Security News > 2022 > June

Illumio released The Zero Trust Impact Report, a research on market perspectives of zero trust strategies and the business impact of segmentation technology. Zero trust is now the standard: 90 percent state that advancing zero trust strategies is one of their top three security priorities this year as a way to improve cyber resiliency and reduce the rising threat of attacks turning into disasters.

Surfshark announced today they are shutting down its VPN services in India in response to the new requirements in the country that demand all providers to keep customer logs for 180 days. VPN services aim to provide privacy to internet users by encrypting their network traffic and hiding their actual IP addresses behind those assigned to servers hosted at providers worldwide.

U.S. cybersecurity and intelligence agencies have warned about China-based state-sponsored cyber actors leveraging network vulnerabilities to exploit public and private sector organizations since at least 2020. The widespread intrusion campaigns aim to exploit publicly identified security flaws in network devices such as Small Office/Home Office routers and Network Attached Storage devices with the goal of gaining deeper access to victim networks.

An illicit online marketplace known as SSNDOB was taken down in operation led by U.S. law enforcement agencies, the Department of Justice announced Tuesday. SSNDOB trafficked in personal information such as names, dates of birth, credit card numbers, and Social Security numbers of about 24 million individuals in the U.S., generating its operators $19 million in sales revenue.

If you have been following the news, you'll have most certainly been bombarded by the term ransomware. Almost every week, another large company publicly discloses being impacted by this type of attack.

Telegram is one of the best cross-platform messaging apps and it is regularly updated with new features. The privacy-focused social media platform is now working on a new subscription-based project dubbed "Telegram Premium".

SSNDOB, an online marketplace that sold the names, social security numbers, and dates of birth of approximately 24 million US people, has been taken offline following an international law enforcement operation. The SSNDOB marketplace consisted of multiple sites acting as mirrors of each other to aid in preventing DDoS attacks or law enforcement operations.

Several US federal agencies today revealed that Chinese-backed threat actors have targeted and compromised major telecommunications companies and network service providers to steal credentials and harvest data. "Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting," the advisory explains.

A previously unknown malware loader named SVCReady has been discovered in phishing attacks, featuring an unusual way of loading the malware from Word documents onto compromised machines. According to a new report by HP, the malware has been under deployment since April 2022, with the developers releasing several updates in May 2022.

A critical Windows zero-day vulnerability, known as Follina and still waiting for an official fix from Microsoft, is now being actively exploited in ongoing phishing attacks to infect recipients with Qbot malware. As Proofpoint security researchers shared today, the TA570 Qbot affiliate has now begun using malicious Microsoft Office.