Security News > 2021 > December

Since August 2021, malware peddlers have managed to spread four families of Android banking trojans via malware droppers introduced in Google Play. They did it by employing a series of tricks to bypass the app store's restrictions, evade automatic detection, and trick users into believing the apps they downloaded are legitimate and innocuous.

Attackers are impersonating the Iranian government in a widespread SMS phishing campaign that is defrauding thousands of Android users by installing malware on their devices that can steal their credit card data and siphon money from financial accounts. The campaign is first delivered as a standard smishing attack, using socially engineered SMS messages sent to a potential victim's device to lure them to a malicious website, researchers said.

Europol has announced the arrest of 1,803 money mules out of 18,351 identified following an international money-laundering crackdown operation codenamed "EMMA 7.". O. Money mules are people who receive and transfer money on behalf of scammers and fraudsters, helping them launder the stolen amounts in exchange for a small cut.

Scanning service VirusTotal announced today a new feature called Collections that lets researchers create and share reports with indicators of compromise observed in security incidents. VirusTotal Collections gives researchers an easy way to store, update, and share IoCs with other members of the infosec community, building more context around security incidents and threat actors.

Three APT hacking groups from India, Russia, and China, were observed using a novel RTF template injection technique in their recent phishing campaigns. Researchers at Proofpoint spotted the first cases of weaponized RTF template injection in March 2021, and since then, actors have been steadily optimizing the technique.

The astonishingly mild sanction was revealed in a Freedom-of-Information response after senior data protection specialist Jon Baines at London law firm Mishcon de Reya asked about reprimands made under the General Data Protection Regulation. Reprimands are a formal expression of the ICO's disapproval, issued to organisations that have broken data protection law.

A newly discovered botnet capable of staging distributed denial-of-service attacks targeted unpatched Ribbon Communications EdgeMarc appliances belonging to telecom service provider AT&T by exploiting a four-year-old flaw in the network appliances. Chinese tech giant Qihoo 360's Netlab network security division, which detected the botnet first on October 27, 2021, called it EwDoor, noting it observed 5,700 compromised IP addresses located in the U.S. during a brief three-hour window.

Whether or not it was a state-sponsored venture, this attack proved to be a huge wake-up call and shone a spotlight on software supply chain attacks. Hence the emergence of one of the key growing attack vectors in 2021: the "Web supply chain attack".

In this Help Net Security interview, Tal Steinherz, CTO at Wib, talks about the importance of API security awareness and how to tackle numerous thretas that are plaguing it. API security is widely being considered, yet breaches continue to plague many organizations.

In a report released on Wednesday, consulting firm Deloitte describes two tools that can make AI tasks such as machine learning more private and secure. There are some technological obstacles to using HE and FL. Processing encrypted data with HE is slower than processing unencrypted data.