Security News > 2022 > August

The decentralized file system solution known as IPFS is becoming the new "Hotbed" for hosting phishing sites, researchers have warned. Cybersecurity firm Trustwave SpiderLabs, which disclosed specifics of the attack campaigns, said it identified no less than 3,000 emails containing IPFS phishing URLs as an attack vector in the last three months.

The operators of the Gootkit access-as-a-service malware have resurfaced with updated techniques to compromise unsuspecting victims. "In the past, Gootkit used freeware installers to mask malicious files; now it uses legal documents to trick users into downloading these files," Trend Micro researchers Buddy Tancio and Jed Valderama said in a write-up last week.

Researchers have uncovered a list of 3,207 apps, some of which can be utilized to gain unauthorized access to Twitter accounts. "Out of 3,207, 230 apps are leaking all four authentication credentials and can be used to fully take over their Twitter Accounts and can perform any critical/sensitive actions," the researchers said.

Two universal and seemingly innocuous browser features - the ability to create bookmarks and browser synchronization - make users' lives easier, but may also allow hackers to establish a covert data exfiltration channel. Some attackers have also recently managed to exploit Chrome's syncing feature and use an extension to connect their computer directly to a targeted workstation, creating a covert channel for remote data manipulation, but also for data exfiltration and C&C communication.

Knowledge of cybersecurity and artificial intelligence has become crucial to a successful business. Businesses everywhere need true expertise to protect their data to avoid their competitors getting ahead. In this Help Net Security video, Taylor Hersom, CEO at Eden Data, discusses why we need AI and how it helps minimize human error, as well as cybersecurity threats such as ransomware.

In the first half of 2022, the cybersecurity industry saw venture capital funding continue to pour into the space, according to Momentum Cyber's Market Review for 1H 2022. These trends are tracked by Momentum Cyber, the industry's first investment bank focused exclusively on cybersecurity, in its Cybersecurity Market Review for 1H 2022.

In this Help Net Security video, CEO/CISO Josh Sokol, showcases SimpleRisk, a fully integrated GRC platform that can be used for all of your governance, risk management, and compliance needs. If you're at Black Hat USA 2022, you can learn more about SimpleRisk.

Digitalization and rising consumer expectations are having a major impact on the working conditions of the technology teams sustaining the digital operations that drive the modern economy, and burnout and attrition are on the rise, according to PagerDuty. Technical employees are more likely to leave certain kinds of teams based on after-hours expectations and inconsistent workloads.

Helping your development teams progress to achieve security maturity is possible, and ultimately beneficial. How can you help your development teams reach security maturity?

Forsage, an alleged crypto Ponzi scheme purporting to be a decentralized smart contract platform, bilked millions of investors worldwide out of more than $300 million, according to America's securities watchdog. These transactions totaled more than $300 million, according to the SEC. However, like any other pyramid scheme, the primary way that investors made money from Forsage was to recruit other investors, according to the watchdog.