The Glendale Unified School District recently found itself at the center of a distressing situation when teachers, nurses, counsellors, ...
Recently, Apple users have been struggling with this very issue, as widespread reports of forced password resets have surfaced.
If you've been locked out of your Apple ID in the last day or so without warning, you're not alone
Apple users have been suffering a wave of forced lockouts, with some indicating that they have been forced to reset their passwords to regain access.
The lockouts have resulted in customers losing access to their devices, but there appears to be no root cause or anything in common across incidents, and Apple has yet to comment on the matter.
The company's System Status website indicates that all services are "operating normally," with Apple ID services particularly listed as "available."
If your Apple ID has locked you out, you might panic and try your usual password, but it’s useless. You’re left staring at the blank “Incorrect Password” message. What gives?
The cause behind these lockouts remains hidden in mystery. Experts believe it’s a security measure triggered by suspicious activity, while others suspect a glitch in the matrix. Regardless, the concern is real. Users have taken to social media, sharing their stories of being shut.
If your Apple ID has been blocked out and you must change your password, any app-specific passwords you may have created will also need to be reset. That's something you'll have to do whether you utilize apps like Spark Mail, Fantastical, or any number of others.
It could potentially cause significant issues if you use iOS 17.3's Stolen Device Protection. You'll need to use biometrics on your iPhone, such as Face ID or Touch ID, to access your account or use Apple Pay.
As the lockout story falls out, Apple has remained silent. No official statements, no explanations. The tech giant continues to operate, but the users are panicking to regain control of their digital lives. Is it a glitch? A security enhancement? At this moment, we can only wait for Apple’s response
1. Reset Your Password: Change the password. But remember the app-specific ones too.
2. Biometrics: If you’ve set up Face ID or Touch ID, use them to reclaim your digital ID.
3. Stay Tuned: Keep an eye on Apple’s official channels.
The digital society we live in has made it abundantly clear that being cautious about online activities goes beyond avoiding suspicious links. Recent findings by cybersecurity researchers have surfaced a new ransomware threat that exploits web browsers, potentially putting users' files at risk.
The Rising Threat
Modern web browsers like Google Chrome and Microsoft Edge offer advanced functionalities, allowing users to seamlessly interact with various online services, from email to multimedia streaming. However, these capabilities also open doors for hackers to manipulate browsers and gain unauthorised access to users' local file systems.
What Is The Risk?
The File System Access API, utilised by browsers, enables web applications to interact with users' files. This means that uploading files to seemingly benign online tools could inadvertently grant hackers access to personal data stored on the user's computer.
The Implications
Imagine using an online photo editing tool. Uploading files for editing could inadvertently expose your entire file system to malicious actors, who could then encrypt your files and demand ransom for decryption.
The Scale of the Issue
Ransomware attacks have become increasingly prevalent, targeting individuals and organisations across various sectors. In 2023 alone, organisations paid over $1.1 billion in ransomware payments, highlighting the urgent need for robust cybersecurity measures.
Addressing the Threat
Researchers at the Cyber-Physical Systems Security Lab at Florida International University have been investigating this new breed of ransomware. Their findings, presented at the USENIX Security Symposium, underscore the severity of the threat posed by browser-based ransomware.
Recommended Practices
The research team proposed three defence approaches to mitigate the risk of browser-based ransomware. These strategies focus on detecting and preventing malicious activity at the browser, file system, and user levels, offering a multi-layered defence mechanism against potential attacks.
1. Temporarily Halting Web Applications:
This approach involves temporarily suspending a web application's activity within the browser to detect any suspicious behavior related to file encryption. By monitoring the application's actions, security systems can identify and interrupt potential ransomware activity before it causes significant damage. This measure enables users to maintain control over their files and prevent unauthorised access by any threat actors.
2. Monitoring Web Application Activity:
In addition to halting web applications, this defense strategy focuses on continuously monitoring their activity on users' computers. By analysing patterns and behaviours associated with ransomware attacks, security systems can easily detect and respond to any anomalous activities. This real-time monitoring ensures timely intervention and minimizes the impact of browser-based ransomware on users' systems.
3. Introducing Permission Dialog Boxes:
To empower users with greater control over their file system access, this approach proposes the implementation of permission dialogue boxes. When a web application requests access to the user's local files, a dialogue box prompts the user to approve or deny the request, along with providing information about the associated risks and implications. By promoting user awareness and informed decision-making, this measure ensures security posture and reduces the likelihood of inadvertent file exposure to ransomware threats.
As technology continues to transform, so do the tactics employed by cybercriminals. By staying informed and implementing proactive cybersecurity measures, users can safeguard their digital assets against threats like browser-based ransomware.
Every day, Microsoft analyzes over 78 trillion security signals to gain a deeper understanding of the current threat pathways and methodologies. Since last year, we've seen a shift in how threat actors scale and use nation-state backing. It's apparent that companies are facing more threats than ever before, and attack chains are becoming more complicated. Dwell times have decreased, and tactics, techniques, and procedures (TTPs) have evolved to be more agile and evasive.
Based on these findings, here are five attack trends that end-user organizations should be watching regularly.
Some threat actor organizations prioritize stealth by using tools and processes that are already installed on their victims' systems. This enables attackers to fly under the radar and go undiscovered by concealing their operations among other threat actors that use similar approaches to launch assaults.
Volt Typhoon, a Chinese state-sponsored actor, is an example of this trend, having made news for targeting US critical infrastructure using living-off-the-land practices.
Nation-state actors have also developed a new type of tactics that blends cyber and influence operations (IO) techniques. This hybrid, known as "cyber-enabled influence operations," combines cyber methods such as data theft, defacement, distributed denial-of-service, and ransomware with influence methods such as data leaks, sockpuppets, victim impersonation, misleading social media posts, and malicious SMS/email communication to boost, exaggerate, or compensate for weaknesses in adversaries' network access or cyberattack capabilities.
For example, Microsoft has noticed various Iranian actors trying to use bulk SMS texting to increase and psychologically impact their cyber-influence activities. We're also seeing more cyber-enabled influence operations attempt to imitate alleged victim organizations or key figures inside those organizations to lend legitimacy to the impacts of the malware or compromise.
The increased use of small-office/home-office (SOHO) network edge devices is especially relevant for distributed or remote employees. Threat actors are increasingly using target SOHO devices—such as the router at a local coffee shop—to assemble hidden networks.
Some adversaries will even employ programs to locate susceptible endpoints around the world and identify potential targets for their next attack. This approach complicates attribution by having attacks appear from almost anywhere.
Microsoft has noticed an increase in the number of nation-state subgroups using publicly released proof-of-concept (POC) code to exploit vulnerabilities in Internet-facing apps.
This tendency can be seen in threat groups such as Mint Sandstorm, an Iranian nation-state actor that quickly exploited N-day vulnerabilities in common corporate systems and launched highly focused phishing attacks to get speedy and effective access to target environments.
We've noticed a persistent trend toward ransomware expertise. Rather than conducting an end-to-end ransomware campaign, threat actors are focusing on a limited set of skills and services.
This specialization has a breaking effect, distributing components of a ransomware attack across different vendors in a complicated underground market. Companies can no longer think of ransomware attacks as originating from a single threat actor or group.
Instead, they might be attacking the entire ransomware-as-a-service ecosystem. In response, Microsoft Threat Intelligence now tracks ransomware providers individually, identifying which groups deal in initial access and which supply additional services.
As cyber defenses seek better ways to strengthen their security stance, it is critical to look to and learn from past trends and breaches. By examining these occurrences and understanding different attackers' motivations and preferred TTPs, we can better prevent such breaches in the future.