Technology News

Microsoft last week confirmed in an advisory on a Microsoft Security Response Center post a report by SOCradar of a misconfigured Microsoft endpoint that was not in current use possibly exposing over 65,000 organizations’ data. This storage endpoint had communication between Microsoft and clients. Some of the data included in the misconfigured endpoint may have…

WordPress 6.0.3, the latest security release, is out and now available to all WordPress websites. If your site supports automatic updates, it will be automatically updated. You can also manually update within your dashboard => Updates. If your site supports automatic updates, it will be automatically updated. You can also manually update within your dashboard…

Fortinet has released a patch an advisory on a recent critical authentication bypass vulnerabilities affecting FortiOS, FortiProxy, and FortiSwitchManager. The auth bypass bug CVE-2022-40684 allows an unauthenticated user to perform administrative functions through maliciously crafted HTTPS requests. Account owners with affected devices ave been notified early last week prior to their public release to update…

A DDoS, or distributed denial-of-service is a malicious attack where excessive amounts of requests are sent to a target. It’s intended to crash a website or server, affect performance and availability for legitimate traffic, or increase hosting and resource cost. Google has recently reported that their Cloud Armor service blocked a DDoS attack of 46…

Apple has released updates patching two critical vulnerabilities recently discovered. An application is able to use this vulnerability to run malicious code and gain Kernel privilege, which is the highest privilege allowing full control of the device. These vulnerabilities may have been previously exploited by hackers in likely targeted attacks. The affected devices include: macOS…

VMware has released patches for bugs and vulnerabilities, including a critical authentication bypass bug. This bug allowed a user to gain administrator privileges without authentication. Products affected include VMware Workspace ONE, VMware Identity Manager, vRealize Automation, Cloud Foundation, and vRealize Suite Lifecycle Manager. Many of the patches have at least a moderate CVS score, which…

Mangatoon, the manga and comic reading platform, has suffered a data breach exposing the data of over 20 million accounts. The hacker was able to steal this data by accessing an unsecured or misconfigured database. BleepingComputer in their report was able to confirm their hack method and was able to verify a data sample to…

Apple has announced it is working in a new feature called “Lockdown Mode.” This new feature will protect users from different types of cyberattacks, especially highly targeted spyware. Along with a grant for spyware threat research, these new additions are part of their initiative to protect users from highly targeted cyberattacks. Lockdown Mode, when turned…

As environments and networks grow and become more complex, it is more critical to secure those busy networks and different devices. Microsoft has announced that Microsoft Defender for Endpoint will offer additional security for Android and iOS devices. Extra features like alerts for vulnerabilities, rouge devices, and protection for wireless (Wi-Fi) networks. Learn more about…

A new malware has been going around targeting content creators of YouTube. Reported by researchers at Intezer, YTStealer is likely being sold and distributed as MaaS (or Malware-as-a-Service). It’s goal is to steal authentication cookies from YouTube content creators. Many of the files in the malware are disguised as legitimate applications, specifically software typically used…