Marcos Hidalgo

08/26/2022

The new plan would "provide near complete coverage in most places in the US — even in many of the most remote locations previously unreachable by traditional cell signals."

The service is expected to provide coverage in most places in the US, including remote areas not covered by traditional cell signals.

07/31/2022

Travelers alleged ICS submitted a cyber policy application signed by its CEO and “a person responsible for the the applicant’s network and information security” that the company used MFA for administrative or privileged access.

In what may be one of the first court filings of its kind, insurer Travelers is asking a district court for a ruling to rescind a policy because the

03/21/2022

Tor encrypts web traffic and routes it through a series of servers to hide identifying information about users. It’s a popular way to access sites that are subject to internet censorship, and that’s made it particularly relevant since Russia’s February invasion of Ukraine.

It’s accessible through Tor Browser and similar apps.

03/21/2022

54% of managers say, who'd have thought, that leadership is completely out of touch with employees. Now how could that have happened? Might this have something to do with all those bosses saying last year that they were "thriving"?

If you never thought you'd see the day this would become so important, well, here we are.

03/20/2022

The most consequential change: Google Analytics will no longer log or store IP address information.
https://www.adexchanger.com/online-advertising/google-analytics-to-stop-logging-ip-addresses-and-sunset-old-versions-in-privacy-standards-overhaul/

03/19/2022

Manufacturers typically promise that only automated decision-making systems and not humans see your data. But this isn’t always the case.

https://theconversation.com/smart-devices-spy-on-you-2-computer-scientists-explain-how-the-internet-of-things-can-violate-your-privacy-174579

02/27/2022

The growth of double extortion – and even triple extortion – ransomware attacks is in danger of rendering common, traditional methods of mitigating the impact of a ransomware hit, such as well-maintained backups, less efficacious, according to a report from machine identity specialist Venafi.

Traditional methods of mitigating ransomware are less efficacious thanks to the rise in double and triple extortion techniques

02/23/2022

Attacks that target MS SQL servers include attacks to the environment where its vulnerability has not been patched, brute forcing, and dictionary attack against poorly managed servers

Hackers are exploiting unpatched vulnerabilities in Microsoft SQL servers that are exposed to the internet to backdoor them using the Cobalt Strike.

02/22/2022

SMS PVA services, since gain prevalence in 2018, provide users with alternative mobile numbers that can be used to register for other online services and platforms, and help bypass SMS-based authentication and single sign-on (SSO) mechanisms put in place to verify new accounts.

Hacker use infected Android devices to register disposable accounts in bulk, which can be abused to create phone-verified accounts.

02/18/2022

To breach the Red Cross servers, the threat actors used tactics and custom hacking tools "designed for offensive security" and obfuscation techniques to evade detection, usually linked to advanced persistent threat (APT) groups

The International Committee of the Red Cross (ICRC) said today that the hack disclosed last month against its servers was a targeted attack likely coordinated by a state-backed hacking group.

12/15/2021

Today is Patch Tuesday, and as is the case every couple of months, there are a bunch of products that are no longer supported after today. In the case of Windows 10, version 2004 is getting its last update, and that goes for all SKUs of the OS.

Windows 10 version 2004 got its final cumulative update today, so if you're still using it, you should move to something newer.

10/03/2021

The FoggyWeb post-exploitation backdoor is persistent and steals configuration databases and security token certificates

The FoggyWeb post-exploitation backdoor is persistent and steals configuration databases and security token certificates.