Tag: computer security

How to detect and prevent attackers from using these various techniques Obfuscation is an important technique for protecting software that also carries risks, especially when used by malware authors. In this article, we examine obfuscation, its effects, and responses to it. What Is Obfuscation? Obfuscation is the technique of intentionally making information difficult to read,…

Read More

Aug 01, 2024Ravie LakshmananData Encryption / Browser Security Google has announced that it’s adding a new layer of protection to its Chrome browser through what’s called app-bound encryption to prevent information-stealing malware from grabbing cookies on Windows systems. “On Windows, Chrome uses the Data Protection API (DPAPI) which protects the data at rest from other…

Read More

Aug 01, 2024Ravie LakshmananOnline Fraud / Malvertising Facebook users are the target of a scam e-commerce network that uses hundreds of fake websites to steal personal and financial data using brand impersonation and malvertising tricks. Recorded Future’s Payment Fraud Intelligence team, which detected the campaign on April 17, 2024, has given it the name ERIAKOS…

Read More

Jul 31, 2024Ravie LakshmananWeb Security / Compliance Certificate authority (CA) DigiCert has warned that it will be revoking a subset of SSL/TLS certificates within 24 hours due to an oversight with how it verified if a digital certificate is issued to the rightful owner of a domain. The company said it will be taking the…

Read More

Jul 31, 2024Ravie LakshmananMalware / Software Development The threat actors behind an ongoing malware campaign targeting software developers have demonstrated new malware and tactics, expanding their focus to include Windows, Linux, and macOS systems. The activity cluster, dubbed DEV#POPPER and linked to North Korea, has been found to have singled out victims across South Korea,…

Read More

We’ll TL;DR the FUDdy introduction: we all know that phishing attacks are on the rise in scale and complexity, that AI is enabling more sophisticated attacks that evade traditional defenses, and the never-ending cybersecurity talent gap means we’re all struggling to keep security teams fully staffed. Given that reality, security teams need to be able…

Read More

Jul 31, 2024Ravie LakshmananCyber Attack / Threat Intelligence Japanese organizations are the target of a Chinese nation-state threat actor that leverages malware families like LODEINFO and NOOPDOOR to harvest sensitive information from compromised hosts while stealthily remaining under the radar in some cases for a time period ranging from two to three years. Israeli cybersecurity…

Read More

Jul 31, 2024Ravie LakshmananCyber Espionage / Threat Intelligence Companies in Russia and Moldova have been the target of a phishing campaign orchestrated by a little-known cyber espionage group known as XDSpy. The findings come from cybersecurity firm F.A.C.C.T., which said the infection chains lead to the deployment of a malware called DSDownloader. The activity was…

Read More

Jul 31, 2024Ravie LakshmananMobile Security / Malware A new malicious campaign has been observed making use of malicious Android apps to steal users’ SMS messages since at least February 2022 as part of a large-scale campaign. The malicious apps, spanning over 107,000 unique samples, are designed to intercept one-time passwords (OTPs) used for online account…

Read More

Jul 31, 2024Ravie LakshmananPrivacy / Social Media Meta, the parent company of Facebook, Instagram, and WhatsApp, agreed to a record $1.4 billion settlement with the U.S. state of Texas over allegations that it illegally collected biometric data of millions of users without their permission, marking one of the largest penalties levied by regulators against the…

Read More