Philip Choo

Twitter’s ditching of free text-message authentication doesn’t mean that you should forgo using 2FA. Instead, switch to another – and, indeed, better – 2FA option. Starting today, Twitter is disabling SMS-based two-factor authentication (2FA) for all but paying users following a decision that, not unlike other recent moves by the social media giant, has been
API use and capabilities have grown significantly over the past decade to improve application development; interaction with services and app features; and integration with applications, services and components of all types. Nowhere is this truer than in the cloud, where API availability and use are the norm rather than the exception. APIs have also become
The UK’s leading cybersecurity agency has launched two new services designed to help the nation’s small businesses to more effectively enhance their cyber-risk management. The National Cyber Security Agency (NCSC) today announced a Cyber Action Plan – a questionnaire for small organizations and individuals/families, which delivers a free personalized security to-do list depending on the answers
Mar 21, 2023Ravie LakshmananLinux / Server Security Poorly managed Linux SSH servers are being targeted as part of a new campaign that deploys different variants of malware called ShellBot. “ShellBot, also known as PerlBot, is a DDoS Bot malware developed in Perl and characteristically uses IRC protocol to communicate with the C&C server,” AhnLab Security
What is the Cloud Security Alliance? The Cloud Security Alliance (CSA) is a nonprofit organization that promotes research into best practices for securing cloud computing and the use of cloud technologies to secure other forms of computing. CSA uses the expertise of industry practitioners, associations and governments, as well as its corporate and individual members,
Attacker-reported ransomware incidents increased by 17% annually in the UK last year, despite a global decline in overall volumes, according to Jumpsec. The London-headquartered security vendor compiled its annual trends report from manual investigation techniques and automated bots designed to scrape public-facing websites run by ransomware actors. It said that data from the first part of
Mar 20, 2023Ravie LakshmananCyber Threat / Malware A new piece of malware dubbed dotRunpeX is being used to distribute numerous known malware families such as Agent Tesla, Ave Maria, BitRAT, FormBook, LokiBot, NetWire, Raccoon Stealer, RedLine Stealer, Remcos, Rhadamanthys, and Vidar. “DotRunpeX is a new injector written in .NET using the Process Hollowing technique and
Mar 18, 2023Ravie LakshmananCyber Crime / Data Breach U.S. law enforcement authorities have arrested a New York man in connection with running the infamous BreachForums hacking forum under the online alias “Pompompurin.” The development, first reported by Bloomberg Law, comes after News 12 Westchester, earlier this week, said that federal investigators “spent hours inside and
ESET researchers analyzed Android and Windows clippers that can tamper with instant messages and use OCR to steal cryptocurrency funds ESET researchers have discovered dozens of copycat Telegram and WhatsApp websites targeting mainly Android and Windows users with trojanized versions of these instant messaging apps. Most of the malicious apps we identified are clippers –
Mar 18, 2023Ravie LakshmananNetwork Security / Cyber Espionage The zero-day exploitation of a now-patched medium-severity security flaw in the Fortinet FortiOS operating system has been linked to a suspected Chinese hacking group. Threat intelligence firm Mandiant, which made the attribution, said the activity cluster is part of a broader campaign designed to deploy backdoors onto
When Porsche partnered with venture studio UP.Labs, the mission was to create six startups over three years all designed to solve the German automaker’s biggest problems and be compelling enough as a standalone business it that can attract other customers. On Porsche’s list: software that helps manage and automate the performance of EVs. Pull Systems,
The UK’s data protection regulator has reprimanded the country’s largest police service for failing to properly maintain records on organized crime groups (OGCs), resulting in inaccurate information being stored on a key database. The Information Commissioner’s Office (ICO) said that London’s Metropolitan Police (MPS) infringed the Data Protection Act 2018, which states that “all reasonable steps