In a historic settlement, the French government doled out a fine of €50 million penalty in March 2020 for failing to be transparent to it’s users about the personal data that it collected from its services and products.
In a similar fashion, Italian telecommunication giant, Telecom Italia, was also awarded aGDPR fine of $31.5 million or €27.8 million by the Italian Data…
Microsoft recently released a couple of new additional features to its Azure AD system. The new features, namely My Apps Collections and Risk Detections will let end users create their own set of apps in the Azure AD “My Apps” portal. The latter feature will help administrators spot sign-in anomalies. However, Microsoft also announced that some Azure AD features will also be discontinued.
A…
Microsoft’s Password Management Capabilities in Authenticator App Made Available to General Use
April 9, 2021
Microsoft recently announced the release of new features such as “password management and autofill capability” in their Authenticator app for mobile devices. The app also supports two-factor authentication and is compatible on both Android and iOS devices.
The feature that allows users to use the Microsoft Authenticator app to save passwords and automatically populate sign-in fields was in…
On March 2, Microsoft released emergency security updates to plug four security loopholes in Exchange Server versions 2013 through 2019. Chinese state-sponsored cyber-espionage unit was using these security loopholes to sniff into email conversations of victim organizations.
At least 30,000 organizations in the United States alone are believed to be hacked by the espionage group to siphon email…
VMware patches critical RCE vulnerability that allowed attackers to execute code remotely
April 9, 2021
VMware has patched up multiple critical remote code execution (RCE) vulnerability in its ESXi, vCenter Server, and Cloud foundation products. The flaw would allow attackers to run codes and affect systems remotely. This vulnerability, tracked as CVE-2021-21972, is critical in severity as it has a CVSS score of 9.8 out of a maximum of 10.
The company said in its advisory that “A malicious…
In 2020, half of all phishing emails used Microsoft Office-themed content to lure in unsuspecting victims and swipe their credentials, according to a Tuesday report by Cofense. The company analyzed millions of attack-related emails and concluded that 57% of the mails were phishing emails with the intent to steal credentials, while the rest were used for planting malware in the user’s systems or…
According to BlueVoyant’s Cybersecurity in higher education report, the number of ransomware attacks against universities increased by 100% year-on-year in 2020. The company compiled data from 2702 universities across 43 countries, covering the period January 2019 to September 2020. It went on to say that average payouts were totaling nearly $450,000.
The company claims that the rise in…
Clubhouse chatroom breached: Letting third-party developer design app for Android users backfires
April 9, 2021
The wildly popular social media app Clubhouse suffered a data breach, as a third-party developer designed an open-source app that allowed Android smartphone customers to break into the iPhone-only service.
Clubhouse has confirmed that a user was able to stream audio from the app on their website. The audio-only social networking app, launched in March 2020, allows people to gather online in…
Cybersecurity firm Genua has issued a fix for a risky flaw in in it’s two-tier firewall product, GenuGate High Resistance Firewall. The vulnerability could have enabled attackers to bypass authentication measures and log in as root users within a company’s internal network.
“An unauthenticated attacker is able to login as an arbitrary user in the admin web interface…
Microsoft 365 users saw a slew of phishing emails, thanks to an ongoing attack aiming at stealing Microsoft 365 credentials. To make the emails look more realistic and legitimate, attackers are adding a fake Google reCAPTCHA system in addition to their company logos in the mails. Security researchers indicate that over 2500 such emails have been unsuccessfully sent to senior-level employees in the…
