Philip Choo

Boston-based privacy and security startup Cloaked, launched its apps today to let users create unique proxy emails, phone numbers, and passwords for online accounts. The company, which was in private beta for the last two years, is now making its solution available for everyone through its web app, Chrome extension, along with mobile apps (available
Introduction In today’s interconnected digital ecosystem, Application Programming Interfaces (APIs) play a pivotal role in enabling seamless communication and data exchange between various software applications and systems. APIs act as bridges, facilitating the sharing of information and functionalities. However, as the use of APIs continues to rise, they have become an increasingly attractive target for
The Station is a weekly newsletter dedicated to all things transportation. Sign up here — just click The Station — to receive the newsletter every weekend in your inbox. Subscribe for free.  Welcome back to The Station, your central hub for all past, present and future means of moving people and packages from Point A to Point B.
Recent weeks have witnessed a significant increase in cyber-attacks targeting the US Postal Service (USPS), mainly through phishing and smishing campaigns.  The surge in these attacks has prompted DomainTools researchers to delve into their origins and implications, with findings described in an advisory published on Thursday. One smishing message raised suspicions due to its peculiar
Sep 30, 2023THNCyber Espionage / Malware Sophisticated cyber actors backed by Iran known as OilRig have been linked to a spear-phishing campaign that infects victims with a new strain of malware called Menorah. “The malware was designed for cyberespionage, capable of identifying the machine, reading and uploading files from the machine, and downloading another file
Microsoft’s Bing Chat has come under scrutiny due to a significant security concern – the infiltration of malicious ads. Malwarebytes researchers have now demonstrated how unsuspecting users seeking software downloads can be tricked into visiting malicious websites and unwittingly downloading malware. Bing Chat, an artificial intelligence (AI) interactive text and image application powered by OpenAI’s
The role of the chief information security officer has evolved significantly in recent years. As cybersecurity becomes even more of a critical concern for businesses, CISOs now find themselves in increasingly pivotal positions within their organizations. The intensity of the CISO position means it typically has a shelf life, however, with security leaders often leaving
Sep 30, 2023THNRansomware / Cyber Threat The U.S. Federal Bureau of Investigation (FBI) is warning of a new trend of dual ransomware attacks targeting the same victims, at least since July 2023. “During these attacks, cyber threat actors deployed two different ransomware variants against victim companies from the following variants: AvosLocker, Diamond, Hive, Karakurt, LockBit,
Video During the attack, the group deployed several tools, most notably a newly-discovered sophisticated backdoor that ESET named LightlessCan 29 Sep 2023 This week, ESET researchers unveiled their findings about an attack by the North Korea-linked APT group Lazarus that took aim at an aerospace company in Spain. The group obtained initial access to the
Streamers are leaving Kick en masse in protest of the platform’s lack of safety guidelines, after a prominent creator streamed an encounter with a sex worker without informing her that there were other people present. She was briefly prevented from leaving after she expressed discomfort, while Kick’s CEO posted laughing emotes in the stream chat. 
The Russian firm Operation Zero has announced a staggering $20m reward for hacking tools capable of compromising iPhones and Android devices.  The company unveiled this increased payout on X (formerly Twitter) on Tuesday, aiming to attract top-tier researchers and developer teams to collaborate with their platform. Under this program, Operation Zero is willing to pay
Volkswagen’s $2.1 billion plan to launch a dedicated electric-vehicle factory in Wolfsburg, Germany is kaput.  The automaker instead reportedly plans to modify its existing plants in Zwickau and Wolfsburg to handle production of a new flagship EV — the postponed Project Trinity — and an all-electric Golf hatchback.  This tracks with an earlier statement from
SpaceX won its first contract for Starshield, the defense-focused version of its Starlink satellite internet service, from the U.S. Space Force. The one-year contract has a maximum value of $70 million, a U.S. Air Force representative told Bloomberg. The contract “provides for Starshield end-to-end service via the Starlink constellation, user terminals, ancillary equipment, network management
The Budworm advanced persistent threat (APT) group, also known as LuckyMouse, Emissary Panda or APT27, has once again demonstrated its active development of cyber-espionage tools.  In August 2023, security researchers from Symantec’s Threat Hunter Team, a part of Broadcom, uncovered Budworm’s use of an updated version of its key tool to target a Middle Eastern telecommunications
Sep 28, 2023THNSupply Chain / Malware A new malicious campaign has been observed hijacking GitHub accounts and committing malicious code disguised as Dependabot contributions with an aim to steal passwords from developers. “The malicious code exfiltrates the GitHub project’s defined secrets to a malicious C2 server and modify any existing javascript files in the attacked
Two new security flaws in the popular Simple Membership plugin for WordPress, affecting versions 4.3.4 and below, have been identified, leading to potential privilege escalation issues.  With over 50,000 active installations, the plugin developed by smp7 and wp.insider is widely used for custom membership management on WordPress sites. The flaws identified by Patchstack security researchers include
What is Protected Extensible Authentication Protocol (PEAP)? Protected Extensible Authentication Protocol (PEAP) is a security protocol commonly used to protect wireless networks. PEAP extends the Extensible Authentication Protocol (EAP) by encapsulating the EAP connection within a Transport Layer Security (TLS) tunnel. PEAP was designed to provide authentication for 802.11 wireless local area networks (WLANs) to
Sep 27, 2023THNMalware / Cyber Attack A new threat actor known as AtlasCross has been observed leveraging Red Cross-themed phishing lures to deliver two previously undocumented backdoors named DangerAds and AtlasAgent. NSFOCUS Security Labs described the adversary as having a “high technical level and cautious attack attitude,” adding that “the phishing attack activity captured this
Secure Coding, Business Security Or, is mass public meddling just opening the door for problems? And how does open-source software compare to proprietary software in terms of security? 26 Sep 2023  •  , 5 min. read There are – and will always be – vulnerabilities in software. Just like there is no perfect security, there
The payment landscape in Africa is still fragmented, with several payment operators providing different payment options to customers as well as businesses. Due to this fragmentation, payment failures are inevitable due to factors such as invalid cards, inactive accounts and high dispute rates. One of the few startups working on payment orchestration to address this