Security News > 2023 > September

Cybersecurity researchers have called attention to a new antivirus evasion technique that involves embedding a malicious Microsoft Word file into a PDF file. The sneaky method, dubbed MalDoc in PDF by JPCERT/CC, is said to have been employed in an in-the-wild attack in July 2023.

A new large-scale smishing campaign is targeting the U.S. by sending iMessages from compromised Apple iCloud accounts with an aim to conduct identity theft and financial fraud. "The Chinese-speaking threat actors behind this campaign are operating a package-tracking text scam sent via iMessage to collect personally identifying information and payment credentials from victims, in the furtherance of identity theft and credit card fraud," Resecurity said in an analysis published last week.

Fully homomorphic encryption - a technique that allows data to be processed encrypted without the need for decryption - shows great promise in addressing the privacy issues associated with blockchain. FHE can enhance data security by allowing computations to be performed on encrypted data, reducing the risks pertaining to data exposure.

85% of phishing emails utilized malicious links in the content of the email, and spam emails increased by 30% from Q1 to Q2 2023, according to a VIPRE report. Information technology organizations also overtook financial institutions as the most targeted sector for phishing in Q2 as compared to VIPRE's previous quarterly report.

Among the 600 respondents, only 16% of those whose organization had experienced a successful ransomware attack were able to fully recover all their data after the attack, while a staggering 84% lost data they were not able to recoup. "Threat actors continue their attacks because, for them, it is a business model that works. In most cases, a ransomware attack results in permanently lost data, even when companies meet the ransom demand." said Keepit CTO Jakob Østergaard.

Losses from global roaming fraud are anticipated to exceed $8 billion by 2028; driven by the increase in bilateral roaming agreements for data-intensive use cases over 5G networks, according to Juniper Research. As bilateral 5G roaming agreements proliferate, the research predicts operators will deploy more sophisticated fraud mitigation tools.

Synopsys Software Risk Manager simplifies application security testing. Software Risk Manager enables security and development teams to simplify, align and streamline their application security testing across projects, teams and application security testing tools.

ALSO: Brazilian stalkerware database ripped by the short hairs, a fast fashion breach, and this week's critical vulns Infosec in brief The latest round of Apple's Security Research Device (SRD)...

The highly anticipated Windows 11 23H2 update is around the corner, and Microsoft has released its best features to testers in the Beta Channel. Windows Copilot: The AI Assistant Unified in PC. Taking a step forward in the integration of artificial intelligence, Windows 11 is set to debut Windows Copilot, an AI assistant that unifies Bing Chat and additional plugins.

The University of Sydney announced that a breach at a third-party service provider exposed personal information of recently applied and enrolled international applicants. In the data breach announcement, the university says that incident had a limited impact and the preliminary investigation found no evidence that local students, staff, or alumni have been impacted.