Meddler-in-the-Middle phishing attacks break MFA
Security researchers have discovered “meddler-in-the-middle” (MitM) phishing attacks that can break multi-factor authentication (MFA) controls.
MFA
Threat actor deploys malicious OAuth apps on compromised cloud tenants to spread spam
Microsoft has been monitoring a threat actor deploying malicious OAuth apps on compromised cloud tenants to spread spam.
Cybercriminals use proxies and configurations to launch credential stuffing attacks
The Federal Bureau of Investigation (FBI) have spotted cybercriminals using proxies and configurations to launch credential stuffing attacks against US companies.
CISA: Take these urgent steps to protect your organization against potential critical cybersecurity threats
The Cybersecurity and Infrastructure Security Agency (CISA) has published a new CISA Insights guideline document with steps organizations can take against potential critical cybersecurity threats.
Nobelium targets CSPs, MSPs and IT organizations to launch broader attacks
Microsoft has released a new report on Nobelium that has been targeting cloud service providers (CSPs), managed service providers (MSPs) and other IT organizations in order to launch broader attacks against customers they serve.
NSA releases guidance on securing wireless devices in public settings
The National Security Agency (NSA) has released guidance on securing wireless devices in public settings for government national defense entities and the general public. The new 8-page guidance infosheet summarizes ways bad actors target wireless devices as well as good safeguards to protect against such cyberattacks. The NSA warns that although connecting to public Wi-Fi …
NSA releases guidance on securing wireless devices in public settings Read More »
3 good examples of how to apply the Zero Trust Security Model
The National Security Agency (NSA) has released new guidelines on the Zero Trust Security Model, a coordinated system management strategy that removes implicit trust in any one system or service and assumes breaches will or have already occurred.
DNS hijacking cyber attacks on domains worldwide
Security researchers from FireEye have identified a wave of DNS hijacking attacks on domains owned by government, telecom and internet infrastructure organizations around the globe.
PCI DSS 3.2.1 Security Standard update
The PCI Security Standards Council (PCI SSC) has published a minor revision to the PCI Data Security Standard (PCI DSS) for organizations that handle branded credit cards from the major card networks.