Security

If you use Office 365's webmail interface to prevent email recipients from seeing your local IP address, you are out of luck. When sending email through Office 365, your local IP address will be injected into the message as an extra mail header.

Operating a web site and focusing on infosec related topics has made me a paranoid person.  This leads me to send replies to stranger's emails via webmail so I do not expose my local IP address for security and to protect my privacy.

Most small and medium businesses are seriously underestimating their vulnerability to cyberattacks according to a new study.

The report from password manager company Keeper Security shows that 66 percent don't think they will fall victim to an attack. But this confidence is contradicted by a study last year that showed 67 percent of SMBs had been attacked in the past year.

The National Cyber Security Centre (NCSC) has issued an advisory over a large-scale global DNS hijacking campaign.

The advisory discusses the risks and mitigations for organisations to protect themselves from such attacks, in which threat actors change the domain name system (DNS) records of websites and redirect visitors to malicious sites instead.

A mysterious hacker (or hacker group) has stolen the personal details of millions of Bulgarians and has emailed download links to the stolen data to local news publications.

The data's origin is believed to be the country's National Revenue Agency (NRA), a department of the Bulgarian Ministry of Finance.

In a message posted on its website on Monday, the NRA admitted to the incident and said it was working with the Ministry of the Interior and the State Agency for National Security (SANS) to investigate the hack.

A bug in the current iOS 13 and iPadOS betas reportedly allows people to bypass security and access usernames and passwords in the Settings app — though in practice, the issue is a relatively minor threat.

Within the app, people can repeatedly tap on the "Website & App Passwords" option and bypass Face ID, Touch ID, or a passcode, iDeviceHelp noted on Monday. The issue is minor as a device must already be unlocked to access Settings.

On Monday a security researcher published details on several security and privacy issues with the massively popular video conferencing software Zoom after the company failed to properly fix or address them. One issue allows websites to turn on a Mac users' webcam without their explicit consent or perhaps knowledge. The vulnerabilities are still active as of the time of this article's publication.

From 2015 to 2018, a strain of ransomware known as SamSam paralyzed computer networks across North America and the U.K. It caused more than $30 million in damage to at least 200 entities, including the cities of Atlanta and Newark, New Jersey, the Port of San Diego and Hollywood Presbyterian Medical Center in Los Angeles.

The GitHub account of Canonical Ltd., the company behind the Ubuntu Linux distribution, was hacked on Saturday, July 6.

"We can confirm that on 2019-07-06 there was a Canonical owned account on GitHub whose credentials were compromised and used to create repositories and issues among other activities," the Ubuntu security team said in a statement.

Linux founder Linus Torvalds, today at the KubeCon + CloudNative + Open Source Summit China conference, warned attendees that managing software is about to become a lot more challenging, largely because of two hardware issues that are beyond the control of DevOps teams.

The exploit, discovered by security researcher Filippo Cavallarin, relies on two basic Mac features to function: automount and Gatekeeper.

As detailed by Tom's Guide, Gatekeeper funnels files downloaded from the internet to Apple's XProtect antivirus screener, but grants files from a local storage device — mounted via automount — safe passage without scrutiny. Cavallarin was able to trick Gatekeeper into thinking a downloaded file originated from a local drive, bypassing the normal screening protocols.