Data breaches are something that affect more and more businesses every year. Though the immediate effects can be catastrophic, there are long-lasting effects that remain far after the initial threat has passed. Data Breaches: A Major Threat to Trust and...
SpireTech Company News and Tips
Security
Critical Zero-Day Vulnerability Affects Many Applications
A zero-day vulnerability, known as CVE-2023-5129, has been discovered in a commonly used graphics file format called WebP. A zero-day vulnerability is an exploit found in a recently released update, so recent that there aren’t patches available yet. This vulnerability...
The Hidden Dangers of Business Email Compromise
In the digital age, business email compromise (BEC) has emerged as a significant threat to companies of all sizes. BEC is a type of phishing attack where a cybercriminal impersonates a high-ranking executive to trick an employee, customer, or vendor into transferring...
Microsoft to Stop Supporting SMS 2FA
If you are aware of the dangers of an unprotected account, you might have enabled two-factor authentication (2FA) to prevent attacks from threat actors. 2FA is a security feature that requires a user to enter a code sent to their phone or email, in addition to their...
QR Codes are being used in Phishing Attacks
QR codes are being used to deliver phishing links. In a phishing campaign estimated to have launched in May 2023, threat actors utilize QR codes to redirect users to a harmful location. This campaign targets someone’s Microsoft credentials and asks them to scan the...
Ransomware a bigger threat than ever: 2023 Crypto Crime Mid-Year Update
Chainanalysis, a data firm that specializes in blockchain information, has released a mid-year report on crypto crime. Ransomware comes out swinging So far in 2023, ransomware is the only type of cryptocurrency-based crime that has seen an increase...
Center for Internet Security (CIS) Overview and Explanation for Business
The Center for Internet Security (CIS) is a group made up of volunteers and experts hoping to educate individuals and enterprises on common and damaging cyberattacks. Their security standards are often cited by cyber insurance companies as being within compliance....
Microsoft to enforce number matching in Authenticator app. Updated May 2023.
From the Microsoft Blog. Beginning May 8, 2023, Microsoft will start enforcing number matching for all users who have MFA enabled on their Microsoft 365 account. Number matching in authentication procedures refers to displaying a number on one device (typically a cell...
How scammers took over Google Ads with malvertising
The shiny new phishing tactic on the block is malvertising, or the efforts of threat actors to mimic a legitimate company’s website, landing pages, URL, and more. Google Ads has recently come under fire for their handling of final destination URLs, and the relative...
Latest LastPass data breach exposes user passwords: here’s what to do
The password manager LastPass has suffered a major data breach. Or, more accurately, another major data breach. Using information gained during a security breach in August 2022, threat actors were able to get a full copy of the data LastPass stores on a cloud-based...