Security News > 2021 > November

Since cybercrimes are becoming more frequent and severe almost every day, ethical hacking skills are always much in demand. In "Learn Python & Ethical Hacking From Scratch," alone, you'll learn many valuable skills.

Italy's antitrust regulator has fined both Apple and Google €10 million each for what it calls are "Aggressive" data practices and for not providing consumers with clear information on commercial uses of their personal data during the account creation phase. The Autorità Garante della Concorrenza e del Mercato said "Google and Apple did not provide clear and immediate information on the acquisition and use of user data for commercial purposes," adding the tech companies chose to emphasize the data collection as only necessary to improve their own services and personalize user experience without offering any indication that the data could be transferred and used for other reasons.

Threat actors have been found using a previously undocumented JavaScript malware strain that functions as a loader to distribute an array of remote access Trojans and information stealers. HP Threat Research dubbed the new, evasive loader "RATDispenser," with the malware responsible for deploying at least eight different malware families in 2021.

Research on the Vibrio bacteria and its co-evolution with its bobtail squid hosts. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

IKEA is battling an ongoing cyberattack where threat actors are targeting employees in internal phishing attacks using stolen reply-chain emails. A reply-chain email attack is when threat actors steal legitimate corporate email and then reply to them with links to malicious documents that install malware on recipients' devices.

Firstly, crooks show up fast: occasionally, it takes them days to find newly-started, insecure cloud instances and break in, but Google wrote that discover-break-and-enter times were "As little as 30 minutes." Importantly, in our research, the cloud instances we used weren't the sort of cloud server that a typical company would set up, given that they were never actually named via DNS, advertised, linked to, or used for any real-world purpose.

Italy's competition authority has announced a fine of 10 million Euros against Google and Apple. The companies were fined due to violations of the Consumer Code involving lack of information on how personal data is used and aggressive consumer data acquisition practices for commercial purposes.

The TrickBot malware operators have been using a new method to check the screen resolution of a victim system to evade detection of security software and analysis by researchers. Last year, the TrickBot gang added a new feature to their malware that terminated the infection chain if a device was using non-standard screen resolutions of 800x600 and 1024x768.

The EU needs more cybersecurity graduates to plug the political bloc's shortage of skilled infosec bods, according to a report from the ENISA online security agency. In a new report titled "Addressing the EU Cybersecurity Skills Shortage and Gap Through Higher Education", academics Jason Nurse and Konstantinos Adamos, together with ENISA's Athanasios Grammatopoulos and Fabio Di Franco, said the European Union needs to get more students signing up for cybersecurity degrees.

Marine services giant Swire Pacific Offshore has suffered a Clop ransomware attack that allowed threat actors to steal company data. Swire Pacific Offshore discovered an unauthorized network infiltration onto its IT systems, resulting in the compromise of some employee data.