Security News > 2022 > August

The enterprise-grade Titan M security chip was custom built to help protect data. Derived from the same chip Google uses to protect its cloud data centers, it handles processes and information, such as passcode protection, encryption, and secure transactions in apps.

All our devices and gadgets are going online, just like our computers did. Once we've successfully connected our devices to the internet, do we have any hope of keeping them, and ourselves, safe from the dangers that lurk beneath the digital waters?

As business begins its return to normalcy, CISOs at small and medium-size enterprises were asked to share their cybersecurity challenges and priorities, and their responses were compared the results with those of a similar survey from 2021. Especially in small security teams where additional headcount is not the answer, CISOs are turning to outsourced services to fill the void.

Yesterday the CAC detailed some of the 12,000 acts of online fraud perpetrated against minors it handled this year. The unfortunate 15 year old, whom the CAC identified as Tan Moumou, was playing a mobile game when an unknown person added him as a friend on messaging platform WeChat and claimed he could circumvent China's gaming restrictions.

Beijing-backed cyberspies used specially crafted phishing emails and six different backdoors to break into and then steal confidential data from military and industrial groups, government agencies and other public institutions, according to Kaspersky researchers. "The attackers were able to penetrate dozens of enterprises and even hijack the IT infrastructure of some, taking control of systems used to manage security solutions," the team wrote in a report published on Monday.

Hackers suspected to be from the North Korean Lazarus group tried their luck at stealing cryptocurrency from deBridge Finance, a cross-chain protocol that enables the decentralized transfer of assets between various blockchains. The hackers targeted deBridge Finance employees on Thursday with an email purporting to be from the company co-founder, Alex Smirnov, allegedly sharing new information about salary changes.

The US Treasury Department is levying sanctions against Tornado Cash, a notorious cryptocurrency mixer that it says has been used by threat groups like ransomware gang Lazarus to launder stolen digital assets. According to the government agency, Tornado Cash has been used to launder more than $455 million stolen by the North Korean-supported Lazarus Group, including more than $96 million in Wrapped Bitcoin, Ethereum and other digital assets from blockchain startup Harmony's Horizon Bridge service in June.

Microsoft has warned today that Windows devices with the newest supported processors are susceptible to data damage on Windows 11 and Windows Server 2022. "Windows devices that support the newest Vector Advanced Encryption Standard instruction set might be susceptible to data damage," the company revealed today.

Email marketing firm Klaviyo suffered a data breach on August 3rd. Hackers gained access to internal systems after stealing an employee's credentials via a phishing attack. Hacker downloaded marketing lists used by cryptocurrency-related accounts, and for Klaviyo product and marketing updates.

Popular collaboration tool Slack has just owned up to a cybersecurity SNAFU. According to a news bulletin entitled Notice about Slack password resets, the company admitted that it had inadvertently been oversharing personal data "When users created or revoked a shared invitation link for their workspace." Slack's security advisory doesn't explain the breach very clearly, saying merely that "[t]his hashed password was not visible to any Slack clients; discovering it required actively monitoring encrypted network traffic coming from Slack's servers.