Skip to main content
InfoSec Newsletter Logo
Latest Issue

October is Cybersecurity Awareness Month: Stay Safe Online with These Essential Tips

Download
Download
September 2024

National Insider Threat Awareness Month: Stay Vigilant as We Move Forward This School Year

  • CISA Releases Election Security Focused Checklists For Both Cybersecurity And Physical Security
  • Hackers Leak 2.7 Billion Data Records With Social Security Numbers
  • Critical Infrastructure Cyberattacks 'A Geopolitical Weapon' Says New Report
  • DDOS Attacks Double With Governments Most Targeted
  • Active Ransomware Groups Surge By 56% In 2024
  • There Was A 56% Increase In Ransomware Groups In H1 2024
  • A New Malware Named "Voldemort" May Be A Cyber Espionage Campaign
  • Yubikeys Are Vulnerable To Cloning Attacks Thanks To Newly Discovered Side Channel
  • White House Launches Cybersecurity Hiring Sprint To Help Fill 500,000 Job Openings
  • Google Chrome Vulnerability Before Version 128.0.6613.84 Allows Remote Attackers To Exploit Heap Corruption With Malicious HTML
  • Microsoft Windows Smartscreen Vulnerability Lets Attackers Bypass Security With Malicious Files
Download
August 2024

Olympic Cyber-Savvy: Your August 2024 Data Privacy Playbook

  • CrowdStrike - How Microsoft Will Protect 8.5 Million Windows Machines
  • How Infostealers Pillaged the World's Passwords
  • Facebook Ads Lead to Fake Websites Stealing Credit Card Information
  • CVEs Surge 30% in 2024, Only 0.91% Weaponized
  • Email attacks rose by 293% compared to the first half of 2023
  • Gaming Industry Faces 94% Surge in DDoS Attacks
  • Researchers find new way to steal tokens using cross-site scripting and OAuth
  • Cyberattacks may follow CrowdStrike outage, warns MS-ISAC
  • Chrome now asking for ZIP archive passwords to help detect malicious files
  • A security flaw in Ivanti ICS versions 9.x and 22.x, lets a hacker bypass checks and access restricted parts of the system remotely.
  • A logic error in Android's code could let someone gain higher access on the device without needing extra permissions
  • Changes in the Information Security Office: Research Cyber Risk Management
  • Knight Shield Moving to GCC-High
Download
July 2024

Stay Cyber-Safe This Summer: July Ransomware Awareness Month

  • Cybersecurity regulations face ‘uphill battle’ after Chevron ruling
  • US bans Kaspersky for posing ‘significant risk’
  • OpenAI breach in 2023 raises national security concerns
  • 10 Billion Passwords Leaked on Hacking Forum
  • Half of Employees Fear Punishment for Reporting Security Mistakes
  • Australian Man Charged for Fake Wi-Fi Scam on Domestic Flights
  • Apple rolls out quantum-resistant cryptography for iMessage
  • Hackers hit Poland Euro 2024 match broadcast in second attack
  • YouTube Creates Privacy Tools To Protect Users From AI Content
  • A flaw in Citrix ADC and Citrix Gateway can let attackers run any code without logging in
  • Older versions of Drupal have a security flaw that lets attackers run any code remotely due to issues in default module setups
Download
June 2024

Summer Cybersecurity: Think Before You Click

  • Accidental or not, another Google leak exposes multiple privacy breaches
  • Ticketmaster Breach Confirmed, Third Party Blamed
  • Celebrity TikTok Accounts Compromised Using Zero-Click Attack via DMs
  • NSA Warns iPhone & Android Users to Restart Devices Once Every Week
  • Research discovers the 25 most hacked pop culture passwords
  • 83% of organizations faced at least one account takeover the past year
  • Infosec2024 Spyware: A Threat to Civil Society and a Threat to Business
  • New PyPI Malware “Pytoileur” Steals Crypto and Evades Detection
  • Account Takeovers Outpace Ransomware as Top Security Concern
  • Google released fixes for a high-severity security flaw in Chrome that has been actively exploited
  • Memory corruption issue for older Iphone and Ipads allowing attackers to bypass kernel memory protection, gaining read and write capability
Download
May 2024

