Data Breaches

Teleport releases Teleport 13 with automatic vulnerability patching, enhanced DevOps security

Infrastructure access management company Teleport has announced the release of Teleport 13, the latest version of its Teleport Access Platform. Teleport 13 features scanning and automatic patching of Teleport vulnerabilities to enhance security and reduce operational overhead for DevOps teams responsible for securing cloud infrastructure, the firm said. The solution aims to address the targeting of user credentials and other forms of secrets by attackers and is ideal for users that adopt the Teleport Open…

Read More

Reducing fraud and friction in consumer experiences

Identity and credit checks during onboarding processes are causing customers to abandon their shopping carts. As regulatory oversight aimed at stopping financial fraud increases, the controls put in place for customer protection can cause friction in the onboarding process, preventing the simple, fast and convenient experience customers want. To overcome this challenge, B2C companies and online retailers must rethink their customer journeys. The cyber security protections put in place must yield fast, accurate, low-friction and…

Read More

Think security first when switching from traditional Active Directory to Azure AD

What enforces your security boundary today? What will enforce it in the next few years? For many years, Microsoft Active Directory has been the backbone and foundation of network authentication, identity, and connection. But for many organizations moving to cloud applications or having a mixture of operating systems, the need for cloud-based network management is on the rise. Some firms are merely adding synchronization between on-premise networks and cloud environments and calling it a day.…

Read More

Meta fined $1.3B for violating EU GDPR data transfer rules on privacy

Meta has been fined $1.3 billion (€1.2 billion) by the Irish Data Protection Commission (DPC) for violating the terms of the EU’s GDPR by continuing to transfer EU users’ data to the US without adequate safeguards. Meta has failed to “address the risks to the fundamental rights and freedoms” of Facebook’s European users, the DPC said in a statement. In addition to the fine, Meta has been given five months to stop the transfer of…

Read More

Microsoft reports jump in business email compromise activity

Cybersecurity activity around business email compromise (BEC) spiked between April 2022 and April 2023, with over 150,000 daily attempts, on average, detected by the Microsoft Microsoft’s Digital Crimes Unit (DCU). The findings were highlighted in the latest edition of Microsoft’s Cyber Signals, a cyberthreat intelligence report that spotlights security trends and insights gathered from Microsoft’s 43 trillion security signals and 8,500 security experts. “BEC attacks stand apart in the cybercrime industry for their emphasis on…

Read More

What cybersecurity professionals can learn from the humble ant

When an ant colony is threatened, individual ants release pheromones to warn of the impending danger. Each ant picking up the warning broadcasts it further, passing it from individual to individual until the full defenses of the colony are mobilized. Instead of a single ant facing the danger alone, thousands of defenders with a single purpose swiftly converge on the threat. This all happens without the need for direction from a central authority or guidance…

Read More

US government seizes 13 domains linked to DDoS attacks

The United States (US) federal government has seized 13 domains linked to ‘booter’ websites that offered distributed denial of service (DDoS)-attacks-for-hire services.   So-called ‘booter’ sites allow people to pay malicious actors to launch DDoS attacks against people or organizations of their choice. DDoS attacks disrupt sites by overwhelming their infrastructure with a large amount of internet traffic, which overwhelms the site’s bandwidth and prevents users from accessing it.  The Federal Bureau of Investigation (FBI) seized…

Read More

Legitimate looking npm packages found hosting TurkoRat infostealer

Despite efforts taken in recent years to proactively monitor public software repositories for malicious code, packages that bundle malware continue to routinely pop up in such places. Researchers recently identified two legitimate looking packages that remained undetected for over two months and deployed an open-source information stealing trojan called TurkoRat. Effective use of typosquatting on malicious npm packages Attackers attempt to trick users into downloading malicious packages in several ways, and typosquatting is one of…

Read More

US Teenager Indicted for Credential Stuffing Attack on Fantasy Sports Website

A Wisconsin teenager has been charged with accessing tens of thousands of user accounts at a fantasy sports and betting website after launching a credential stuffing attack on the site. According to a six-count criminal complaint (PDF), the teenager, Joseph Garrison, of Wisconsin, launched the attack on the betting website on November 18, 2022, accessing roughly 60,000 accounts without authorization. In some cases, the defendant and others added a new payment method to the compromised…

Read More

Guerrilla malware is preinfected on 8.9 million Android devices, Trend Micro says

Cybercrime gang Lemon Group has managed to get malware known as Guerrilla preinstalled on about 8.9 million Android-based smartphones, watches, TVs, and TV boxes globally, according to Trend Micro.  The Guerilla malware can load additional payloads, intercept one-time passwords (OTPs) from SMS texts, set up a reverse proxy from the infected device, and infiltrate WhatsApp sessions.  “The infection turns these devices into mobile proxies, tools for stealing and selling SMS messages, social media and online…

Read More