SecureList

JULY 27, 2023

This is our latest installment, focusing on activities that we observed during Q2 2023. The group’s latest activities, from September 2022 until March 2023, involve a new set of custom loaders and its private post-exploitation tool “Ninja,” used to help it remain undetected.

Malware 98

Malware Government Phishing Social Engineering 98

Google Security

MAY 5, 2023

Silvia Convento, Senior UX Researcher and Court Jacinic, Senior UX Content Designer In recognition of World Password Day 2023, Google announced its next step toward a passwordless future: passkeys. Data from March-April 2023 (n≈100M) Figure 2: time spent authenticating with passkey vs password (data from March-April 2023).

Authentication 125

Authentication Passwords Technology Password Management 125

Security Affairs

NOVEMBER 6, 2024

The Canadian government ordered ByteDance to wind up TikTok Technology Canada, Inc. s operations in Canada through the establishment of TikTok Technology Canada, Inc. ” In February 2023, the Canadian government announced the ban on the TikTok app from all government-issued devices over security concerns.

Government 120

Government Mobile Media Technology 120

Security Affairs

OCTOBER 27, 2023

How residential proxies using real IPs from diverse locations enable businesses to gather comprehensive and accurate data from the web Since the adoption of the first digital tools and connection to the internet, the competitive business environment has revolutionized and transformed the ways modern companies conduct business operations.

Marketing 130

Marketing Data collection Internet Internet 130

Security Affairs

SEPTEMBER 26, 2023

The BORN funded by the government of Ontario disclosed a data breach that impacts some 3.4 The Clop ransomware gang (aka Lace Tempest ) was credited by Microsoft for the campaign that exploited a zero-day vulnerability, tracked as CVE-2023-34362 , in the MOVEit Transfer platform. million people.

Data breaches 132

Data breaches Healthcare Ransomware Hacking 132

eSecurity Planet

APRIL 14, 2023

Behavioral analysis: The technology analyzes bot behavior to distinguish between legitimate traffic and bots, preventing false positives and ensuring a seamless user experience. Key Features Advanced bot detection: Imperva’s bot management technology uses machine learning to detect and block bots in real-time.

Software 109

Software DDOS Accountability Firewall 109

Security Affairs

OCTOBER 17, 2023

Russia-linked APT group Sandworm has hacked eleven telecommunication service providers in Ukraine between since May 2023. The Russia-linked APT group Sandworm (UAC-0165) has compromised eleven telecommunication service providers in Ukraine between May and September 2023, reported the Ukraine’s Computer Emergency Response Team (CERT-UA).

Telecommunications 135

Telecommunications Authentication Data collection Passwords 135

BH Consulting

MARCH 26, 2025

If there is one statistic that sums up the increasing pace of technological change, it might well be this. To put this into context, GenAI use in business was just 5 per cent in 2023, the research company said. To give a sense of how quickly adoption has surged, Gartner said that AI use in business was just 5 per cent in 2023.

Government 52

Government Artificial Intelligence Risk Digital transformation 52

Security Boulevard

JANUARY 23, 2023

As the conversation around privacy progresses beyond a focus on security infrastructure and best practices for preventing data breaches, regulations are working to catch up. Offering personal data controls through AI could turn the tables on ethical concerns about this technology. What's Next?

Data privacy 52

Data privacy Data collection Consumer Protection Authentication 52

Malwarebytes

MARCH 14, 2024

Speaking at a US Senate hearing in March 2023, the general said “one third of Americans get their news from TikTok”, adding “one sixth of American youth say they’re constantly on TikTok. The EFF argues that the bill will not stop the sharing of data but it will reduce online rights in a way that is unconstitutional.

Identity Theft 125

Identity Theft Government Media Data collection 125

Krebs on Security

DECEMBER 29, 2022

I will also continue to post on LinkedIn about new stories in 2023. Internal Revenue Service website for months: Anyone seeking to create an account to view their tax records online would soon be required to provide biometric data to a private company in Virginia — ID.me.

Cryptocurrency 309

Cryptocurrency Cybercrime Computers and Electronics Scams 309

SecureList

DECEMBER 23, 2024

All data collected this way is saved in a TMP alternate data stream and forwarded to the C2 server by the VBShower::Backdoor component. In a new campaign that began in August 2023, the attackers made changes to their familiar toolkit. Gets a list of scheduler tasks by running cmd.exe /c schtasks /query /v /fo LIST.

