Security News > 2022 > June

Establishing some level of cybersecurity measures across all organizations will soon reach human-rights issue status, according to Jeetu Patel, Cisco EVP for security and collaboration. "It's our civic duty to ensure that everyone below the security poverty line has a level of safety, because it's gonna eventually get to be a human-rights issue," Patel told The Register, in an exclusive interview ahead of his RSA Conference keynote.

10 of the most prolific mobile banking trojans have set their eyes on 639 financial applications that are available on the Google Play Store and have been cumulatively downloaded over 1.01 billion times. These apps alone account for more than 260 million downloads from the official app marketplace.

Apple touts Passkey, its new privacy feature, at WWDC 2022. During its WWDC, Apple introduced the next version of macOS, codenamed Ventura, which includes a new privacy feature called Passkey, a digital key designed to help protect users from hackers by completely replacing a user's passwords.

The Black Basta ransomware gang has partnered with the QBot malware operation to gain initial access to corporate environments. QBot is Windows malware that steals bank credentials, Windows domain credentials, and delivers further malware payloads on infected devices.

American cybersecurity firm Mandiant is investigating LockBit ransomware gang's claims that they hacked the company's network and stole data. The ransomware group published a new page on its data leak website earlier today, saying that the 356,841 files they allegedly stole from Mandiant will be leaked online.

Microsoft has fixed a bug where the Microsoft Rewards accounts of customers who redeemed points would get suspended without warning. The bug was addressed following a stream of user reports worldwide saying that they received messages their accounts got banned after redeeming points earned via Microsoft Rewards.

Secureworks reports a new cybercrime campaign in which a lot of unsecured internet-facing Elasticsearch instances are used to steal databases and replaced with a ransom note. It is yet not possible to determine the exact number of companies involved, since a vast majority of the databases were hosted on cloud providers networks and some databases probably belong to the same organization.

Threat analysts have observed an unusual trend in ransomware group tactics, reporting that initial phases of victim extortion are becoming less open to the public as the actors tend to use hidden or anonymous entries. By not disclosing the victim's name immediately, the ransomware operatives give their targets a more extended opportunity to negotiate the ransom payment in secrecy while still maintaining a level of pressure in the form of a future data leak.

How to always access your locked iOS device We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships. If you've recently changed your access password to your iOS device and you repeatedly try your old password only to remember after the device locks that you recently changed the password.

European governments and US local governments were the targets of a phishing campaign using malicious Rich Text Format documents designed to exploit a critical Windows zero-day vulnerability known as Follina. BleepingComputer is aware of local governments in at least two US states that were targeted by this phishing campaign.