awarenessInfo-security training — with glue and scissors
DIY security trainings for your colleagues that are both fun (for you) and educational (for them).
Latest
e-mailMicrosoft planning to block outdated Exchange servers
Microsoft plans to throttle and block email from vulnerable Exchange servers to Exchange Online.
supply chainSupply-chain attack on 3CX clients
Cybercriminals are attacking 3CX VoIP telephony software users via trojanized applications.
PIIHow to work safely with personal data
How to store and process personally identifiable information in a company with minimum risks.
privacyThe secret’s out: cropped and edited pictures can be restored
Do you edit images in Windows 11 or on Google Pixel? Due to a developer error, hidden information in cropped or edited pictures can be recovered.
Bitcoin-cloud mining scam
Scammers are pretending to offer users tens of thousands of dollars, supposedly accumulated in an account on an “automated cloud-mining platform”.
phishingSharePoint as a phishing tool
Cybercriminals are using hijacked SharePoint servers to send dangerous notifications.
Remote hacking of Samsung, Google and Vivo smartphones: the problem and the solution
Vulnerabilities found in the Exynos chipset allow Samsung, Vivo and Google smartphones to be remotely hacked if the owner’s phone number is known. How is this possible, and how to protect yourself?
Gamers
The Phantom Menace: how gamers of different ages are being attacked
Why scammers are more likely to target kids than hardcore gamers, how they do it, and what they want to steal
The true cost of gaming
Our research reveals gamers’ attitudes toward computer performance — and the ethics of winning and losing.
Where did that game cheats video on your YouTube channel come from?
The RedLine Trojan stealer spreads under the guise of cheats for popular games and posts videos on victims’ YouTube channels with a link to itself in the description.
$2 million inventory hacked in CS:GO
An unnamed hacker allegedly stole two million dollars’ worth of items from a CS:GO player’s backpack and has already started auctioning off the items.
Attack on Cities: Skylines — malicious code in a virtual city
We explain why game mods can be dangerous, using as an example malicious mods for Cities: Skylines.
Dangerous vulnerability in Dark Souls III videogame
Dangerous vulnerability was discovered in Dark Souls III videogame that can be used to gain control of a gamer’s computer.
Malicious activity in Discord chats
In the wake of recent research, we talk about several scenarios that underlie malicious activity on Discord.
BloodyStealer is hunting for gamers
Gamer accounts are in demand on the underground market. Proof positive is BloodyStealer, which steals account data from popular gaming stores.
Business
Copyright infringement backlink scam
How scammers force website owners to add potentially dangerous links by threatening harsh consequences for copyright infringement.
How too-eager-to-please new employees get scammed
Scammers are using social engineering to shake down newly onboarded employees.
Disable browser synchronization in the office
It’s common practice in many companies to keep work and personal information separate. But browser synchronization often remains unnoticed — and attackers are already exploiting it.
Five reasons not to use desktop messengers
We explain why it’s best not to use desktop versions of messengers such as WhatsApp, Telegram, Signal and the like.
The pros and cons of open source for businesses
Business is actively moving over to open-source solutions. How can the transition be made successfully, and what are the risks to consider?
Food delivery-service data-leaks
Food delivery services’ databases may not contain payment information, but leaks can still cause major problems.
I firmly believe that the concept of cybersecurity will soon become obsolete, and cyberimmunity will take its place.
Eugene Kaspersky
Business
Popular
Critical vulnerability in Apache Log4j library
Researchers discovered a critical vulnerability in Apache Log4j library, which scores perfect 10 out of 10 in CVSS. Here’s how to protect against it.
updatesFive things to update ASAP
Prioritize updating the apps that keep your devices and personal data safe from cyberattacks.
Update iOS, there is a dangerous vulnerability in WebKit
Dangerous vulnerability in WebKit (CVE-2022-22620) is believed to be actively exploited by hackers. Update your iOS devices as soon as possible!
What to do if you lose your phone with an authenticator app
Can’t sign in to an account because your authenticator app is on a lost phone? Here’s what to do.
Infected Android app store
The APKPure app store has been infected by a malicious module that downloads Trojans to Android devices.
Follina: office documents as an entrance
New vulnerability CVE-2022-30190, aka Follina, allows exploitation of Windows Support Diagnostic Tool via MS Office files.
Who’s in your Facebook and Instagram accounts?
What to do if you receive a notification about a suspicious login to your Facebook or Instagram account.
How to guard against Zerologon and similar vulnerabilities
To stop all threats to the corporate infrastructure, you have to do more than just protect workstations.
Tips
Why you should set up secure DNS – and how
Have you ever come across the words Secure DNS or Private DNS in your smartphone settings and security apps? It’s best to keep this feature enabled – it has many advantages.
How to avoid online recruitment scams in 2023
Received an attractive job offer from a stranger? Be careful! It could be a scam…
Cybersecure Christmas
Many hacks have started during Christmas holidays. A few simple tips will reduce the chances of your company becoming the next victim.