Security News > 2022

The Monetary Authority of Singapore says it is considering supervisory action against Southeast Asia's second largest bank, Oversea-Chinese Banking Corporation, which was criticised for its incident response to a widespread phishing scheme across the island nation. "Monetary Authority Singapore takes a serious view of the recent phishing scams involving OCBC Bank. They have significantly impacted several customers. OCBC has acknowledged that its incident response and customer service should have been better. MAS has been following up with the bank on these and broader issues relating to the incident," said MAS deputy managing director Ms Ho Hern Shin in a statement to The Register.

Rolling Stone is reporting that the UK government has hired the M&C Saatchi advertising agency to launch an anti-encryption advertising campaign. Presumably they'll lean heavily on the "Think of the children!" rhetoric we're seeing in this current wave of the crypto wars.

Anycast's advantages were understood in principle, but it took the DDoS attack in 2007 to shift the dial for DNS Anycast as big Content Delivery Networks, and top-level domain registrars adopted the technology at speed. "For Anycast to work, you have to know how Internet global routing and BGP works. But we were DNS guys, not network guys. We had to learn it the hard way over several years. Even now, 50 per cent of the work at RcodeZero DNS is maintaining perfect global routing," agrees Darilion.

Law enforcement authorities from 10 countries took down VPNLab.net, a VPN service provider used by ransomware operators and malware actors. The law operatives seized 15 servers used by the VPNLab.net service and took down its main site, so the platform is no longer available.

Microsoft has patched the patch that broke chunks of Windows and emitted fixes for a Patch Tuesday cock-up that left servers rebooting and VPNs disconnected. On the receiving end of the company's attention were Windows desktop and Windows Server installs left a little broken following Microsoft's latest demonstration of its legendary quality control.

International courier and package delivery company DHL heads the list of most imitated brands by phishers and malware peddlers in Q4 2021, according to Check Point Research. "FedEx also appeared in the top ten list for the first time in Q4 2021, no doubt the result of threat actors trying to target vulnerable online shoppers in the run-up to the festive season as the pandemic remained a key concern," the company has noted.

Providing public Wi-Fi is a great service to offer your customers as it becomes more and more standard in today's society. According to recent statistics, there are about 410,000 public Wi-Fi hotspots in the United States alone, in public places such as parks, libraries, public transportation, and train stations.

Cybersecurity researchers have disclosed details of a now-patched bug in Box's multi-factor authentication mechanism that could be abused to completely sidestep SMS-based login verification. "Using this technique, an attacker could use stolen credentials to compromise an organization's Box account and exfiltrate sensitive data without access to the victim's phone," Varonis researchers said in a report shared with The Hacker News.

Consumers are increasingly utilising Buy Now Pay Later payment options to make online purchases. As a result, BNPL is currently the fastest growing e-commerce payment solution of recent years, now accounting for 2.6% of global e-commerce sales.

In this interview with Help Net Security, Scott Laliberte, Managing Director at Protiviti, talks about the implementation of AI and ML in cybersecurity programs, why this is a good practice and how it can advance cybersecurity overall. To adopt these new technologies, the organization must not only change its existing approaches, but also change the mindset of its people and its culture in order to really embrace them.