Month: February 2023

Threat actors are shifting away from traditional ransomware and toward malware-free cyber attacks, according to a new report from CrowdStrike. The cybersecurity vendor this week published its “2023 Global Threat Report,” which annually compiles CrowdStrike’s research related to cybercrime, or “eCrime,” from the previous year. Major topics covered in the 2023 report include malware-free extortion
Security researchers have recorded a 76% year-on-year (YoY) increase in financial losses stemming from phishing attacks, as sophisticated tactics and user knowledge gaps give threat actors the upper hand. Proofpoint compiled its 2023 State of the Phish report from interviews with 7500 consumers and 1050 IT security professionals across 15 counties, as well as 135
As digital transformation takes hold and businesses become increasingly reliant on digital services, it has become more important than ever to secure applications and APIs (Application Programming Interfaces). With that said, application security and API security are two critical components of a comprehensive security strategy. By utilizing these practices, organizations can protect themselves from malicious
TikTok has been banned from government-issued mobile devices in Canada, the country’s Treasury Board announced Monday. Taking effect on February 28, this block follows similar actions taken by the European Commission and some state governments in the U.S. The European Commission issued their directive to remove TikTok from government devices late last week. That same
Decentralized identity has been getting attention as a way of addressing the shortcomings of centralized identity. But what does decentralized identity really mean? And how would managing centralized identities differ from managing decentralized identities? Learn about centralized vs. decentralized identity management, as well as the advantages and disadvantages of each from two viewpoints: organizations that
by Paul Ducklin Thanks to Tommy Mysk and Talal Haj Bakry of @mysk_co for the impetus and information behind this article. The duo describe themselves as “two iOS developers and occasional security researchers on two continents.” In other words, although cybersecurity isn’t their core business, they’re doing what we wish all programmers would do: not
Feb 27, 2023Ravie LakshmananBrowser Security / Malware A new ChromeLoader malware campaign has been observed being distributed via virtual hard disk (VHD) files, marking a deviation from the ISO optical disc image format. “These VHD files are being distributed with filenames that make them appear like either hacks or cracks for Nintendo and Steam games,”
Twitter has laid off at least another 50 employees, according to a report from The Information and posts on social media from former workers. And apparently not even Elon Musk loyalist Esther Crawford, the chief executive of Twitter payments who oversaw the company’s Twitter Blue verification subscription, was spared, according to Platformer’s Zoë Schiffer. Alex
The US Cybersecurity and Infrastructure Security Agency (CISA) warned nations’ defenders yesterday against disruptive and defacement attacks today. These, the agency said on Thursday, may spur from attempts to sow chaos and societal discord on the anniversary of Russia’s 2022 invasion of Ukraine. “In response to the heightened geopolitical tensions resulting from Russia’s full-scale invasion
Feb 24, 2023The Hacker NewsCybersecurity Webinar / SaaS Security Are you prepared to tackle the top SaaS challenges of 2023? With high-profile data breaches affecting major companies like Nissan and Slack, it’s clear that SaaS apps are a prime target for cyberattacks. The vast amounts of valuable information stored in these apps make them a
ESET Research has compiled a timeline of cyberattacks that used wiper malware and have occurred since Russia’s invasion of Ukraine in 2022 This blogpost presents a compiled overview of the disruptive wiper attacks that we have observed in Ukraine since the beginning of 2022, shortly before the Russian military invasion started. We were able to
Incident response planning and the development of incident handling procedures are core to any effective information security program. As enterprise cloud use becomes more ubiquitous, it’s more important than ever to include the cloud in the incident response process. What is cloud incident response? Incident response, in general, encompasses plans, processes and controls that help
Feb 24, 2023Ravie LakshmananMobile Security / Firmware Google said it’s working with ecosystem partners to harden the security of firmware that interacts with Android. While the Android operating system runs on what’s called the application processor (AP), it’s just one of the many processors of a system-on-chip (SoC) that cater to various tasks like cellular
The PlayStation VR2 is a simultaneously exciting and disappointing development in the virtual reality space. Well-specced, easy to set up and reasonably light and comfortable, Sony’s latest still can’t shake the fundamental issues that have prevented VR from going mainstream: a lack of compelling content and despite a brand new 4K OLED display, distracting image
With the conflict in Ukraine passing the one-year mark, have its cyber-war elements turned out as expected? It’s been twelve months since Russia invaded Ukraine, and it’s a good time to pause and reflect on a few pertinent issues, including: How is the war playing out in cyberspace? Have the cyber-elements turned out as expected?
Russia’s invasion of Ukraine has disrupted the vast cybercrime underground operating from the country, thanks to mobilization of some threat actors and the emigration of others, according to Recorded Future. The threat intelligence firm’s new report, Russia’s War Against Ukraine Disrupts the Cybercriminal Ecosystem, is compiled from analysis of dark web sources. The cybersecurity vendor
Feb 24, 2023Ravie LakshmananPrivacy / Data Safety An investigation into data safety labels for Android apps available on the Google Play Store has uncovered “serious loopholes” that allow apps to provide misleading or outright false information. The study, conducted by the Mozilla Foundation as part of its *Privacy Not Included initiative, compared the privacy policies
Amazon is joining the Indian government-backed e-commerce initiative that seeks to “democratize” online shopping in the South Asian market and amusingly challenge the very dominance of companies such as the American retail group. In a statement on Friday, Amazon said it will integrate its logistics network and SmartCommerce, its platform to digitize neighborhood stores, to