GovInfoSecurity
Compliance
@prajeetspeaks) • May 6, 2021 Get Permission
Attackers are increasingly using malicious OAuth 2.0 applications to siphon data and access sensitive information from a wide variety of cloud platforms, and mitigating the risks is proving challenging, according to the security firm Proofpoint.
In 2020, Proofpoint detected more than 180 malicious OAuth 2.0 applications attacking over 55% of its customers with a success rate of 22%.
Microsoft introduced a Publisher Verification mechanism for Microsoft Partner Network accounts in Azure AD to help stop malicious OAuth apps targeting its cloud platforms, such as Office 365. This has had limited success in reducing cloud malware intrusions, and many challenges remain, Proofpoint and other security experts say.
A recent study by Kaspersky revealed that nearly one quarter of PCs still run Microsoft Windows 7, which stopped receiving mainstream support in January 2020.
Using an end-of-life operating system that no longer receives security updates is akin to driving a car with a brake light on, suggested Oliver Tavakoli, CTO at Vectra AI.
22% of PC users still use Windows 7, which Microsoft stopped supporting in January 2020. (Photo by Drew Angerer/Getty Images)
Researchers on Monday reported that 22% of PC users still use Windows 7, which Microsoft stopped supporting in January 2020.
In a company release, Kaspersky said the study was based on anonymized OS metadata provided by consenting Kaspersky Security Network users.
âA trusted operating system may seem fine on the surface, but if the vendor no longer supports it with important updates to the software, the system becomes more susceptible to attacks,â Kaspersky said. âWhen operating systems reach end-of-life, vulnerabilities will remain on the system without patch updates to resolve issues, providing cyber attackers with potential ways to gain access.â
minute read
Share this article:
The notorious cybercrime gang could make out whether or not Apple pays the $50 million ransom by May 1 as demanded.
The REvil ransomware gang is known for audacious attacks on the world’s biggest organizations, and its demands for astronomical ransoms to match. But the gang’s latest squeeze on Apple just hours before its splashy new product launch was a bold move, even for the notorious ransomware-as-a-service gang.
The original attack was launched against Quanta, a Global Fortune 500 manufacturer of electronics, which claims Apple among its customers. The Taiwanese-based company was contracted to assemble Apple products, including Apple Watch, Apple Macbook Air and Pro, and ThinkPad, from an Apple-provided set of design schematics.