Security News
Threat actors have launched a new marketplace called Industrial Spy that sells stolen data from breached companies, as well as offering free stolen data to its members. While stolen data marketplaces are not new, instead of extorting companies and scaring them with GDPR fines, Industrial Spy promotes itself as a marketplace where businesses can purchase their competitors' data to gain access to trade secrets, manufacturing diagrams, accounting reports, and client databases.
The company's Microsoft 365 Defender Threat Intelligence Team dubbed the new malware family "UpdateAgent," charting its evolution from a barebones information stealer to a second-stage payload distributor as part of multiple attack waves observed in 2021. "The latest campaign saw the malware installing the evasive and persistent Adload adware, but UpdateAgent's ability to gain access to a device can theoretically be further leveraged to fetch other, potentially more dangerous payloads," the researchers said.
UK-headquartered Kape Technologies announced on Monday it has acquired ExpressVPN in a $936m cash and stocks deal, a move it claims will double its customer base to at least six million. In a canned statement, Kape said combining the two companies would "Create a premium consumer privacy and security player," and that the acquisition "Further positions Kape to define the next generation of privacy and security protection tools and services to return greater control over the digital sphere to consumers."
Their most recent socially engineered messages try to convince users to download their fake version of TikTok by saying the app, which is banned in India, is now available, the report found. Threat actors blast out an SMS or WhatsApp message to numbers on the Jio network with the phishing lure message and a link to take advantage of the fraudulent offer, the report showed.
In its' Mobile Malware Evolution 2020, Kaspersky documents the current mobile threat landscape and identifies 2021 mobile security trends. "We saw a decrease in the number of attacks in the first half of the year, which can be attributed to the confusion of the first months of the pandemic," wrote Victor Chebyshev, a mobile security researcher at Kaspersky and author of the report.
Apple has inadvertently given the thumbs up to six new malware variants, according to researchers at Mac security solutions provider Intego. Application developers have the possibility to submit their software to Apple for scanning purposes and have it automatically notarized if deemed malware-free.
A recently identified adware campaign targeting macOS users is leveraging malicious code that has received Apple's approval. The approval, or notarization, as Apple calls it, is an automated process through which software is scanned before reaching macOS users, to ensure that it does not include malicious code.
Apple accidentally approved one of the most popular Mac malware threats - OSX.Shlayer - as part of its security notarization process. Security researchers Peter Dantini and Patrick Wardle recently discovered that Apple inadvertently notarized malicious payloads that were utilized in a recent adware campaign.
UPDATE. A healthy percentage of Android users targeted by mobile malware or mobile adware last year suffered a system partition infection, making the malicious files virtually undeletable. "A system partition infection entails a high level of risk for the users of infected devices, as a security solution cannot access the system directories, meaning it cannot remove the malicious files," the firm explained, in a posting on Monday.
Even Apple itself came to the anti-virus party back in 2009 when it introduced a rudimentary malware blocking tool called XProtect right into into OS X. Whether you called it malware or not, there have long been "Software actors" out there ready to go after Mac users in the same way that they've been going after Windows users for years. SophosLabs has just published a fascinating new report about an adware threat known as Bundlore that has Mac users very clearly in its sights.