Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode

MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants

Cybersecurity researchers have shed light on a cross-tenant blind spot that allows attackers to bypass Microsoft Defender for Office 365 protections via the guest access feature in Teams.

“When users operate as guests in another tenant, their protections are determined entirely by that hosting environment, not by their home organization,” Ontinue security researcher Rhys Downing said in a report.

“These advancements increase collaboration opportunities, but they also widen the responsibility for ensuring those external environments are trustworthy and properly secured.”

GreyNoise launches free scanner to check if you’re part of a botnet

GreyNoise Labs has launched a free tool called GreyNoise IP Check that lets users check if their IP address has been observed in malicious scanning operations, like botnet and residential proxy networks.

The threat monitoring firm that tracks internet-wide activity via a global sensor network says this problem has grown significantly over the past year, with many users unknowingly helping malicious online activity.

“Over the past year, residential proxy networks have exploded and have been turning home internet connections into exit points for other people’s traffic,” explains GreyNoise.

Podcast with Chuck Brooks, Adjunct Professor at Georgetown University and President of Brooks Consulting International — Quantum Computing Report

In this episode of The Quantum Spin by HKA, host Veronica Combs discusses the intersections of quantum technology and cybersecurity with Chuck Brooks, an adjunct professor at Georgetown University and the president of Brooks Consulting International. Chuck discusses how the evolution of technology, particularly AI and quantum computing, has dramatically transformed cybersecurity. The conversation also touches on the role of CISOs, the integration of new technologies, and the importance of ongoing education and adaptation in the face of rapidly changing technologies.

00:00 Introduction to Quantum Spin Podcast 00:34 Guest Introduction: Chuck Brooks 00:46 Chuck Brooks’ Career Journey 02:09 Evolution of Cybersecurity 02:47 Challenges for CISOs 04:27 Quantum Computing and Cybersecurity 07:43 Future of Quantum and AI 10:51 Disruptive Technologies in Organizations 15:15 AI in Academia and Professional Use 17:06 Effective Communication on LinkedIn 18:23 Conclusion and Podcast Information.

Chuck Brooks serves as President of Brooks Consulting International with over 25 years of experience in cybersecurity, emerging technologies, marketing, business development, and government relations. He also is an Adjunct Professor at Georgetown University in the Cyber Risk Management Program, where he teaches graduate courses on risk management, homeland security, and cybersecurity.

JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers

“Campaign leverages fake adult websites (xHamster, PornHub clones) as its phishing mechanism, likely distributed via malvertising,” Acronis said in a new report shared with The Hacker News. “The adult theme, and possible connection to shady websites, adds to the victim’s psychological pressure to comply with sudden ‘security update’ installation.”

ClickFix-style attacks have surged over the past year, typically tricking users into running malicious commands on their own machines using prompts for technical fixes or completing CAPTCHA verification checks. According to data from Microsoft, ClickFix has become the most common initial access method, accounting for 47% of attacks.

The latest campaign displays highly convincing fake Windows update screens in an attempt to get the victim to run malicious code, indicating that attackers are moving away from the traditional robot-check lures. The activity has been codenamed JackFix by the Singapore-based cybersecurity company.

/* */