Enhancing Security Awareness at UCF with KnowBe4's Phishing Simulation Platform

  • The DOJ Detected the SolarWinds Hack 6 Months Earlier Than First Disclosed
  • Malware-Free Cyberattacks on the Rise
  • Google Authenticator Syncing Isn’t End-to-End Encrypted
  • Report Shows Nearly 600% Annual Growth in Vulnerable Cloud Attack Surface
  • 46% of Organizations Faced Synthetic Identity Fraud in 2022
  • Report Reveals 65% of Cyberattacks Targeted at U.S.
  • Microsoft Edge is Leaking User Browsing Data to Bing
  • Trigona Ransomware Targets Microsoft SQL Servers
  • Google Gets Court Order to Take Down CryptBot That Infected Over 670,000 Computers
  • Apache Log4j2 Deserialization of Untrusted Data Vulnerability
  • Oracle WebLogic Server Unspecified Vulnerability
Download
April 2024

Don't be the Fool: Protect Yourself from Cyber Tricks Year-round!

  • Dataset of 73 Million AT&T Customers Linked to Dark Web Data Breach
  • iPhone Users Targeted with MFA Bombing Attacks – Don’t Tap ‘Allow!’
  • YouTube Being Used to Distribute Malware
  • 17 Billion Personal Records Exposed in Data Breaches in 2023
  • 92% of IT Leaders Report Cyberattacks are More Frequent Than Last Year
  • New, Sophisticated Phishing-As- A-Service Platform Discovered
  • Cybercriminals Selling New Tool Weaponizing Raspberry Pi
  • NIST Awards $3.6 Million for Community-Based Cybersecurity Workforce Development
  • Government Board Pins China Hack on Microsoft’s 'inadequate' Cybersecurity Strategies
  • Bug in the iPhone's Core System Could Let a Hacker Get Around the Phone's Security Measures
  • A Flaw in Windows Hyper-V Could Lead to a Shutdown or Disruption of Service
Download
March 2024

Guarding Against Social Engineering Threats During National Fraud Awareness Month

  • Cyberattack Paralyzes the Largest U.S. Health Care Payment System
  • Lockbit Cybercrime Gang Disrupted by Britain, US and EU
  • Apple Rolls Out Quantum-Resistant Cryptography for iMessage
  • Ransomware Extortion is Evolving
  • 95% of Websites Run on Outdated Software with Known Vulnerabilities
  • Ads for Zero-Day Exploit Sales Surge 70% Annually
  • U.S. State Government Network Breached via Former Employee's Account
  • Is Now the Right Time for a Ransomware Payment Ban?
  • How GenAI and Custom GPTs Could Impact Government in 2024
  • Out-of-Bounds Memory Access and Arbitrary Code Execution Risk on Apple Devices
  • Google Warns: Critical Vulnerability Poses Local Privilege Escalation Risk
Download
February 2024

Navigating Love and Cybersecurity Awareness in February

  • GTA 5 Used to Lure Torrent Users with Malicious File
  • Cyberattacks on Clorox, Johnson Controls Cost Companies $76M Combined
  • Malware-as-a-Service Now the Top Threat to Organizations
  • Tax Return Scammers Flood Google with Fake Ads
  • 79% of Organizations Faced a Ransomware Attack in H2 2023
  • Hackers Exploit Job Boards, Stealing Millions of Resumes and Personal Data
  • NIST researchers warn of top AI security threats
  • National Cybersecurity Plans Lack Performance Measures and Estimated Costs, GAO Says
  • Romance Scam Victims Surge in 2023
  • Google Chrome vulnerability facilitated remote code execution via a crafted HTML page
  • Apple WebKit flaw allows code execution via crafted web content
Download
January 2024

