Information Technology Security Awareness Posts

New Smishing Campaign Targets iMessage Users by Exploiting Apple's Phishing Protections

New Smishing Campaign Targets iMessage Users by Exploiting Apple's Phishing Protections

A new smishing campaign targets iMessage users by exploiting Apple’s phishing protections. Attackers send deceptive messages prompting users to respond, which reactivates disabled links from unknown senders. This exposes users to phishing sites and potential data theft. To stay safe, avoid responding to unknown senders, keep iMessage protections enabled, and report suspicious messages. Vigilance and proper security practices are key to mitigating this threat.

By Cybersecurity Team on January 14, 2025

Vulnerability in Google's OAuth Workflow Poses Security Risks

Vulnerability in Google's OAuth Workflow Poses Security Risks

A critical vulnerability in Google’s OAuth authentication allows users to create unmanaged Google accounts linked to corporate email domains. This exploit enables former employees or attackers to maintain unauthorized access to third-party apps like Slack and Zoom, even after leaving an organization. By leveraging email aliases, these accounts bypass corporate controls, posing significant security risks.

By Cybersecurity Team on January 14, 2025

Recent macOS Vulnerability Allows Bypass of System Integrity Protection

Recent macOS Vulnerability Allows Bypass of System Integrity Protection

Apple recently patched a critical macOS vulnerability (CVE-2024-44243) that allowed attackers with root access to bypass System Integrity Protection (SIP), enabling the installation of malicious kernel drivers and unauthorized access to private data. Discovered by Microsoft's security team, this flaw highlights the importance of timely updates. Users are urged to upgrade to macOS Sequoia 15.2 or later to protect against potential exploits.

By Cybersecurity Team on January 13, 2025

PowerSchool Data Breach Exposes Sensitive Information of Students and Educators

PowerSchool Data Breach Exposes Sensitive Information of Students and Educators

PowerSchool, a leading K-12 edtech provider, suffered a data breach exposing sensitive information of students and staff, including Social Security numbers, medical records, and academic grades. Hackers accessed the system via compromised credentials. While PowerSchool paid a ransom and claimed data deletion, concerns persist about misuse. Schools are urged to enhance cybersecurity measures to prevent future breaches.

By Cybersecurity Team on January 10, 2025

Gravy Analytics Data Breach Exposes Unwitting Location Tracking via Popular Apps

Gravy Analytics Data Breach Exposes Unwitting Location Tracking via Popular Apps

Gravy Analytics faced a major data breach, revealing how it covertly collected user location data from popular apps like Candy Crush, Tinder, and Muslim Pro. Using real-time bidding (RTB) in online ads, Gravy Analytics tracked users without their consent. This raises serious privacy concerns, as sensitive locations like healthcare and religious sites were exposed. The FTC has since banned the sale of such data, urging stricter regulations to protect users.

By Cybersecurity Team on January 10, 2025

PhishWP Plugin: A New Threat to WordPress Security

PhishWP Plugin: A New Threat to WordPress Security

PhishWP, a malicious WordPress plugin, allows attackers to turn legitimate sites into phishing traps, mimicking payment gateways like Stripe to steal sensitive data. It captures credit card details and 3D Secure OTPs, enabling fraudulent transactions. As WordPress vulnerabilities rise, site owners must adopt robust security measures like updates, strong passwords, and malware scans to combat evolving threats in 2025.

By Cybersecurity Team on January 09, 2025

Ivanti Releases Critical Security Updates for Connect Secure Appliances

Ivanti Releases Critical Security Updates for Connect Secure Appliances

Ivanti has released critical security updates for Connect Secure appliances to address CVE-2025-0282, a zero-day vulnerability actively exploited for remote code execution. Administrators are urged to apply firmware version 22.7R2.5 immediately. Additional updates for Ivanti Policy Secure and Neurons for ZTA Gateways will follow. The move highlights the need for timely patching to safeguard against emerging threats.

By Cybersecurity Team on January 09, 2025

Telegram's Shift in Data Sharing Policies Raises Privacy Concerns

Telegram's Shift in Data Sharing Policies Raises Privacy Concerns

Telegram, once celebrated for its privacy, has begun sharing user data, including IP addresses and phone numbers, with authorities following CEO Pavel Durov's legal troubles. The policy shift aims to combat criminal misuse but has raised concerns about privacy erosion. Telegram's cooperation with law enforcement has surged, highlighting the tension between privacy and security. Users are urged to stay informed about these changes.

By Cybersecurity Team on January 09, 2025