Security News > 2022 > April
British police have charged two teenagers as part of an international investigation into the Lapsus$ cyber extortion gang. "Both teenagers have been charged with: three counts of unauthorised access to a computer with intent to impair the reliability of data; one count of fraud by false representation and one count of unauthorised access to a computer with intent to hinder access to data. The 16-year-old has also been charged with one count of causing a computer to perform a function to secure unauthorised access to a program," he said.
Apple rushed out patches for two zero-days affecting macOS and iOS Thursday, both of which are likely under active exploitation and could allow a threat actor to disrupt or access kernel activity. Apple released separate security updates for the bugs - a vulnerability affecting both macOS and iOS tracked as CVE-2022-22675 and a macOS flaw tracked as CVE-2022-22674.
Members of the European Parliament from the Committee on Economic and Monetary Affairs and the Committee on Civil Liberties have agreed on adopting draft legislation for more transparent crypto asset transactions. The new rules will cover transactions from private-held cryptocurrency wallets without considering transaction thresholds, which erases any limits for anonymous transactions - previous proposal allowed up to €1000 to be transferred without giving any details about the sender and the recipient.
To ensure cybersecurity providers are battle ready, MITRE Engenuity uses real-world attack scenarios and tactics implemented by threat groups to test security vendors' capabilities to protect against threats - the MITRE ATT&CK Evaluation. Each vendor's detections and capabilities are assessed within the context of the MITRE ATT&CK Framework.
Microsoft has added a new safeguard hold blocking Windows 11 upgrades for Windows 10 customers who don't import their Internet Explorer 11 data into Microsoft Edge before trying to install the newest Windows version. "After upgrading to Windows 11, saved information and data from Internet Explorer 11 might not be accessible if you did not accept to import it into Microsoft Edge before the upgrade," Microsoft explained in the Windows health dashboard.
Some forms of MFA are stronger than others, and recent events show that these weaker forms aren't much of a hurdle for some hackers to clear. Sending a bunch of MFA requests and hoping the target finally accepts one to make the noise stop.
A Russian cybercrime gang has lately sent credential-phishing emails to the military of Eastern European countries and a NATO Center of Excellence, according to a Google threat report this week. One of these crews is Coldriver, which the Google team refer to as "a Russian-based threat actor." According to Leonard, Google hasn't seen attackers successfully compromise any Gmail accounts in its phishing campaigns.
Get a CompTIA cybersecurity education online for an in-demand career We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships. Cybersecurity is of utmost importance in the tech industry today, but also on the global political stage.
Organizations still have a long way to go to understand, plan and deploy their cloud native security strategies, an Aqua Security study reveals. Many cloud native applications deployed within organizations don't have a security strategy in place.
Okta's outsourced provider of support services, Sitel has shared more information this week in response to the leaked documents that detailed the various incident response tasks carried out by Sitel after the Lapsus$ hack. The documents, leaked by a researcher online, perpetuated the myth that Sitel stored its domain admin passwords extracted from LastPass in an Excel spreadsheet-a claim now dispelled by Sitel.