Encryption 135

Encryption Penetration Testing Malware Phishing 135

SecureList

NOVEMBER 14, 2023

In this article, we will review the past year’s trends to see which of our 2023 predictions have come true, and try to predict what is to come in 2024. The US Cybersecurity and Infrastructure Security Agency (CISA) provided additional IoCs associated with exploitation of CVE-2023-2868. A review of last year’s predictions 1.

Hacking 141

Hacking Energy and Utilities Malware Media 141

Identity IQ

OCTOBER 26, 2023

Hermann’s deep expertise in identity theft protection, credit and financial education and leveraging data to implement scalable business solutions will immediately benefit Entryway as the organization works to create efficiencies through data collection to serve a greater number of at-risk individuals and families across all of its program markets.

Identity Theft 124

Identity Theft Marketing Education Financial Services 124

Malwarebytes

MAY 22, 2024

On Monday, the computing giant unveiled a new line of PCs that integrate Artificial Intelligence (AI) technology to promise faster speeds, enhanced productivity, and a powerful data collection and search tool that screenshots a device’s activity—including password entry—every few seconds.

Artificial Intelligence 111

Artificial Intelligence Passwords Accountability Media 111

Security Affairs

NOVEMBER 15, 2022

In addition to the multimillion-dollar settlement, as part of the negotiations with the AGs, Google has agreed to significantly improve its location tracking disclosures and user controls starting in 2023.” ” reads the DoJ’s press release. not hidden); and.

Consumer Protection 98

Consumer Protection Accountability Data collection Advertising 98

SecureList

JULY 8, 2024

It’s a sophisticated cyberespionage tool used for stealth monitoring, data collection, and exfiltration via Microsoft Graph, Yandex Cloud, and Dropbox cloud infrastructure. CloudSorcerer’s modus operandi is reminiscent of the CloudWizard APT that we reported on in 2023.

Government 144

Government Malware Data collection DNS 144

SecureList

APRIL 5, 2023

As mentioned above, the creators of phishing bots and kits can get access to data collected with tools they made. The seller’s description of advanced phishing page functionalities After looking closer at these offers, we found that they do contain scripts to block web crawlers and anti-phishing technology.

Phishing 144

Phishing Marketing Scams Accountability 144

Security Affairs

JANUARY 2, 2023

Given the vast level of tracking and surveillance that technology companies can embed into their widely used products, it is only fair that consumers be informed of how important user data, including information about their every move, is gathered, tracked, and utilized by these companies. The IT giant will pay $9.5 million to D.C.

Consumer Protection 98

Consumer Protection Surveillance Data collection Accountability 98

SecureWorld News

JANUARY 8, 2024

Microsoft has said it is committed to making technology more accessible and user-friendly. Leading experts in AI and technology have expressed their views on this groundbreaking development. John Reynolds, a technology journalist, adds: "This move by Microsoft is a game-changer. What are the experts saying?

Artificial Intelligence 100

Artificial Intelligence Surveillance Technology Risk 100

Centraleyes

NOVEMBER 7, 2024

The Oregon Consumer Privacy Act (OCPA) is a state privacy law that sets guidelines for how businesses should collect, use, and protect the personal data of Oregon residents. to ensure that organizations handle data ethically and transparently. The act aligns with broader privacy frameworks across the U.S.

Data collection 52

Data collection Data breaches Data privacy Risk 52

SecureList

OCTOBER 18, 2023

Overall, the campaign remained active over 6 months, until May 2023. The same module is also responsible for transporting data collected by the malware on the infected system, which is also done via USB. Each phishing document contains an external link to fetch a remote page containing a CVE-2021-26411 exploit.

Malware 142

Malware Phishing Internet Internet 142

Centraleyes

MARCH 27, 2024

Artificial intelligence (AI) has emerged as a transformative technology, imbuing machines with human-like intelligence to perform tasks across various domains. ” Unlike the layperson’s perception of AI, this definition encapsulates the technological essence of AI, paving the way for its continuous evolution and development.

Artificial Intelligence 52

Artificial Intelligence Risk Data collection Technology 52

Malwarebytes

OCTOBER 11, 2023

A drop in stalkerware-type activity In July, Malwarebytes presented at the National Network to End Domestic Violence’s Technology Summit to offer device security training and updated statistics on a problem that has long plagued survivors of domestic abuse: Stalkerware. For that final month of data, the incident rate was just 0.11

Surveillance 130

Surveillance Passwords Software Technology 130

Malwarebytes

MAY 13, 2024

In 2023, Reuters reported that a San Francisco woman sued her husband in 2020 for allegations of “assault and sexual battery.” There was no button she could press to take away the app’s connection to the vehicle.” This was far from an isolated incident. Fortunately, an option may already exist.

