Security News > 2023 > June

Over 55% of security executives report that they have experienced a SaaS security incident in the past two years - ranging from data leaks and data breaches to SaaS ransomware and malicious apps. The SaaS Security Survey Report: Plans and Priorities for 2024, developed by CSA in conjunction with Adaptive Shield, dives into these SaaS security incidents and more.

For decades, features have accumulated like cruft in new vehicles: a box here to control the antilock brakes, a module there to run the cruise control radar, and so on. Now engineers and designers are rationalizing the way they go about building new models, taking advantage of much more powerful hardware to consolidate all those discrete functions into a small number of domain controllers.

Cybersecurity researchers have unearthed a new ongoing Magecart-style web skimmer campaign that's designed to steal personally identifiable information and credit card data from e-commerce websites. "Attackers employ a number of evasion techniques during the campaign, including obfuscating [using] Base64 and masking the attack to resemble popular third-party services, such as Google Analytics or Google Tag Manager," Akamai security researcher Roman Lvovsky said.

An unknown cybercrime threat actor has been observed targeting Spanish- and Portuguese-speaking victims to compromise online banking accounts in Mexico, Peru, and Portugal. The cybersecurity company attributed the campaign, dubbed Operation CMDStealer, to a Brazilian threat actor based on an analysis of the artifacts.

Employee productivity surveillance technology, or EPST, often tracks statistics such as keystrokes, time online, mouse movements or clicks, etc. The first - and the reason many companies choose not to use it - is that most employees aren't fond of it.

A surge in TrueBot activity was observed in May 2023, cybersecurity researchers disclosed. "TrueBot is a downloader trojan botnet that uses command and control servers to collect information on compromised systems and uses that compromised system as a launching point for further attacks," VMware's Fae Carlisle said.

This list of free cybersecurity whitepapers that don't require registration covers a wide range of common cyber risks. To establish a robust and successful security program for industrial control systems or operational technology, a combination of five cybersecurity controls can be employed.

The documentary, BREAKING the CODE: Cyber Secrets Revealed, reveals that the Directorate developed three payloads it could deploy to ISIL fighters' smartphones and PCs "Without ISIL having to interact with the device in any way." The documentary describes how even that level of intervention made a difference as commanders in the field were able to request the ASD act against fighters in real time - and those fighters struggle to coordinate their defense.

Malicious bots are taking new forms - a burst of spam and scam text messages led to 18,000+ consumer complaints at the FCC last year. One of the newest scams - artificial inflation of traffic - targets the SMS authentication codes sent by the mobile messaging industry and generates high volumes of fake traffic via mobile applications or websites.

In Germany alone, forced verification grew by 1500% as a proportion of all fraud cases, from 0.3% in the full year 2022 to 5% of all fraud in Q1 2023. In Great Britain and Europe, as well as in North America, the proportion of deepfakes among all fraud cases grew considerably from 2022 to Q1 2023.