Security News > 2023 > February

The Chinese surveillance balloon that drifted across the US last week looks set to spark a new round of sanctions against Middle Kingdom tech firms. Ned Price, the State Department spokesperson said on Thursday, "We're exploring taking action against PRC entities linked to the PLA that supported the balloon's incursion into US airspace."

Of course, it's impossible to completely protect your business if you are running outdated systems or using unsupported applications. Unsupported applications and systems present an inescapable risk: critical security patches or updates can't - or won't - be provided and/or implemented.

75% of the organizations had fallen victim to at least one successful email attack in the last 12 months, with those affected facing average potential costs of more than $1 million for their most expensive attack, according to a new Barracuda Networks report. 23% said that the cost of email attacks has risen dramatically over the last year.

Australia's Defence Department removed all Chinese manufactured surveillance cameras after an audit detailed the number of Hikvision and Dahua devices installed in various government facilities. In an impromptu interview on Friday, deputy prime minister and minister of defence Richard Marles revealed that all the relevant Chinese-manufactured Defence department cameras had been removed.

Popular social news aggregation platform Reddit has disclosed that it was the victim of a security incident that enabled unidentified threat actors to gain unauthorized access to internal documents, code, and some unspecified business systems. The company blamed it on a "Sophisticated and highly-targeted phishing attack" that took place on February 5, 2023, targeting its employees.

IT and security teams are consolidating management and security functions to help better deliver new applications to end users, improve regulatory compliance, and reduce cyberattacks resulting from poor coordination between endpoint security and management teams, according to Syxsense. A key report finding indicates that unmanaged device usage continues to increase, with most organizations having endpoint security blind spots - only 43% of respondents claim to be actively monitoring 75% or more of endpoints.

Do. It. Romance scams cost victims at least $1.3 billion in 2022, according to the US Federal Trade Commission's latest numbers. The most common lie that scammers told their marks is that they, or someone close to them, is sick, hurt or in jail, according to more than 8,000 romance scams reported to the FTC that cost consumers' money.

Colourful web forum Reddit has revealed it has suffered a security breach. Here's what we know Reddit's founding engineer and CTO "KeyserSosa" - aka Christopher Slowe - explained that late on February 5th "We became aware of a sophisticated phishing campaign that targeted Reddit employees."

Reddit suffered a cyberattack Sunday evening, allowing hackers to access internal business systems and steal internal documents and source code. The company says the hackers used a phishing lure targeting Reddit employees with a landing page impersonating its intranet site.

A campaign operated by Russian threat actors uses fake job offers to target Eastern Europeans working in the cryptocurrency industry, aiming to infect them with a modified version of the Stealerium malware named 'Enigma. The attacks start with an email pretending to be a job offer with fake cryptocurrency interviews to lure their targets.