New Android Malware Targets Customers of 450 Financial Institutions Worldwide
Nexus is the latest in a vast and growing array of Trojans targeting mobile banking and cryptocurrency applications.
Bundestag Bungle Political Microtargeting of Facebook Users Draws Ire
With shades of the Cambridge Analytica scandal, German political parties skirted consumer data privacy regulations during the countrys last parliamentary election, a privacy watchdog warns.
MITRE Rolls Out Supply Chain Security Prototype
Cloud-based System of Trust application now available for test-driving quantitative risk assessment of suppliers of hardware, software, services.
Epidemic of Insecure Storage Backup Devices Is a Windfall for Cybercriminals
Enterprise storage devices have 14 security weaknesses on average, putting them at risk of compromise by cyberattackers and especially ransomware attacks.
Okta PostExploitation Method Exposes User Passwords
Accidentally typing a password in the username field of the platform saves them to audit logs, to which threat actors can gain access and use to compromise enterprise services.
Are You Talking to a Carbon Silicon or Artificial Identity
In the triumvirate of identity types, protecting the identity, privacy, and data of carbon-based forms — humans — is key. Safeguards must be in place as AI becomes more interactive.
CISA Warns on Unpatched ICS Vulnerabilities Lurking in Critical Infrastructure
The advisory comes the same week as a warning from the EUs ENISA about potential for ransomware attacks on OT systems in the transportation sector.
36M BEC Fraud Attempt Narrowly Thwarted by AI
With more than $36M nearly swindled away, an almost-successful BEC attempt in the commercial real estate space shows how sophisticated and convincing fraud attacks are becoming.
Chinese Warships Suspected of SignalJamming Passenger Jets
Attackers claiming to be part of the Chinese navy are making calls to commercial Qantas pilots midair, while GPS, comms systems, and altimeter instruments are all experiencing denial of service.
Attackers Are Probing for ZeroDay Vulns in Edge Infrastructure Products
Nearly 20% of the zero-day flaws that attackers exploited in 2022 were in network, security, and IT management products, Mandiant says.