Mobile Cybersecurity Trends in 2024

  • Comcast Says Data of 36 Million Accounts Was Compromised in Breach
  • Google Settles $5 Billion Privacy Lawsuit Over Tracking Users in 'Incognito Mode'
  • Cybercriminals using fewer than 1% of thousands of potential exploits
  • Top 10 biggest security incidents of 2023
  • Top 10 Cybersecurity Predictions for 2024 and Beyond
  • Cyber-Attacks Drain $1.84bn from Web3 in 2023
  • Log4j Vulnerability Enables Arbitrary Code Execution
  • OpenSSH, Key Networking Tool, Vulnerable to Exploit
  • Using Stronger Passwords Among Top 2024 Digital Resolutions
  • An innocent-looking Instagram trend could be a gift to hackers, according to a cyber-security expert
  • New data reveals the states at highest risk of cybercrime
Download
December 2023

Tis the Season for Cyber-Smart Shopping: Protect Yourself While Embracing the Holiday Spirit

  • Kremlin-backed hackers attacking unpatched Outlook systems, Microsoft says
  • Booking.com clients prone to cyber fraud, warns analyst
  • Google Unveils RETVec - Gmail's New Defense Against Spam and Malicious Emails
  • Apple Patches Actively Exploited iOS Zero-Days
  • Cybersecurity Trends Point to More Sophisticated Attacks Ahead
  • Don’t click December: feds warn of three most common scams
  • Microsoft Outlook Elevation of Privilege Vulnerability
  • Chrome versions had a renderer exploit allowing sandbox escape via a file
Download
November 2023

Critical Infrastructure Security and Resilience Month

  • Largest DDoS attacks ever reported by Google, Cloudflare and AWS
  • US SEC sues SolarWinds for concealing cyber risks before massive hacking
  • Data Encrypted in 75% of Ransomware Attacks on Healthcare Organizations
  • Israeli Entities Under Attack By MuddyWater’s Advanced Tactics
  • Microsoft pledges to bolster security as part of ‘Secure Future’ initiative
  • The People Hacker: AI a Game-Changer in Social Engineering Attacks
  • AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion
  • DHCP Server Service Denial of Service Vulnerability
Download
October 2023

Empowering IT and InfoSec Teams During Cybersecurity Awareness Month

  • MGM Resorts Hit: Cyberattack Inflicts $100 Million Blow
  • NSA Unveils AI Security Center: Fortifying National Defense
  • FDA Tightens Cybersecurity for Medical Devices, Empowering Vigilance
  • RICO Lawsuit: H&R Block, Google, Meta Accused in Data Privacy Case
  • Signal Boosts Security: Quantum-Resistant Encryption in E2EE
  • Microsoft AI Blunder: Terabytes of Sensitive Data Exposed
  • Critical Privilege Escalation Flaw in Windows CNG Service
  • Apple iOS and iPadOS at Risk: Kernel Privilege Escalation
Download
September 2023

Elevate Security: National Insider Threat Awareness Month 2023

  • Chinese Hackers Breach Japan's Cyber Agency, Prompting Cybersecurity Boost
  • Univ. of Michigan Halts Internet After Cyberattack: Classes Unaffected
  • US Govt Email Services Hacked via Barracuda Zero-Day
  • Cybercriminals Threaten Ransom Over GDPR Fines: 'Digital Peace Tax' Scheme
  • UK Cyber Agency Warns Against Chatbot Prompt Injection Threats
  • Cisco VPNs Breached: Brute Force Attacks by Akira Ransomware Group
  • WinRAR < 6.23 allows code execution via malicious ZIP archives
  • Adobe ColdFusion allows arbitrary code execution without user interaction.
Download
August 2023

Strengthening Password Security: A Vital Guide for IT and Infosec Pros

  • Facebook Zero-Day Phishing Attack
  • Hackers Exploiting Windows Search for Remote Access Trojans
  • Israel's Top Oil Refinery Site Offline Following DDoS Attack
  • You can have security without privacy, but you can't have privacy without security.
  • Canon Inkjet Printers Expose Wi-Fi Threat
  • AI-Enhanced Phishing Driving Ransomware Surge
  • Heart Monitoring Tech Provider Confirms Cyberattack
  • Memory Safety Bugs Present in Firefox
  • Apple Apps May be Able to Modify Sensitive Kernel State
Download
July 2023

