Security News > 2020 > May

Digital rogues are shunning Microsoft in favour of Google when it comes to launching branded spear-phishing attacks, according to threat intel firm Barracuda Networks. The outfit reckons malicious people abusing Google services such as Drive, Docs and Cloud managed to launch 65,000 attacks between January and April.

Digital rogues are shunning Microsoft in favour of Google when it comes to launching branded spear-phishing attacks, according to threat intel firm Barracuda Networks. The outfit reckons malicious people abusing Google services such as Drive, Docs and Cloud managed to launch 65,000 attacks between January and April.

The more important OT networks are to your business, the more essential effective OT security is to the success of your operations. Action: The OT network has been a blind spot for IT security professionals for decades, but now the urgency is escalating to address the IT-OT security gap.

Threat actors have targeted industrial suppliers in Japan and several European countries in sophisticated attacks that employed various techniques to make malware detection and analysis more difficult, Kaspersky's ICS CERT unit reported on Thursday. The first attacks were spotted in early 2020 and, as of early May, Kaspersky has seen targeted organizations in Japan, Italy, Germany and the UK. The cybersecurity firm says the targets supply equipment and software for industrial organizations, particularly for the energy sector.

If you use Bitwarden as your password manager of choice, you owe it to yourself to enable two-factor authentication. If you've opted to make use of the open source Bitwarden password manager, you've made a wise choice.

If you're a Naked Security Podcast listener, you'll have heard Sophos's own Peter Mackenzie telling some fairly wild ransomware stories. Last week, for example, we wrote about an attack by the Ragnar Locker crew in which they wrapped a 49KB ransomware executable - a file created specifically for one victim, with the ransom note hard-coded into the program itself - inside a Windows virtual machine that served as a sort of run-time cocoon for the malware.

The ad campaign follows a similar initiative launched in late 2017 that academics say measurably dampened demand for such services by explaining that their use to harm others is illegal and can land potential customers in jail. "The fact is, those standing in front of a classroom teaching children have less information about cybercrime than those they're trying to teach," Cox said, noting that the campaign is designed to support so-called "Knock-and-talk" visits, where investigators visit the homes of young people who've downloaded malware or purchased DDoS-for-hire services to warn them away from such activity.

Google has been hit by a lawsuit alleging that it violates user privacy by collecting location data via various means - and claiming that Google makes it nearly "Impossible" for users to opt out of such data tracking. The lawsuit, filed by Arizona Attorney General Mark Brnovich, alleges that Google uses "Deceptive and unfair conduct" to obtain Android users' location data via various applications, services and technologies, which is then used for advertising purposes.

A Java-based ransomware known as PonyFinal has galloped onto the scene, targeting enterprise systems management servers as an initial infection vector. As for the infection routine, "The PonyFinal ransomware is delivered through an MSI file that contains two batch files and the ransomware payload," researchers explained.

The US state of Arizona filed a lawsuit Wednesday accusing Google of committing fraud by being deceptive about gathering location data. Arizona attorney general Mark Brnovich said the suit resulted from an investigation launched two years ago after a media report that Google had ways of knowing where users were even if they opted not to share location information with the internet firm.