Manufacturing 117

Manufacturing Mobile Wireless Data collection 117

SecureWorld News

JUNE 24, 2024

In addition, the risks of monetary and operational damage render it mission critical for enterprises to envision and enact the appropriate People, Process, and Technology safeguards to assure data protection and privacy. RELATED: Cybersecurity Labeling of IoT Devices: Will It Happen in 2023? ]

IoT 109

IoT InfoSec Artificial Intelligence Risk 109

Security Boulevard

JUNE 5, 2024

Thales excels in these rapidly advancing technologies that require privacy and data security and are eager to continue working with Google Cloud on them. With AI implementations, cybersecurity attacks can occur at different states of the AI pipeline including data collection, model creation and training, and at inference.

Encryption 72

Encryption Artificial Intelligence Technology Data collection 72

Thales Cloud Protection & Licensing

NOVEMBER 5, 2024

from 2023 to between $5.23 Vendors’ attention is increasingly fragmented across various data-collecting and transactional platforms. Cloud technology has significantly transformed the retail industry, addressing various business needs such as reducing infrastructure costs, and managing resources. trillion and $5.28

Retail 71

Retail Data breaches Digital transformation Risk 71

Security Boulevard

NOVEMBER 5, 2024

from 2023 to between $5.23 Vendors’ attention is increasingly fragmented across various data-collecting and transactional platforms. Cloud technology has significantly transformed the retail industry, addressing various business needs such as reducing infrastructure costs, and managing resources. trillion and $5.28

Retail 64

Retail Data breaches Digital transformation Risk 64

Thales Cloud Protection & Licensing

JUNE 5, 2024

Thales excels in these rapidly advancing technologies that require privacy and data security and are eager to continue working with Google Cloud on them. With AI implementations, cybersecurity attacks can occur at different states of the AI pipeline including data collection, model creation and training, and at inference.

Encryption 62

Encryption Artificial Intelligence Technology Data collection 62

eSecurity Planet

FEBRUARY 16, 2024

sectors in 2023, which raised concerns about its main goal: a widespread disruption. Reconnaissance Reconnaissance is the starting point of Volt Typhoon’s cyber campaign, characterized by thorough planning and data collection. Volt Typhoon struck again on several U.S.

Internet 113

Internet Internet Network Security Cybersecurity 113

SecureList

APRIL 22, 2024

Data collection tools Cuthead for data collection Recently, ToddyCat started using a new tool we named cuthead to search for documents. c:intelfkw.exe" 20230626 pdf;doc;docx;xls;xlsx In this case, the attackers collected all MS Excel, MS Word and PDF files modified after June 26, 2023.

VPN 143

VPN Passwords Encryption Malware 143

Thales Cloud Protection & Licensing

MAY 22, 2023

8 Key Components of a CIAM Platform sparsh Tue, 05/23/2023 - 04:15 Customer Identity and Access Management (CIAM) is essentially developed to improve the customer experience (CX), ensure the highest level of security, protect customer data, and support the management of external, non-employee identities.

Authentication 71

Authentication Mobile Data collection Passwords 71

SecureList

OCTOBER 25, 2023

However, as of September 2023, the number had dropped to 60,000 since the last update in April 2023. As of 2023, it is trading at around $150. During our analysis, the file was last updated on February 24, 2022, and the number of initial infections stood at 160,000 victims as of June 2022.

Malware 145

Malware DNS Encryption Cryptocurrency 145

SecureList

NOVEMBER 19, 2024

over 2023 by the end of this year. As shoppers seek the best deals in the run-up to major sales events like Black Friday, cybercriminals and fraudsters gear up to exploit this demand, attempting to steal personal data, funds, and spread malware through deceptive shopping lures. Intro The e-commerce market continues to grow every year.

Banking 102

Banking Phishing Scams Retail 102

Centraleyes

DECEMBER 1, 2024

The Shift Toward Revenue-Positive Compliance A 2023 study by Todd Haugh and Suneal Bedi from Indiana University’s Kelley School of Business offers groundbreaking insights into how compliance can create positive value beyond traditional risk management. Ensure Multi-Industry Compliance Compliance isn’t a one-size-fits-all situation.

Risk 52

Risk B2B Data privacy B2C 52

BH Consulting

JUNE 17, 2024

Google Cloud’s Mandiant division had some insights into trends, with two-thirds of ransomware in 2023 coming from new variants, and the remainder being variants of previously identified ransomware families. billion embedded devices worldwide in 2023, up from 13.8 Smart or connected devices are a growing part of the IT landscape.

Wireless 52

Wireless Ransomware Artificial Intelligence Data breaches 52