Security News > 2022 > January

If your Android phone initiates a factory reset out of the blue, there's a chance it has been infected with the BRATA banking malware and you've just been ripped off. Through the years, BRATA evolved primarily into banking malware and has lately been aimed against Android users in Europe and the rest of Latin America.

Another week, another big economy restricting cryptocurrency. In the tweet below, Wimboh Santoso, commissioner of Indonesia's financial services authority the Otoritas Jasa Keuangan, states that the agency has prohibited financial service institutions from using, marketing, and/or facilitating crypto asset trading.

The consequence of a Log4Shell attack is that the exploited server tries to download code from an internet site owned by the attacker. Even if a Log4Shell vulnerability is exploited in the server, it cannot download and later run any malicious code, as the outgoing traffic from the DMZ to the internet would have been prohibited.

Since the pandemic started, 83 percent have experienced more attempted cyberattacks, 87 percent report an increase in phishing emails, with many leveraging COVID-19 related themes. Of these, 58 percent paid $100,000 to just under a million, 7 percent spent a million dollars or more.

Digital identification is the focus of two reports by the European Union Agency for Cybersecurity: an analysis of self-sovereign identity and a study of major face presentation attacks. The technologies falling under the name of self-sovereign identity consist in giving identity holders greater control over their identity.

As organizations look to embrace modern approaches to security in 2022, a strongDM survey has revealed that access management is one of the most crucial factors to achieving this goal. The data showed that 80% of organizations are looking to address access management as a strategic initiative over the next 12 months, highlighting the need to secure and streamline infrastructure-wide access controls as a prerequisite to other initiatives, like zero trust.

Just two weeks after reaching the official end of life, something broke spectacularly, leaving CentOS 8 users at major risk of a severe attack - and with no support from CentOS. You'd think that this issue no longer affects a significant number of organizations because by now, companies would have migrated away from CentOS 8 to an OS that is actively supported by vendors. Just the same with Red Hat, which backs CentOS. But, with CentOS 8 now no longer officially supported, a CentOS 8 patch for the LUKS flaw is not going to appear.

A financially-motivated malware campaign has compromised over 800 WordPress websites to deliver a banking trojan dubbed Chaes targeting Brazilian customers of Banco do Brasil, Loja Integrada, Mercado Bitcoin, Mercado Livre, and Mercado Pago. "Chaes is characterized by the multiple-stage delivery that utilizes scripting frameworks such as JScript, Python, and NodeJS, binaries written in Delphi, and malicious Google Chrome extensions," Avast researchers Anh Ho and Igor Morgenstern said.

Vaccine passport technology has become an intrinsic part of society over the past year, as governments across the globe search for solutions that help protect citizens from the pandemic. 76% of Brits would be comfortable having some of their data incorporated into a digital ID, because they sound easy to use, all their information would be in one place, and they're more difficult to lose than physical IDs.

The global fraud detection and prevention market is expected to grow from $26,511. Fraud detection and prevention systems are software applications used to provide analytical solutions for fraud incidents and help identify or prevent future occurrences.