Security News
The US and its NATO allies should expect a "Long tail of retaliation," in the form of cyberattacks, for the sanctions imposed on Russia, says cloud security shop ExtraHop's CEO Patrick Dennis. CISA's Shields Up alert about the Russian invasion of Ukraine potentially spilling over into cyber-offensives against the US should have served as a wake-up call to organizations to improve their security posture, Dennis said in an interview with The Register.
The company's researchers noted 623.3 million ransomware attacks globally last year, up 105 per cent on 2020 and more than triple 2019's figure. Cryptojacking in 2021 rose 19 per cent to 97.1 million globally and while malware might have dropped by 4 per cent in 2021, it looked very much like things picked up in the latter part of the year, indicating an upward trend on the cards for 2022.
The Federal Bureau of Investigation warned today that US organizations and individuals are being increasingly targeted in BEC attacks on virtual meeting platforms. In a Public Service Announcement issued today, the FBI said it noticed scammers switching to virtual meeting platforms matching the overall trend of businesses moving to remote work during the pandemic.
Threat analysts have observed a new campaign named 'OiVaVoii', targeting company executives and general managers with malicious OAuth apps and custom phishing lures sent from hijacked Office 365 accounts. OAuth is a standard for token-based authentication and authorization, removing the need to enter account passwords.
Twitter's head of security and CISO both ejected from the social media biz this month. He's now out of the micro-blogging site, as is CISO Rinki Sethi, who was also recruited in 2020 to fix up Twitter's security.
Moxie Marlinspike, the founder of the popular encrypted instant messaging service Signal, has announced that he is stepping down as the chief executive of the non-profit in a move that has been underway over the last few months. "In other words, after a decade or more, it's difficult to overstate how important Signal is to me, but I now feel very comfortable replacing myself as CEO based on the team we have, and also believe that it is an important step for expanding on Signal's success," Marlinspike said in a blog post on Monday.
Moxie Marlinspike, the creator of the Signal secure messaging app, on Monday announced his resignation as CEO of the company. Marlinspike said he had always intended to grow Signal to the point that it could go on without his direct involvement but that wasn't possible as recently as four years ago when he was writing most of the code, managing employees, and personally handling support.
Russian authorities on Wednesday arrested and detained Ilya Sachkov, the founder of cybersecurity firm Group-IB, for two months in Moscow on charges of state treason following a search of its office on September 28. The Russian company, which is headquartered in Singapore, confirmed the development but noted the "Reason for the search was not yet clear," adding "The decentralized infrastructure of Group-IB allows us to keep our customer's data safe, maintain business operations and work without interruption across our offices in Russia and around the world."
Russian law enforcement on Tuesday has arrested Ilya Sachkov, the co-founder and CEO of cybersecurity company Group-IB, on suspicion of high treason resulting from sharing data with foreign intelligence. Authorities carried out searches at Group-IB offices in Moscow that started early morning on Tuesday and lasted till evening.
In a Wednesday announcement, the FTC slammed SpyFone, calling it a stalkerware app that not only sold real-time access to "Stalkers and domestic abusers to stealthily track the potential targets of their violence." It added SpyFone also one failed to provide even basic security, exposing device owners "To hackers, identity thieves, and other cyber threats." The FTC described SpyFone as "a stalkerware app that allowed purchasers to surreptitiously monitor photos, text messages, web histories, GPS locations, and other personal information of the phone on which the app was installed without the device owner's knowledge."