Security News

Apps that tracked and sold people's whereabouts were more prevalent than perhaps first thought. A report out today has identified 450 Android apps downloaded 1.7 billion times that used SDKs to track the location of smartphones.

The U.S. Federal Trade Commission said today that the number of identity theft reports has doubled during 2020 when compared to 2019, reaching a record 1.4 million reports within a single year. "2020's biggest surge in identity theft reports to the FTC related to the nationwide dip in employment," the FTC said.

Threat intelligence platform provider HackNotice has analyzed more than 60,000 breach reports over the last three years, and finds some disturbing results including the rate of increase in breaches and a relative decline in the number of official breach notifications. Leak reports containing data from a breached company as disclosed by hackers.

Refinitiv is further expanding the scope of its data-driven due diligence reports with the addition of cybersecurity and company credit risk ratings from BitSight and Creditsafe. Compiled by an experienced team of 450 analysts, the due diligence reports offer customers objective risk ratings according to six main categories of risk; identity, integrity, finance, ESG, cyber, and operational and quality risks.

Google said the attackers were targeting security researchers by using fake LinkedIn and Twitter profiles and asking to collaborate. Google unveiled a new report from its Threat Analysis Group on Monday highlighting the work of a group of cyberattackers associated with the government of North Korea that sought to impersonate cybersecurity researchers in an effort to target those "Working on vulnerability research and development at different companies and organizations." Adam Weidemann, a member of the Threat Analysis Group, wrote that the attackers used a variety of fake blogs, Twitter accounts and LinkedIn profiles to make themselves look legitimate and communicate with researchers and analysts they were hoping to go after.

An ongoing phishing campaign delivering fake Office 365 password expiration reports has managed to compromise tens of C-Suite email accounts to date, according to a warning from anti-malware vendor Trend Micro. The phishers were able to compromise 40 legitimate email addresses of CEOs, directors, company founders, and owners, as well as those of other enterprise employees.

The 2020-2021 State of Web Application Security Report is out from cybersecurity vendor Radware, and it paints a grim picture of security over the past 12 months and a similarly bleak view for the rest of 2021. Among the findings Radware uncovered in its survey of 205 IT security decision-makers are such startling statistics as 98% of respondents saying their apps were subject to an attack in 2020, 92% of organizations are excluding security teams from CI/CD workflows, only 36% of mobile applications have integrated security into their development, and only 27% completely trust the security of their public cloud platforms despite 70% of apps being hosted in the cloud.

The ongoing controversies surrounding TikTok hit a new gear on Thursday with a bombshell report accusing the Chinese company of spying on millions of Android users using a technique banned by Google. The Wall Street Journal said TikTok was exploiting a loophole to collect MAC addresses for at least 15 months.

QuoLab Technologies is introducing a new reporting capability. The feature allows users to generate meaningful, tailored reports that deliver actionable intelligence related to incidents, attacks, threat actors and more to customers and clients.

The malware that was utilised to hack SolarWinds checked to see whether software used to compile the firm's Orion product was running before deploying its payload, according to Crowdstrike. In a blog post late last night, the infosec firm said the Orion-targeting malware, which it codenamed Sunspot, had "Several safeguards" to ensure its deployment of compromised code into new Orion builds didn't trigger SolarWinds' suspicions.