Security News

iOS users beware: GoldPickaxe trojan steals your facial data
2024-02-15 10:14

Group-IB uncovered a new iOS trojan designed to steal users' facial recognition data, identity documents, and intercept SMS. The trojan, dubbed GoldPickaxe. iOS trojan targets victims in the Asia-Pacific region.

Chinese Hackers Using Deepfakes in Advanced Mobile Banking Malware Attacks
2024-02-15 09:31

A Chinese-speaking threat actor codenamed GoldFactory has been attributed to the development of highly sophisticated banking trojans, including a previously undocumented iOS malware called...

Miscreants turn to ad tech to measure malware metrics
2024-02-15 08:27

Cyber baddies have turned to ad networks to measure malware deployment and to avoid detection, according to HP Wolf Security. The security group's Q4 2024 Threat Insights Report finds criminals have adopted ad tech tools to make their social engineering attacks more effective.

New ‘Gold Pickaxe’ Android, iOS malware steals your face for fraud
2024-02-15 08:00

A new iOS and Android trojan named 'GoldPickaxe' employs a social engineering scheme to trick victims into scanning their faces and ID documents, which are believed to be used to generate deepfakes for unauthorized banking access. The new malware, spotted by Group-IB, is part of a malware suite developed by the Chinese threat group known as 'GoldFactory,' which is responsible for other malware strains such as 'GoldDigger', 'GoldDiggerPlus,' and 'GoldKefu.

European Court of Human Rights declares backdoored encryption is illegal
2024-02-15 07:26

The European Court of Human Rights has ruled that laws requiring crippled encryption and extensive data retention violate the European Convention on Human Rights - a decision that may derail European data surveillance legislation known as Chat Control. The Court issued a decision on Tuesday stating that "The contested legislation providing for the retention of all internet communications of all users, the security services' direct access to the data stored without adequate safeguards against abuse and the requirement to decrypt encrypted communications, as applied to end-to-end encrypted communications, cannot be regarded as necessary in a democratic society."

AI outsourcing: A strategic guide to managing third-party risks
2024-02-15 06:00

As mentioned earlier, outsourcing AI services has become a go-to strategy for many companies hoping to leverage the power of AI without the investment in in-house development. AI systems often process large volumes of sensitive data.

#AI
5 free digital forensics tools to boost your investigations
2024-02-15 05:30

Digital forensics plays a crucial role in analyzing and addressing cyberattacks, and it's a key component of incident response. Digital forensics provides vital information for auditors, legal teams, and law enforcement agencies in the aftermath of an attack.

Critical Exchange Server Flaw (CVE-2024-21410) Under Active Exploitation
2024-02-15 05:19

Microsoft on Wednesday acknowledged that a newly disclosed critical security flaw in Exchange Server has been actively exploited in the wild, a day after it released fixes for the vulnerability as...

Collaboration at the core: The interconnectivity of ITOps and security
2024-02-15 05:00

In this Help Net Security video, Krista Macomber, Research Director at The Futurum Group, discusses how IT and security teams increasingly unite against cyber threats. Organizations are still struggling with the issue of disjointed data protection solutions, leading to not just management complexities but also challenges in cyber resilience.

Understanding the tactics of stealthy hunter-killer malware
2024-02-15 04:30

Drawing parallels from the stealthy and offensive nature of hunter-killer submarines, these malware strains evade security measures with precision and proactively seek out and impair security tools, firewalls, logging services, audit systems, and other protective measures within an infected system. These sophisticated malware execute comprehensive attack campaigns by blending covert operations with aggressive assaults on security controls - posing a high-level challenge to organizational cyber defense efforts.