Trend Micro's password manager had some security flaws that could if the circumstances are right, enable a privilege escalation attack by a malicious actor. It's time to update it now!

More info in this Forbes article by Davey Winder. With some insights from myself.

I see a lot of fear of the unknown when it comes to security. I read also a lot of arguments based on theoretical risks or risks only people or organizations that have nation state attackers in their threat model must fear. Most of us aren't in that category.

I remember: "hackers need access to your unlocked iPhone or iPad to exploit it". Seriously, no need to panic or sensationalize vulnerabilities that are very unlikely to be exploited.

Windows records users on adult sites. The malware is capable of stealing credentials so it can potentially link recordings to users. Could become a nasty one. For the moment only French users are targeted.

- Bulk phishing campaigns last for 13h on avg
- Phishing aimed at few employees last 7 minutes on avg
- Phishing mails most likely pretending to be from financial services company or ecommerce site.
- 45% of users don't understand Phishing and/or associated risks

nteresting results from Google's talk about :
- They block more than 100M phishing mails/day
- 68% of these are new variations.
- Enterprise users 5 times more likely to be targeted than standard Gmail users.

After Amazon, Google & Apple, we learned today that contractors also listen to private conversations without informing users.

Still using Skype? You might want to reconsider..

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.