Philip Choo

An eye-opening 74% of breaches include the human element, according to Verizon’s “2023 Data Breach Investigations Report,” be it from negligence, stolen credentials or falling victim to phishing scams. With IBM reporting the average total cost of a ransomware breach at $5.13 million, it is critical that organizations conduct ransomware-specific training to help employees recognize
Sep 20, 2023THNCyber Crime / Dark Web Finnish law enforcement authorities have announced the takedown of PIILOPUOTI, a dark web marketplace that specialized in illegal narcotics trade since May 2022. “The site operated as a hidden service in the encrypted TOR network,” the Finnish Customs (aka Tulli) said in a brief announcement on Tuesday. “The
Africa’s agricultural sector has a significant social and economic impact, per McKinsey. The percentage of smallholder farmers in sub-Saharan Africa exceeds 60%, while agriculture accounts for approximately 23% of the region’s gross domestic product. But despite the apparent opportunity in the agricultural sector, it is difficult for Africa to successfully participate in global supply chains
Sep 19, 2023THNMalware / Cyber Threat Telecommunication service providers in the Middle East are the target of a new intrusion set dubbed ShroudedSnooper that employs a stealthy backdoor called HTTPSnoop. “HTTPSnoop is a simple, yet effective, backdoor that consists of novel techniques to interface with Windows HTTP kernel drivers and devices to listen to incoming
Malicious actors have stolen more than $1m in a ‘pig butchering’ cryptocurrency scam in just three months, researchers from Sophos have found. The highly sophisticated operation used a total of 14 domains and dozens of nearly identical fraud sites, according to the investigation. The attackers utilized fake trading pools of cryptocurrency from decentralized finance (DeFi)
Cloud security vendor Wiz discovered 38 TB of private Microsoft data that was accidentally exposed by AI researchers employed by the tech giant. Wiz’s research was published in a blog post Monday as part of coordinated disclosure with Microsoft. According to Wiz security researchers Hillai Ben-Sasson and Ronny Greenberg, who authored the research, Microsoft’s AI
Sep 18, 2023THNCloud Security / Cryptocurrecy A novel cloud-native cryptojacking operation has set its eyes on uncommon Amazon Web Services (AWS) offerings such as AWS Amplify, AWS Fargate, and Amazon SageMaker to illicitly mine cryptocurrency. The malicious cyber activity has been codenamed AMBERSQUID by cloud and container security firm Sysdig. “The AMBERSQUID operation was able
Earlier this year, the U.S. government indicted Russian hacker Mikhail Matveev, also known by his online monikers “Wazawaka” and “Boriselcin,” accusing him of being “a prolific ransomware affiliate” who carried out “significant attacks” against companies and critical infrastructure in the U.S. and elsewhere. The feds also accused him of being a “central figure” in the
A major data breach at Airbus revealed earlier this week stemmed from a RedLine info-stealer likely hidden in a pirated copy of Microsoft software, according to researchers. The European aerospace giant said it has launched an investigation into the incident. “As a major high-tech and industrial player, Airbus is also a target for malicious actors,”
Sep 17, 2023THNCryptocurrency / Cyber Attack The North Korea-affiliated Lazarus Group has stolen nearly $240 million in cryptocurrency since June 2023, marking a significant escalation of its hacks. According to multiple reports from Certik, Elliptic, and ZachXBT, the infamous hacking group is said to be suspected behind the theft of $31 million in digital assets
Hey, friendly people, and welcome to Week in Review (WiR), TechCrunch’s regular newsletter that aggregates the top tech news over the past few days. It’s our humble opinion that there’s no better place to get caught up on the industry’s happenings, whether you’re a news junkie or simply among the tech-curious. In this edition of
China’s malicious cyber activity informs its preparations for a potential military conflict with the US, a new report from the Department of Defense (DoD) has claimed. The agency’s 2023 Cyber Strategy highlighted the People’s Republic of China (PRC) and Russia’s embrace of malicious cyber activity “as a means to counter US conventional military power and
Sep 16, 2023THNPrivacy / Technology The Irish Data Protection Commission (DPC) slapped TikTok with a €345 million (about $368 million) fine for violating the European Union’s General Data Protection Regulation (GDPR) in relation to its handling of children’s data. The investigation, initiated in September 2021, examined how the popular short-form video platform processed personal data
Four out of five (80.3%) security vulnerabilities observed in organizations across all sectors come from a cloud environment, Palo Alto Networks’ Unit 42 found in its latest Attack Surface Threat Research. The report, published on September 14, 2023, outlined the most common cloud security flaws, of which 60% come from web framework takeover (22.8%), remote
Developer platform Retool disclosed it suffered a breach last month that involved vishing attack on an employee and affected 27 cloud customers. In a blog post Wednesday, Retool revealed it was targeted in a spear phishing attack on August 27. A threat actor impersonating an IT staff member conducted SMS-based phishing and a successful vishing
Video Ballistic Bobcat is a suspected Iran-aligned cyberespionage group that targets organizations in various industry verticals, as well as human rights activists and journalists, mainly in Israel, the Middle East, and the United States 14 Sep 2023 This week, ESET researchers unveiled their findings about a campaign by the Ballistic Bobcat APT group that deployed
Meta on Friday disputed a media report that claimed the social giant was exploring bringing ads on the popular messaging app WhatsApp. Financial Times reported that some teams at Meta had evaluated whether to show ads in lists of conversations with contacts on the WhatsApp home screen. In a statement, WhatsApp said it was neither
A ransomware attack on a third-party supplier to Greater Manchester Police (GMP) has exposed personal data of more UK police officers. The attackers reportedly targeted a company in Stockport, near Manchester, UK, which makes ID cards for various organizations, including GMP. It therefore holds personal details of staff working at GMP, which recently celebrated employing