Security News > 2023 > January

Last year, on the last day of August 2022, we wrote with mild astonishment, and perhaps even a tiny touch of excitement, about an unexpected but rather important update for iPhones stuck back on iOS 12. As we remarked at the time, we'd already decided that iOS 12 had slipped off Apple's radar, and would never be updated again, give that the previous update had been a year before that, back in September 2021.

The U.S. Justice Department has filed a federal lawsuit today against Google for abusing its dominant position in the online advertising market. The U.S. government alleges that Google used acquisitions of other companies in the ad market to remove competitors and forced advertisers and publishers to use its services using its control over the ad tech services.

With ransomware and security vulnerabilities and other hazards a seemingly never-ending threat, what can organizations and tech leaders expect this year in the arena of cybercrime? Here are 10 predictions from cybersecurity experts. "If the past few years have been defined by ransomware attacks from organized hacking groups, we are now entering an era in which an increasing number of threats will come from state-sponsored actors seeking to disarm global economies," said Asaf Kochan, co-founder and president of cloud security provider Sentra.

With so many options on the market, it's not easy to find the best VPN for you. Me VPN offers outstanding features, support for unlimited devices and a lifetime subscription, and it's now on sale for 86% off.

Riot Games says it will not pay the ransom demanded by the attackers responsible for the security breach the company disclosed last week. "While we hope some of these game modes and other changes eventually make it out to players, most of this content is in prototype and there's no guarantee it will ever be released," Riot Games said.

Ernest Hemingway said the best way to find out if you can trust someone is to trust them. "The primary risk addressed by zero trust is to prevent attackers from taking advantage of implicit trust," he said.

The WordPress online course plugin 'LearnPress' was vulnerable to multiple critical-severity flaws, including pre-auth SQL injection and local file inclusion. LearnPress is a learning management system plugin that allows WordPress websites to easily create and sell online courses, lessons, and quizzes, providing visitors with a friendly interface while requiring no coding knowledge from the website developer.

GoTo has confirmed on Monday that attackers have stolen customers' encrypted backups from a third-party cloud storage service related to its Central, Pro, join. The attackers have also managed to grab an encryption key for a portion of the encrypted backups.

The FBI has confirmed that the North Korean state-sponsored 'Lazarus' and APT38 hacking groups were behind the theft of $100 million worth of Ethereum stolen from Harmony Horizon in June 2022. Yesterday, the FBI confirmed that two North Korean hacking groups, Lazarus and APT38, were behind the attack.

Organizations in East Asia are being targeted by a likely Chinese-speaking actor dubbed DragonSpark while employing uncommon tactics to go past security layers. "The attacks are characterized by the use of the little known open source SparkRAT and malware that attempts to evade detection through Golang source code interpretation," SentinelOne said in an analysis published today.