Security News

An advanced persistent threat group that has a track record of targeting India and Afghanistan has been linked to a new phishing campaign that delivers Action RAT. According to Cyble, which attributed the operation to SideCopy, the activity cluster is designed to target the Defence Research and Development Organization, the research and development wing of India's Ministry of Defence. Known for emulating the infection chains associated with SideWinder to deliver its own malware, SideCopy is a threat group of Pakistani origin that shares overlaps with Transparent Tribe.

Tom Gillis, senior vice president for Cisco Security, said enterprises are in the midst of a strategic shift away from security through collections of individual software security tools and cloud solutions for securing assets. "For decades, new problems in security have arisen and small companies come up with innovative solutions to address these. But buying individual best-in-breed solutions from new vendors puts the burden on the customer to ingest all of these solutions and integrate them," Gillis said.

CYE's new Cybersecurity Maturity Report 2023 tackles this question by shedding light on the strength of cybersecurity in different sectors, company sizes, and countries. Among countries, Norway scored the highest on overall cybersecurity maturity level, followed by Croatia and Japan.

Latitude Financial Services has disclosed a data breach after suffering a cyberattack, causing the company to shut down internal and customer-facing systems. Latitude is one of Australia's largest personal loans provider and the country's largest non-bank consumer credit lender.

Government entities and large organizations have been targeted by an unknown threat actor by exploiting a security flaw in Fortinet FortiOS software to result in data loss and OS and file corruption. The zero-day flaw in question is CVE-2022-41328, a medium security path traversal bug in FortiOS that could lead to arbitrary code execution.

British retailer WH Smith has suffered a data breach that exposed information belonging to current and former employees. "WH Smith PLC has been the target of a cyber security incident which has resulted in illegal access to some company data, including current and former employee data," reads the company's cybersecurity notice filed with London's Stock Exchange.

Global malware volume increased 2% year-over-year, but it was jumps in IoT malware and cryptojacking that offset the decline of overall global ransomware volume, signifying a strategic shift. Threat actors have embraced slower and more stealthy approaches to achieve financially-motivated cyberattacks.

American TV giant and satellite broadcast provider, Dish Network has mysteriously gone offline with its websites and apps ceasing to function over the past 24 hours. Dish Network's remote employees have been cut off from accessing their work systems.

The IBM report noted that ransomware declined 4 percentage points between 2021 and 2022, and defenders were more successful at detecting and preventing those attacks. Cyberattackers have gotten much faster at infiltrating perimeters, with the average time to complete a ransomware attack dropping from two months to less than four days.

Cryptocurrency exchange Coinbase has fended off a cyberattack that might have been mounted by the same attackers that targeted Twillio, Cloudflare and many other companies last year. Leveraging smishing and vishing, the attackers tried to trick Coinbase employees into sharing login credentials and installing remote desktop applications, and were only partly successful: the company's incident response team quickly reacted to "Unusual activity" alerts and, in the end, the attackers were unable to access customer information or steal funds.