Security News

A LockBit ransomware kingpin has been sentenced to almost four years behind bars and ordered to pay more than CA$860,000 in restitution to some of his victims by a Canadian court as he awaits extradition to the US. During a sentencing hearing this week, Justice Michelle Fuerst said 34-year-old Mikhail Vasiliev was a cyber-terrorist who was "Motivated by his own greed," according to CTV News. Vasiliev, a dual Canadian-Russian national living in Bradford, Ontario, pleaded guilty last month to eight counts of cyber-extortion, mischief, and weapons charges against Canadian victims, including businesses in Saskatchewan, Montreal, and Newfoundland.

SIM swappers have adapted their attacks to steal a target's phone number by porting it into a new eSIM card, a rewritable SIM chip present on many recent smartphone models. Russian cybersecurity firm F.A.C.C.T. reports that SIM swappers in the country and worldwide have been taking advantage of this shift to eSIMs to hijack phone numbers and bypass protections to access bank accounts.

Google has enhanced its Safe Browsing service to enable real-time protection in Chrome for desktop, iOS, and soon Android against risky websites, without sending browsing history data to the ad biz. Safe Browsing is a non-commercial Google API that allows client applications to lookup websites in a database to see whether they pose a known risk.

Tech support companies Restoro and Reimage will pay $26 million to settle charges that they used scare tactics to trick their customers into paying for unnecessary computer repair services. "These companies used scare tactics and lies about threats to consumers' personal computers to bilk consumers, particularly older consumers, out of tens of millions of dollars," said Samuel Levine, Director of the FTC's Bureau of Consumer Protection.

A French government department - responsible for registering and assisting unemployed people - is the latest victim of a mega data breach that compromised the information of up to 43 million citizens. "The database allegedly extracted illicitly contains the personal identification data of people currently registered, people previously registered over the last 20 years as well as people not registered on the list of job seekers but having a candidate space on francetravail.fr," the statement reads, which was translated electronically from French.

Every company's network is made up of devices that transmit and store information. To protect company data and reputation, it is essential to ensure that the network is secured from unauthorized access, data loss, malware infestations and security breaches.

In the modern digital era, where businesses experience constant and persistent attacks on their information technology infrastructure from malicious and criminal third parties, data security must be a vital part of any enterprise security strategy. The attachment of substantial financial consequences for security breaches and data loss by regulatory agencies only increases that urgency.

Google will roll out a Safe Browsing update later this month that will provide real-time malware and phishing protection to all Chrome users, without compromising their browsing privacy. "Safe Browsing already protects more than 5 billion devices worldwide, defending against phishing, malware, unwanted software and more. In fact, Safe Browsing assesses more than 10 billion URLs and files every day, showing more than 3 million user warnings for potential threats," said Google's Jasika Bawa and Jonathan Li. "If we suspect a site poses a risk to you or your device, you'll see a warning with more information. By checking sites in real time, we expect to block 25% more phishing attempts. The new capability - also rolling out to Android later this month - uses encryption and other privacy-enhancing techniques to ensure that no one, including Google, knows what website you're visiting."

Passwordless technology is gaining traction due to the dizzying number of passwords that the average user accumulates. Passwordless authentication is a way to verify user identities without relying on a manually entered password.

The Cybercrime Atlas, a massive undertaking that aims to disrupt cybercriminals across the globe, enters its operational phase in 2024, two years after organizers laid the groundwork at the RSA Conference. "One of the main questions was, is it actually possible, with companies stepping in to invest resources in this type of research? And it became very clear that yes, companies can work together, they are very eager to create this type of knowledge base and to be part of such processes," Tal Goldstein, the WEF Centre for Cybersecurity's head of strategy, told The Register.