Microsoft said today that it removed 18 Azure Active Directory applications from its Azure portal that were created and abused by a Chinese state-sponsored hacker group.
The 18 Azure AD apps were taken down from the Azure portal earlier this year in April, the Microsoft threat intelligence team said in a report published today.
L33tdawg: Here's video of Tom Tervoort's presentation from #HITBLockdown about this vuln and his presentation sildes are here (PDF).
July 15 was, at first, just another day for Parag Agrawal, the chief technology officer of Twitter. Everything seemed normal on the service: T-Pain’s fans were defending him in a spat with Travis Scott; people were upset that the London Underground had removed artwork by Banksy. Agrawal set up in his home office in the Bay Area, in a room that he shares with his young son.
Passwords have been used for thousands of years as a means of identifying ourselves to others and in more recent times, to computers. It’s a simple concept – a shared piece of information kept secret between individuals and used to “prove” identity.
The virtual job fair, which took place on August 13, attracted more than 3,000 attendees and included recruiters and subject matter experts from 17 government intelligence agencies including the CIA, Defense Intelligence Agency (DIA), NSA, and National Reconnaissance Office (NRO).
Mozilla has fixed a bug that can be abused to hijack all the Firefox for Android browsers on the same WiFi network and force users to access malicious sites, such as phishing pages.
The bug was discovered by Chris Moberly, an Australian security researcher working for GitLab.
Security firm Check Point said it uncovered an Iranian hacking group that has developed special Android malware capable of intercepting and stealing two-factor authentication (2FA) codes sent via SMS.
The malware was part of an arsenal of hacking tools developed by a hacker group the company has nicknamed Rampant Kitten. Check Point says the group has been active for at least six years and has been engaged in an ongoing surveillance operation against Iranian minorities, anti-regime organizations, and resistance movements such as:
The US government has a major server security headache on its hands. Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has delivered a rare emergency directive (via TechCrunch) urging government agencies to install a patch for a “critical” Windows Server vulnerability known by Secura as Zerologon.
The flaw in the Netlogon Remote Protocol lets attackers with network access “completely compromise” Active Directory services on a network without using a sign-in —a hacker could run amok if they get through.
Billions of smartphones, tablets, laptops, and IoT devices are using Bluetooth software stacks that are vulnerable to a new security flaw disclosed over the summer.
Named BLESA (Bluetooth Low Energy Spoofing Attack), the vulnerability impacts devices running the Bluetooth Low Energy (BLE) protocol.
iOS 14 has begun rolling out to iPhones worldwide, and as is typical for Apple and a new iOS release, security and privacy enhancements are front and center. The new mobile operating system should make you and your data safer than ever. But it's important to know where these various features are and how to use them.
Below you can find the most important security and privacy features your iOS device now has that it didn't have before. Make sure you check them as soon as you've got iOS 14 on your iPhone or iPad.
