Cybercriminals continue to stress-test Windows, and our protective technologies continue to detect their attempts and prevent exploitation. It is not the first or even the second discovery of this kind over the past three months. This time, our systems detected an attempt to exploit the vulnerability in Windows Kernel Transaction Manager.
Well-known U.S.-based charity Save the Children Foundation lost as much as £800,000 to a clever business email compromise scam (BEC) last year after a hacker hacked into an employee’s email account and defrauded the charity into sending the funds to a fraudulent entity in Japan.
You might be forgiven for believing that the twin purposes of the EU’s General Data Protection Regulation (GDPR) were to stop spam emails and punish businesses who lose control of customer data to cyber thieves. Although these are the issues that have dominated our inboxes and the news headlines, and there is a high degree of awareness among consumers and regulators about the need for strong data security, companies of all sizes still seem to be struggling with the core of what the GDPR is really trying to achieve.
A corporate laptop being used in a coffee shop at a weekend was enough to allow a sophisticated cybercrime group to compromise an organisation’s entire infrastructure. The incident was detailed by cybersecurity firm Crowdstrike as part of its Cyber Intrusion Services Casebook 2018 report and serves as a reminder that laptops and other devices that are secure while running inside the network of an organisation can be left exposed when outside company walls.
Google keeps tabs on much of your activity, including your browsing history and your location. Now, it turns out that its YouTube service is also reading what’s in your videos, too. Programmer Austin Burk, who goes by the nickname Sudofox, discovered the issue after discovering a cross-site scripting (XSS) flaw on another site. In an attempt to responsibly disclose it, he uploaded a video of the exploit to YouTube as an unlisted video so that he could show it to the relevant parties.
Facebook announced today another security incident affecting millions of its customers. This time, the company said that a bug in one of its APIs exposed the private photos of nearly 6.8 million users. Facebook blamed this new leak on a Photo API bug that was present in its backend code between September 13 to September 25, 2018.