The Evolution of Phishing Attacks and Detection Best Practices

  • Japan's Largest Port Hit with a Ransomware Attack
  • CISA Issues Warning for Cardiac Device System Vulnerability
  • Microsoft Denies Major 30 Million Customer-Breach
  • New Tools Capable of Sending External Malware to Microsoft Teams
  • Threat Actors are Exploiting WordPress Zero-Day to Create Secret Admin Accounts
  • UK's Law Could Allow for Real-Time Internet Logs
  • Google Chromium V8 Type Confusion Vulnerability
  • Samsung Mobile Devices Improper Input Validation Vulnerability
Download
June 2023

The Dangers of Using AI in Handling Sensitive Information

  • Microsoft to Pay $20 Million Penalty for Illegally Collecting Kids' Data on Xbox
  • US Aerospace Contractor Hacked With 'PowerDrop' Backdoor
  • 2.5M Impacted by Enzo Biochem Data Leak After Ransomware Attack
  • New Zero-Click Hack Targets iOS Users with Stealthy Root-Privilege Malware
  • New PowerDrop Malware Targeting U.S. Aerospace Industry
  • Idaho Hospitals Hit by a Cyberattack that Impacted their Operations
  • Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service
  • Firefox for Android Memory corruption and a potentially exploitable
Download
May 2023

Reducing Phishing Attacks

  • The DOJ Detected the SolarWinds Hack 6 months Earlier than First Disclosed
  • Malware-Free Cyberattacks on the Rise
  • Google’s New Two-Factor Authentication Isn’t End-to-End Encrypted, Tests Show
  • Microsoft Edge is Leaking User Browsing Data to Bing
  • Trigona Ransomware Targets Microsoft SQL Servers
  • Google Gets Court Order to Take Down CryptBot That Infected Over 670,000 Computers
  • Apache Log4j2 Deserialization of Untrusted Data Vulnerability
  • Oracle WebLogic Server Unspecified Vulnerability
Download
April 2023

MFA for Webcourses

  • Microsoft Introduces Microsoft Security Copilot
  • Jefferson County Schools Hit by Ransomware
  • Genesis Market Platform Seized by Police
  • Hackers Exploiting WordPress Elementor Pro Vulnerability
  • UK Bans TikTok from Government Mobile Phones
  • Bing Search Results Hijacked via Misconfigured Microsoft App
  • Multiple Google Chrome Vulnerabilities Could Allow for Arbitrary Code Execution
  • Microsoft Internet Explorer Memory Corruption Vulnerability
Download
March 2023

Password Vaults

  • LastPass Says Employee’s Home Computer Was Hacked, Corporate Vault Taken
  • Dole, Food Giant, Was Hit by Ransomware and Temporarily Halts North American Production
  • Ransomware Gang Uses New Zero-Day to Steal Data on 1 Million Patients
  • News Corp Revealed That Attackers Remained on Its Network for Two Years
  • Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
  • Samsung Message Guard Protects Mobile Devices Against Zero-Click Exploits
  • Sensitive US Military Emails Spill Online
  • Hackers Steal Activision Games and Employee Data
Download
February 2023

Vulnerability Management

  • ChatGPT Writes Malware
  • NortonLifeLock Breached, Password Manager Accounts
  • Unknown Hackers Steal 124,000 Patient Files from Texas Care Center
  • Ransomware Attack Against University of Duisburg-Essen
  • Azure Services SSRF Vulnerabilities Exposed Internal Endpoints
  • Microsoft Exchange Server Elevation of Privilege Vulnerability
  • Critical Patches Issued for Microsoft Products
Download
January 2023

Security Operations Center (SOC)

  • LOG4SHELL Anniversary
  • LastPass Data Breach
  • McGraw Hill Data Leak
  • Multiple Vulnerabilities In Apple Products Could Allow For Arbitrary Code Execution
  • A Vulnerability In KSMBD For Linux Could Allow For Remote Code Execution
  • Lockbit Ransomware Gang Apologizes, Provides Decryptor
  • CISA Adds Two Known Exploited Vulnerabilities To Catalog
  • Upcoming Security Initiatives