Cybersecurity company Mandiant has discovered that hackers are using a new technique to target enterprise networks. The researchers warned that threat actors exploit multifactor authentication (MFA) to gain unauthorized access to dormant Microsoft accounts. According to cybersecurity researchers at Mandiant, the exploit is being used in hacking campaigns by APT29 to bypass authentication. APT29 is…
Google has announced that it blocked the largest distributed denial-of-service (DDoS) attack. The attack peaked at 46 million requests per second (rps), which is 76 percent larger than the previous DDoS attack that targeted Cloudflare in June. The company explained in its blog post that the HTTPS DDoS attack began targeting one of its Google…
Google has released a new update that should help to prevent unauthorized changes to Workspace user accounts. This security feature brings identity verification prompts to protect high-risk customers from malicious attacks in enterprise environments. With this release, Google Workspace has introduced a new “Verify it’s You” prompt to block suspicious account activities. Users will need…
Slack has confirmed that a security vulnerability accidentally exposed the hashed passwords of around 0.5 percent of its customers. The company patched the bug last month and notified impacted users that it had reset their passwords. The vulnerability was first discovered by a security researcher and it was reported to Slack on July 17, 2022….
Microsoft has started rolling out Edge version 104 to the Stable channel. This new update brings some improvements to the enhanced security mode to make the browsing experience more secure on less popular websites, and some new policies for IT admins. The enhanced security mode (previously known as the Super Duper Secure mode) launched in…
Back in May, Microsoft unveiled a new Defender Experts for Hunting solution to help organizations proactively hunt for security threats. The company has announced that the new managed security service is now generally available for enterprise customers. Microsoft Defender Experts for Hunting is aimed at companies with existing security operations centers. The service combines data…
VMware has released new security updates to address a critical authentication bypass vulnerability present in its multiple products. The company warned that the bug could enable threat actors to gain administrative privileges on target systems. Tracked as CVE-2022-31656, the flaw was discovered by the security researcher Petrus Viet. VMware assigned the authentication bypass vulnerability a…
Microsoft has announced two new security services to enhance the threat intelligence capabilities of its Microsoft Defender platform. The new Defender Threat Intelligence and Defender External Attack Surface Management tools are a result of Microsoft’s acquisition of the cybersecurity company RiskIQ in July 2021. First up, the Microsoft Defender Threat Intelligence (MDTI) service provides enterprise…
Amazon has released new security updates for its Amazon Elastic Block Store (EBS) and Amazon Elastic Kubernetes Service (EKS) services. First of all, Amazon GuardDuty is getting new malware protection capabilities to detect malicious files stored on container workloads or customer instances running on Amazon EC2. For those unfamiliar, Amazon GuardDuty is a managed cloud…
In this article, we are going to take a brief look at what Azure Sphere is and how it is helping to protect Internet of Things (IoT) devices with additional security overlay. In today’s world, we are surrounded by billions of devices – all with microcontrollers embedded in them for control and to add logic….