Security News > 2021

McKeown's focus is the cybersecurity space, where wicked problems are the norm. Research, McKeown said, has identified a new cognitive agility approach that, through agile, adaptive thinking, will go a long way to improve the odds against heretofore unseen adversarial encounters.

Google announced a critical bug in Chrome last week - a bug that affected Edge as well. The company kept details of the bug secret, presumably to avoid having thousands of crooks simultaneously figuring out, "Ah, so that's where to look!".

Cybercriminals have been using a novel approach to exfiltrate data that involves directly injecting malicious Google Chrome extensions onto victims' Windows machines via the abuse of Google's cloud synching function. The malicious add-on is disguised as a "Forcepoint Endpoint Chrome Extension for Windows," with the attackers using the security company's logo to enhance an air of legitimacy.

Google has removed a popular Android barcode scanner app with over 10 million installs from the Play Store after researchers found that it turned malicious following a December 2020 update. After lying dormant for years, the previously legitimate Barcode Scanner app developed by LAVABIRD LTD self-updated and took over the users' devices using malicious code now tagged by security vendors as trojan malware.

WestRock - the second-largest packaging company in the U.S. - continues to restore its systems, two weeks after it discovered it was the victim of a ransomware attack. As a result of the ransomware attack, shipments for some of the company's facilities have lagged in production levels, according to the company.

British prosecutors can make use of evidence gathered by the French and Dutch police from encrypted messaging service EncroChat's servers thanks to a legal interpretation of whether RAM counts as data storage, the Court of Appeal has ruled. Multiple reporting restriction orders are in force on most EncroChat cases currently before the criminal courts - though those restrictions are not being applied to police forces and the National Crime Agency, both of which have been boasting since last year about EncroChat-linked arrests and convictions, and even the contents of EncroChat messages.

More than 1,200 Iranian citizens have been targeted in extensive cyber-surveillance operations backed by the Iranian government, researchers with cybersecurity firm Check Point report. The attacks, which Check Point refers to collectively as Domestic Kitten, have been ongoing for roughly four years, orchestrated by a threat actor tracked as APT-C-50, which executes the campaigns on behalf of the Iranian government.

A Comparitech report found that Japan and the UAE have the most expensive identities available on illicit marketplaces at an average price of $25. Personal information from US citizens found on the Dark Web-ranging from Social Security numbers, stolen credit card numbers, hacked PayPal accounts, and more-is worth just $8 on average, according to a new report from tech research firm Comparitech. "After a data breach or successful phishing campaign, much of the stolen personal information is sold on black markets. Many such marketplaces reside on the dark web. The median credit limit on a stolen credit card is 24 times the price of the card. The median account balance of a hacked PayPal account is 32 times the price on the dark web," Comparitech's Paul Bischoff wrote.

Google last week announced the launch of OSV, which the internet giant has described as a vulnerability database and triage infrastructure for open source projects. OSV should make it easier for the users of open source software to find out which vulnerabilities impact them.

Web development resources provider SitePoint has notified users of a data breach that resulted in some of their information being stolen. Based in Melbourne, Australia, and established more than two decades ago, SitePoint provides users with access to tutorials and books that can help them learn the basics of web development.