Security News > 2022 > April

A banking trojan for Android that researchers call Fakecalls comes with a powerful capability that enables it to take over calls to a bank's customer support number and connect the victim directly with the cybercriminals operating the malware. While the victim sees the bank's real number on the screen, the connection is to the cybercriminals, who can pose as the bank's customer support representatives and obtain details that would give them access to the victim's funds.

The nearly $7 billion purchase was made by tech private equity firm Thoma Bravo for Texas-based enterprise IAM company SailPoint, whose software portfolio includes AI-powered wares designed to detect irregularities that could signal intrusion. Thoma Bravo acquired Proofpoint in 2021 for $12.3 billion and took it private, a strategy that will be echoed with SailPoint.

Y Greenberg wrote a long article - an excerpt from his new book - on how law enforcement de-anonymized bitcoin transactions to take down a global child porn ring. Within a few years of Bitcoin's arrival, academic security researchers - and then companies like Chainalysis - began to tear gaping holes in the masks separating Bitcoin users' addresses and their real-world identities.

Google pulled a slew of Android apps with more than 46 million downloads from its Google Play Store after security researchers notified the cloud giant that the code contained some sneaky data-harvesting code. Google removed the apps as of March 25, but said they could be re-listed if they removed the dodgy code to comply with Google Play Store's rules for collecting users' data.

Windows Autopatch is an automated, managed service by Microsoft to keep Windows and Office always up-to-date. "Windows Autopatch manages all aspects of deployment groups for Windows 10 and Windows 11 quality and feature updates, drivers, firmware, and Microsoft 365 Apps for enterprise updates. Drivers and firmware that are published to Windows Update as Automatic will be delivered as part of Windows Autopatch," Lior Bela, a Senior Product Marketing Manager on the Microsoft 365 team, explained.

In this video for Help Net Security, Darren Siegel, Product Specialist at Specops Software, talks about the importance of password security and what makes them vulnerable. He also outlines common password practices and gives tips on how to make sure your password is uncrackable.

In this video for Help Net Security, Dr. Dmitry Mikhailov, CTO at Farcana Metaverse, talks about cybersecurity in the crypto industry and the vulnerability of a blockchain project. Crypto industry is very young, but has a huge capitalization.

How can your business reduce the risk of a successful cyber attack and create a defendable network? Don't underestimate the risk that unsegmented networks pose by believing that they improve operational efficiency and reduce network complexity.

Most organizations have been hit by ransomware in 2022, and most of those opted for paying the requested ransom, the 2022 Cyberthreat Defense Report by the CyberEdge Group has shown. The research company says that possible explanations for the steady yearly rise of the percentage of organizations that decided to pay the ransom may include: the threat of exposing exfiltrated data, increased confidence for data recovery, and the fact that many organizations find that paying a ransom is significantly less costly than system downtime, customer disruption, and potential lawsuits.

Results from an Association for Financial Professionals survey are encouraging, as 71% of organizations report having been victims of payments fraud activity in 2021, lower than the 81% reported in 2019 and the lowest percentage recorded since 2014. Check fraud activity is unchanged from the prior year at 66%, while the share of respondents reporting payments fraud via ACH debits increased four percentage points from last year to 37%. Checks and ACH debits are the most susceptible to payments fraud, while wire fraud activity continued its steady decline from 48% in 2017 to 32% in 2021.