tip of the iceberg. Attacks relying on spoofed faces in online meetings surged by 300 percent in 2024, it is claimed. READ MORE

 

Cyber Savvy AI Antics

Ode to Cybersecurity (inspired by Sonnet 43)  How do I guard thee? Let me count the ways. I guard thee to the depth and breadth and height My mind can scan, through code and endless night, For truth, resilience, and encrypted bays. I guard thee in the hum of workday haze, Through silent threats and beacon’s pulsing light. I guard thee freely, with unflagging might; I guard thee purely, shunning vain displays. I guard thee with the fire of breach and loss— Each false alert, each sleepless, watchful breath. I guard thee with a love that bears the cost, A will to face the dark and dance with death. And if I fall, still let my logs relay: I lived to keep the black hats far away.

 

AI: How New AI Agents Will Transform Credential Stuffing Attacks

Credential stuffing attacks had a huge impact in 2024, fueled by a vicious circle of infostealer infections and data breaches. But things could be about to get worse still with Computer-Using Agents, a new kind of AI agent that enables low-cost, low-effort automation of common web tasks — including those frequently performed by attackers. READ MORE

 

News: They hack to sell: the gateway to your corporate network could already be on the dark web

Cybercriminals’ tactics are evolving faster than organizations can adapt, keeping them stuck in a “breach, apologize, repeat” cycle, a security expert says. READ MORE

 

Breach: Zapier says someone broke into its code repositories and may have accessed customer data

The security incident impacted some customer information that had been ‘inadvertently copied’ to its repositories.. READ MORE

 

AI: How New AI Agents Will Transform Credential Stuffing Attacks

Credential stuffing attacks had a huge impact in 2024, fueled by a vicious circle of infostealer infections and data breaches. But things could be about to get worse still with Computer-Using Agents, a new kind of AI agent that enables low-cost, low-effort automation of common web tasks — including those frequently performed by attackers. READ MORE

 

News: CISO’s Expert Guide To CTEM And Why It Matters

Cyber threats evolve—has your defense strategy kept up? A new free guide available here explains why Continuous Threat Exposure Management (CTEM) is the smart approach for proactive cybersecurity. READ MORE

 

News: Malicious Chrome extensions can spoof password managers in new attack

A newly devised “polymorphic” attack allows malicious Chrome extensions to morph into other browser extensions, including password managers, crypto wallets, and banking apps, to steal sensitive information. READ MORE

 

MSFT: Microsoft says malvertising campaign impacted 1 million PCs

Microsoft has taken down an undisclosed number of GitHub repositories used in a massive malvertising campaign that impacted almost one million devices worldwide. READ MORE

 

Phishing: US cities warn of wave of unpaid parking phishing texts

US cities are warning of an ongoing mobile phishing campaign pretending to be texts from the city’s parking violation departments about unpaid parking invoices, that if unpaid, will incur an additional $35 fine per day. READ MORE

 

News: Steganography Explained: How XWorm Hides Inside Images

Inside the most innocent-looking image, a breathtaking landscape, or a funny meme, something dangerous could be hiding, waiting for its moment to strike. READ MORE

 

News: Pentesters: Is AI Coming for Your Role?

We’ve been hearing the same story for years: AI is coming for your job. In fact, in 2017, McKinsey printed a report, Jobs Lost, Jobs Gained: Workforce Transitions in a Time of Automation, predicting that by 2030, 375 million workers would need to find new jobs or risk being displaced by AI and automation. Queue the anxiety. READ MORE

 

News: Mozilla warns users to update Firefox before certificate expires

Mozilla is warning Firefox users to update their browsers to the latest version to avoid facing disruption and security risks caused by the upcoming expiration of one of the company’s root certificates. READ MORE

 

MSFT: Week-long Exchange Online outage causes email failures, delays

Microsoft says it partially mitigated a week-long Exchange Online outage causing delays or failures when sending or receiving email messages. READ MORE

 

Vulnerability Vortex

Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks

Apple on Wednesday released security updates for iOS, iPadOS, macOS Sequoia, tvOS, and visionOS to address two security flaws that it said have come under active exploitation in the wild. READ MORE

 

SonicWall Confirms Active Exploitation of Flaws Affecting Multiple Appliance Models

SonicWall has revealed that two now-patched security flaws impacting its SMA100 Secure Mobile Access (SMA) appliances have been exploited in the wild. READ MORE

 

WordPress plugin disguised as a security tool injects backdoor

A new malware campaign targeting WordPress sites employs a malicious plugin disguised as a security tool to trick users into installing and trusting it. READ MORE