Category: News

From ehackingnews.com

The usage of collaborative applications had been a major victory with the pandemic. That incorporates Microsoft Teams, Google Meets, Zoom, and many others. Indeed, the software on the web makes brainstorming, designing, and collaborating with team members easier for all kinds of concepts. 
Milanote is among the most popular apps used in this period. It is recognized as an application for creators to note, compile and collaborate. It is used for sorting notes, gathering ideas, structuring activities – workflows, and much more. Companies mentioned, among many others, like Uber, Facebook, Google, and Nike, use it for their office routine. 

Read more…

From paloaltonetworks.com

Imagine building applications in the cloud with the knowledge they are natively protected with industry-leading security controls. Imagine having your own personal, best-in-class threat research team at your fingertips, while taking advantage of cloud simplicity, scalability and speed.

Now meet Google Cloud Intrusion Detection System (Cloud IDS). It’s the first network threat detection system delivered as a native Google Cloud service, built with the industry-leading security technologies of Palo Alto Networks. Cloud IDS is the result of a year-long joint design and engineering effort between Google Cloud and Palo Alto Networks that was focused on combining the best-in-class security of Palo Alto Networks with the simplicity and scale of Google Cloud native services. In just a few clicks, Google Cloud customers will be able to deploy on-demand application visibility and threat detection between workloads or containers in any Google Cloud virtual private cloud (VPC) to support their compliance goals and protect applications.

Read more…

From bleepingcomputer.com

A new NTLM relay attack called PetitPotam has been discovered that allows threat actors to take over a domain controller, and thus an entire Windows domain.

Many organizations utilize Microsoft Active Directory Certificate Services, which is a public key infrastructure (PKI) server that can be used to authenticate users, services, and machines on a Windows domain.

In the past, researchers discovered a method to force a domain controller to authenticate against a malicious NTLM relay that would then forward the request to a domain’s Active Directory Certificate Services via HTTP.

Read more…

From techcrunch.com

Volkswagen says more than 3.3 million customers had their information exposed after one of its vendors left a cache of customer data unsecured on the internet.

The car maker said in a letter that the vendor, used by Volkswagen, its subsidiary Audi and authorized dealers in the U.S. and Canada, left the customer data spanning 2014 to 2019 unprotected over a two-year window between August 2019 and May 2021.

The data, which Volkswagen said was gathered for sales and marketing, contained personal information about customers and prospective buyers, including their name, postal and email addresses, and phone number.

Read more…

From theregister.com

Tech support scam attempts dropped in frequency over the past two years, but remain a threat. And Millennials and Gen Z – not Boomers – fall prey most frequently, according to Microsoft in its 2021 Global Tech Support Scam Research report, released Thursday.

Tech support scams involve cybercriminals convincing users they have malware or other problems with their computer that can best be addressed with unsolicited proactive assistance. The crims usually seek to gain remote access to machines under the guise of “diagnosing problems,” then steal money or information, or sometimes install malware to give them access later.

Read more…

From ehackingnews.com

Following a breach, user IDs and passwords for the Tokyo Olympic ticket gateway were released on a leak website, a government official told Kyodo News on Wednesday. The leak was “not huge,” according to the source, but the IDs and passwords might provide someone access to a person’s name, address, bank account information, and other personal information. 
The government source, who spoke on the condition of anonymity, said the organizing body for the Games has initiated an investigation. The hack reportedly includes the names, addresses, and bank account information of individuals who purchased Paralympic tickets, as well as a volunteer portal. They did not specify how many accounts were compromised. The leak was revealed as Japanese musician Keigo Oyamada resigned this week from the team producing Friday’s Olympic opening ceremony after admitting to previously bullying and abusing children with disabilities, and as organizers struggle to turn public opinion in their favor in the wake of the coronavirus pandemic.

Read more…

From securityboulevard.com

Last week, the Biden administration announced a ‘new’ Rewards for Justice program offering up to $10 million USD for information relating to those who create and perpetuate ransomware attacks against U.S. infrastructure. The program, administered by the United States Department of State’s Diplomatic Security Service (DSS), promises a reward of up to $10 million for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, participates in malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act (CFAA).

Read more…