Information Technology Security Awareness Posts

Microsoft Patches Critical SharePoint Connector Vulnerabilities in Power Platform

Microsoft has patched a critical SharePoint connector vulnerability in Power Platform, which could have allowed attackers to harvest credentials and access sensitive data. The flaw, an SSRF vulnerability, enabled unauthorized API requests via manipulated URLs. Microsoft released a fix in December 2024. Users are urged to update, review roles, and implement security policies to mitigate risks. Read more on the latest security measures and best practices.

By Cybersecurity Team on February 04, 2025

Authorities Seize Domains of Popular Hacking Forums

Authorities have seized the domains of major hacking forums, including Cracked and Nulled, in a global cybercrime crackdown. Operation Talent, involving agencies from multiple countries, led to arrests, server seizures, and the shutdown of illicit marketplaces. These forums, hosting over 10 million users, facilitated the trade of stolen data and hacking tools. The operation marks a significant step in disrupting cybercriminal networks and preventing further exploitation.

By Cybersecurity Team on January 30, 2025

A New Era in Artificial Intelligence and Its Security

China's AI startup DeepSeek has launched DeepSeek-R1, a powerful ChatGPT rival, sparking global security concerns. With rapid adoption and open-source accessibility, the model threatens U.S. tech dominance and raises fears of data privacy breaches, misinformation, and intellectual property theft. As AI competition intensifies, the U.S. and its allies must develop robust policies to safeguard national security and technological leadership.

By Cybersecurity Team on January 30, 2025

American Standard Allegedly Breached by RansomHub Ransomware Group

American Standard, a major kitchen and bathroom fixtures manufacturer, has allegedly been breached by the RansomHub ransomware group. The hackers claim to have stolen 400 GB of data and set a deadline for ransom negotiations. Grohe, another Lixil Group subsidiary, was also listed as a victim. With concerns over sensitive customer data exposure, the company has yet to respond publicly. The incident highlights the growing threat of ransomware attacks on global corporations.

By Cybersecurity Team on January 26, 2025

PayPal Fined for Cybersecurity Failures Exposing Customer Social Security Numbers

PayPal has been fined $2 million by the New York State Department of Financial Services for cybersecurity failures that exposed customers' Social Security numbers. The breach, lasting seven weeks, stemmed from inadequate security measures, including the lack of multifactor authentication. In response, PayPal has implemented stronger security protocols. This case highlights the growing regulatory scrutiny over financial institutions' data protection practices.

By Cybersecurity Team on January 26, 2025

AIDS Vaccine Non-Profit Suffers Hacker Attack

The International AIDS Vaccine Initiative (IAVI) recently suffered a cyber attack, leading to the theft of sensitive data. The breach, which went undetected for several days, prompted an investigation revealing potential compromise of human resources data. IAVI is offering identity protection services to affected individuals and advises vigilant monitoring of financial statements and credit reports.

By Cybersecurity Team on January 26, 2025

LinkedIn Faces Lawsuit Over Private Messages Used for AI Training

LinkedIn is facing a class-action lawsuit over allegations that it used private messages to train AI models without user consent. The lawsuit accuses LinkedIn of violating data privacy laws and breach of contract. This case highlights the growing concerns over how companies handle user data and the need for transparency in privacy policies.

By Cybersecurity Team on January 25, 2025

PowerSchool Data Breach: What You Need to Know

PowerSchool, a major provider of K-12 education technology, suffered a data breach exposing student and teacher information from over 6,500 school districts. The breach compromised names, Social Security numbers, medical records, and academic data. PowerSchool has taken action by notifying authorities and offering identity protection services. Affected individuals should monitor their accounts and stay alert for potential fraud.

By Cybersecurity Team on January 24, 2025

Vulnerabilities in LTE and 5G: A Security Risk Analysis

The transition to 5G brings faster speeds and improved connectivity, but also introduces critical security vulnerabilities. Recent research highlights flaws in LTE and 5G networks that can enable unauthorized access, data interception, and large-scale service disruptions. Weak authentication, backward compatibility, and software vulnerabilities contribute to these risks. Strengthening encryption, real-time monitoring, and securing supply chains are essential to mitigating these threats.

By Cybersecurity Team on January 24, 2025

Trump Administration Eliminates DHS Advisory Committees

The Trump administration has disbanded all DHS advisory committees, including the Cyber Safety Review Board, citing the need to eliminate resource misuse and streamline operations. This move raises concerns about cybersecurity oversight and national security preparedness. Critics warn that dissolving expert panels could weaken the government’s ability to respond to evolving threats, while supporters argue it reduces bureaucratic inefficiencies.

By Cybersecurity Team on January 22, 2025

Former CIA Analyst Pleads Guilty to Leaking Top-Secret Information

A former CIA analyst, Asif William Rahman, has pleaded guilty to unlawfully retaining and leaking top-secret national defense information. He accessed and printed classified documents, later sharing them with unauthorized individuals. Among the leaked data were Israel’s military plans against Iran, which surfaced online. Rahman, arrested in Cambodia, faces up to 10 years in prison per count, highlighting the severe consequences of insider threats to national security.

By Cybersecurity Team on January 22, 2025

Hackers Exploit Zero-Day in cnPilot Routers

Hackers are exploiting a zero-day vulnerability in Cambium Networks' cnPilot routers to deploy the AIRASHI botnet, enabling large-scale DDoS attacks. The botnet, an evolution of AISURU, utilizes advanced encryption and multiple attack vectors, including weak passwords and known exploits. Security experts recommend updating firmware, changing default credentials, and disabling unnecessary remote access to mitigate risks.

By Cybersecurity Team on January 22, 2025

Unsecured Tunneling Protocols Expose 4.2 Million Hosts

Recent research reveals that over 4.2 million internet hosts, including VPNs and routers, are vulnerable due to insecure tunneling protocols. Attackers can exploit these weaknesses to launch DoS attacks, infiltrate networks, and anonymize malicious activities. Organizations must implement IPsec, traffic filtering, and restrict tunneling access to prevent exploitation and safeguard critical infrastructure.

By Cybersecurity Team on January 20, 2025

Ransomware Exploits Amazon S3 Encryption to Lock Data

A new ransomware attack is targeting Amazon S3 buckets, exploiting AWS's Server-Side Encryption with Customer Provided Keys (SSE-C). Attackers encrypt stored data using their own keys, making recovery impossible without payment. Organizations must secure AWS credentials, enforce least privilege access, and monitor suspicious activity to prevent unauthorized encryption and protect critical cloud data.