Security News > 2022

The Swiss army has banned foreign instant-messaging apps such as Signal, Telegram, and WhatsApp and requires army members to use the locally-developed Threema messaging app instead. As Threema is a paid subscription communications service, the Swiss army promised to cover the annual subscription cost for all soldiers, which is roughly $4.40 per user. The Swiss army has also posted recommendations on Facebook, characterizing Threema as a secure ad-free communication tool that features end-to-end encryption and leaves no digital trace.

Attackers are taking advantage of the comment feature in Google Docs to send people emails with malicious links, says Avanan. A new report released Thursday by email security provider Avanan looks at a new phishing campaign that abuses a popular feature in Google Docs to deploy malicious emails.

A new iPhone technique can hijack and prevent any shut-down process that a user initiates, simulating a real power-off while allowing malware to remain active in the background. "The NoReboot approach simulates a real shutdown. The user cannot feel a difference between a real shutdown and a fake shutdown. There is no user-interface or any button feedback until the user turns the phone back 'on'we cannot, and should not, trust a normal reboot."

Attackers are using the "Comments" feature of Google Docs to send malicious links in a phishing campaign targeted primarily at Outlook users, researchers have discovered. Researchers from email collaboration and security firm Avanan, a CheckPoint company, first observed "a new, massive wave of hackers leveraging the comment feature in Google Docs" in December, Avanan Cybersecurity Researcher/Analyst Jeremy Fuchs wrote in a report published Thursday.

A new trend in phishing attacks emerged in December 2021, with threat actors abusing the commenting feature of Google Docs to send out emails that appear trustworthy. Google Docs is used by many employees working or collaborating remotely, so most recipients of these emails are familiar with these notifications.

France's National Commission on Informatics and Liberty, the country's data privacy and protection body, has announced a 60 million euro sanction against Facebook and a 150 million euro penalty against Google. As a result, today CNIL announced an administrative fine of 60 million Euros against Facebook Ireland Ltd. and an additional 100,000 Euros per day of delay of compliance, starting from March 2022.

The Federal Bureau of Investigation says Americans who share their phone number online are being targeted by Google Voice authentication scams. If successful, they will set up a Google Voice account in their victims' names or hijack their Gmail accounts which will later be used in other fraud schemes or in phishing attacks.

The privacy-oriented search engine netted more than 35 billion search queries in 2021, a 46.4% jump over 2020. The company, which bills itself as the "Internet privacy company," offering a search engine and other products designed to "Empower you to seamlessly take control of your personal information online without any tradeoffs," remains a rounding error compared to Google in search.

The framework enables organizations to improve the security and resilience of critical infrastructure with a well-planned and easy-to-use framework. Although the CSF was written and updated while SaaS was on the rise, it is still geared towards the classic legacy critical infrastructure security challenges.

A North Korean cyberespionage group named Konni has been linked to a series of targeted attacks aimed at the Russian Federation's Ministry of Foreign Affairs with New Year lures to compromise Windows systems with malware. The most recent attacks involved the actor gaining access to the target networks through stolen credentials, exploiting the foothold to load malware for intelligence gathering purposes, with early signs of the activity documented by MalwareBytes as far back as July 2021.