Business IT Strategy Archives - Velox Systems

CISA Warns of Active Exploitation of Trimble Cityworks Vulnerability

CISA Warns of Active Exploitation of Trimble Cityworks Vulnerability. The organization has issued an urgent warning regarding an exploited security flaw in Trimble Cityworks.  Cityworks is designed to assist local governments and utility agencies in a multitude of areas. These include management of capital assets, workflows, communication, licensing, and permits. The cloud-based platform enables users […]

Third-Party Apps are Accessing User Data Without Permission

Third-Party apps are accessing user data without permission. New research from web exposure management specialist Reflectiz highlights alarming website vulnerabilities across industries. Using proprietary data from the top 100 websites by traffic in each sector, the findings reveal critical risks: 45% of third-party apps access user data without proper authorization. 53% of retail risk exposures […]

Smartphones can leave your organization open to vulnerabilities

Smartphones can leave your organization open to vulnerabilities. Cybersecurity researchers have uncovered a critical vulnerability in the Monkey’s Audio (APE) decoder on Samsung smartphones. This potentially allows attackers to execute malicious code. This high-severity flaw affects Samsung devices running Android 12, 13, and 14, according to a December 2024 advisory from Samsung. The Danger this […]

Ransomware is Utilizing AI for Extortion and Data Brokering

Ransomware is Utilizing AI for Extortion and Data Brokering. Cybersecurity researchers have uncovered an AI-assisted ransomware group, FunkSec, that emerged in late 2024. According to Check Point Research, FunkSec employs double extortion tactics, combining data theft and encryption to pressure victims into paying unusually low ransoms—sometimes as little as $10,000. The group also acts as […]

Malware is putting financial instiutions in jeopardy

Malware is putting financial institutions in jeopardy. Brazilian banking institutions are under attack from a custom variant of the AllaKore remote access trojan (RAT), dubbed AllaSenha, according to French cybersecurity firm HarfangLab. The malware, designed to steal banking credentials, uses Azure cloud infrastructure for its command-and-control (C2) operations. Targeted banks include Banco do Brasil, Bradesco, […]

Real Time Proactive PAM Strategies are Vital

Real-time proactive PAM strategies are vital. Privileged accounts are frequent targets for attackers, yet many organizations focus on managing access rather than securing the accounts and users themselves. This gap often arises from the complexities of Privileged Access Management (PAM) deployments. As threats evolve, organizations must shift priorities to secure privileged access, preventing trust from […]

Velox Systems Cybersecurity Workshop Insights

On Tuesday, November 12th, Velox Systems and TDS teamed up to host an interactive Cybersecurity/Resiliency Workshop at 10 Barrel Eastside. The event drew attendees from various industries and positions from across Central Oregon. The workshop offered a valuable hands-on learning about cybersecurity. We now provide some Velox Systems Cybersecurity workshop insights.   Cybersecurity Workshop Format […]

Stolen session tokens can wreak havoc on your data

Stolen session tokens can wreak havoc on your data. The Chinese-linked threat actor Evasive Panda is targeting government entities and a religious organization in Taiwan using a previously undocumented toolset called CloudScout.   What is CloudScout? According to ESET security researcher Anh Ho, CloudScout does this through the leveraging of stolen web session cookies to […]

Fake Trading Apps Target Victims Globally via Apple and Google Stores

  Fake trading apps target victims globally. Recently, a large-scale fraud campaign was leveraging fake trading apps through Apple App and Google Play Store. This campaign takes advantage of a scheme known as pig butchering.  Pig butchering is where prospective victims are lured into making investments often in cryptocurrency after they put trust in a […]

Expiring Passwords are an Organizational Frustration

Expiring passwords are an organizational frustration. The time to reset multiple passwords is often tedious, and then one has to remember new passwords. However, not resetting your passwords can lead to cybersecurity nightmares. Read on to learn the rationale behind password expires.   Why do we have password expiries? The 90-day password reset rule was […]