Security News > 2023 > July

Many organizations agree in theory that passwordless authentication is the future, but getting there represents a significant change management challenge. One way to accomplish this is by communicating the benefits of passwordless authentication to stakeholders with use cases that illustrate how the friction they currently experience in their day-to-day workflows will be eliminated.

While the number of new ransomware variants continues to decline, ransomware attacks' severity remains significant. In the first half of 2023 alone, the number of email-based phishing attacks has surged 464% when compared to 2022.

Ransomware attacks increased by over 37% in 2023 compared to the previous year, with the average enterprise ransom payment exceeding $100,000, with a $5.3 million average demand, according to Zscaler. Since April 2022, ThreatLabz has identified thefts of several terabytes of data as part of several successful ransomware attacks, which were then used to extort ransoms.

Google is working on a significant design overhaul for Chrome across Windows, Mac, and Chromebook platforms. A distinct change in Chrome 2023 refresh changes how custom themes look in the browser.

Security researchers observed a new campaign they attribute to the Charming Kitten APT group where hackers used new NokNok malware that targets macOS systems. After gaining the target's trust, Charming Kitten sends a malicious link that contains a Google Script macro, redirecting the victim to a Dropbox URL. This external source hosts a password-protected RAR archive with a malware dropper that leverages PowerShell code and an LNK file to stage the malware from a cloud hosting provider.

Windows 11, with its Windows Subsystem for Android, allows users to access almost all popular Android apps directly from the Microsoft Store. The WSA on Windows 11 mirrors the functionality of the Linux Subsystem for Linux, enabling a seamless transition for Android apps onto the desktop operating system.

After a long break, AMD has released a new graphics driver, Adrenalin 23.7.1 WHQL. The new driver supports additional Vulkan extensions and introduces numerous fixes, although some known issues remain unresolved. The driver update has also addressed an application crash or driver timeout that users could experience when playing AV1 video content using DaVinci Resolve Studio.

Instagram's dedicated text-sharing app, Threads, is set to introduce many new features, including Twitter-style hashtags, an edit button, a trending page, and possibly even an automatic archiving function. Instagram's Head, Adam Mosseri, confirmed these upcoming features in a series of posts on Threads.

The rise in cyber extortion attacks and its impact on business securityIn this Help Net Security video, Charl van der Walt, Head of Security Research at Orange Cyberdefense, discusses cyber extortion attacks and their expansion to new regions. 75% of consumers prepared to ditch brands hit by ransomwareAs 40% of consumers harbor skepticism regarding organizations' data protection capabilities, 75% would shift to alternate companies following a ransomware attack, according to Object First.

Security researchers have dissected a recently emerged ransomware strain named 'Big Head' that may be spreading through malvertising that promotes fake Windows updates and Microsoft Word installers. 'Big Head' ransomware is a.NET binary that installs three AES-encrypted files on the target system: one is used to propagate the malware, another is for Telegram bot communication, and the third encrypts files and can also show the user a fake Windows update.