Digital Risk Protection

Digital Risk Protection Page 1

Mental Health Mobile Apps User Sensitive Data InfoSec Privacy

Mental health apps identified capitalising on users’ sensitive data

Findings published by Mozilla exposed a worrying concern about the lack of security and user privacy for mental health apps found on mobile application stores. These apps are valuable for people undergoing personal distress like anxiety, PTSD, domestic violence, etc. Some religion-themed apps are also discovered in a similar case. The study made by Mozilla...
Continue Reading
Onleihe Online Library Mobile App Cyberattack Germany Third Party Vendor Digital Risk

Onleihe, an online library application, severely affected by a cyberattack

After a cyberattack targeted their vendor, the library lending app Onleihe announced problems in multiple media formats endorsed on the platform, like audio, video, and e-book files. Onleihe is an application that enables visitors and users to connect to local libraries and borrow e-magazines and audiobooks. The application is utilised by various universities in Europe...
Continue Reading
Log4j Flaw Vulnerability Expose Devices Cyberattacks

The Log4j flaw still exposes thousands of devices to cyberattacks

Several months after security analysts found the critical zero-day flaw under the Java logging library Apache Log4j, they disclosed that many servers and applications are still prone to cyberattacks posed by the flaw due to failure to apply proper security patches. The vulnerability tracked as CVE-2021-44228 was first detailed last December, allowing hackers to launch...
Continue Reading
AI-generated Images Online Scam Fraud Prevention Cyberattack campaigns Social Engineering

AI-generated images exploited for new scam campaigns

Scammers are becoming more advanced as technology progresses after security researchers discovered that AI-generated images are being used to conduct fraudulent activities. Based on a report, one victim received a suspicious email from an alleged attorney in a Boston law firm. After examining the email’s sender, it turned out that they are non-existent, and the...
Continue Reading
Nokoyawa Ransomware Malware Threat Group TTP Cyber Threat

The latest information about Nokoyawa ransomware gets uncovered

Researchers claimed that the Nokoyawa ransomware showed similarities with the Hive group after noticing resemblances in their tricks, tactics, and procedures (TTPs). However, the researchers have taken a step back and reevaluated some things after separate researchers shared new details and discoveries on the Nokoyawa ransomware.   The Nokoyawa showed signs of being Hive related,...
Continue Reading
Third Party Vendor Antivirus Flaw Vulnerability Virus Total RCE Exploit Patched

A third-party AV flaw on VirusTotal triggering RCE exploit gets patched

A security flaw was found within Google’s VirusTotal platform, allowing threat actors to exploit it to accomplish remote code execution or RCE via the unpatched third-party sandboxing machines employing anti-virus applications. The vulnerability was fixed immediately after being discovered. VirusTotal is a malware-scanning platform under Google’s security subsidiary that investigates suspicious links, domains, and files...
Continue Reading
Video Conferencing Monitoring Noises Despite Muting Webex Cisco

Video-conferencing apps found monitoring noises despite users muting

Some academic researchers reported and warned that the Webex video-conferencing application owned by Cisco, and others, still monitor users’ microphone devices even if they have muted it from their end. The researchers also added that the telemetry data that the application transmits to user servers could be used to identify background activities happening from the...
Continue Reading
SolarMarker Malware Improved Evasion Tactic

The SolarMarker malware showed signs of an improved evasion tactic

Researchers have provided a thorough discussion regarding the newly upgraded strain of the SolarMarker malware. Based on reports, the malware operators of the SolarMarker have now included improvements, along with an upgraded defence evasion mechanism to remain undetected and bypass security solutions. The operators of this new malware variant use stealthy Windows Registry tactics to...
Continue Reading
Fake Windows 11 Update Websites Distributing Malware

Fake Windows 11 update websites are seen distributing malware

Since Windows has released its newest system version, Windows 11, threat actors have leveraged it to spread data-stealing malware that could affect users’ computers and compromise their privacy. This new malicious campaign involves the threat actors establishing a fake Windows 11 update website that baits users to update their computers so that the malware called...
Continue Reading
DeFi Platforms CyberAttack 2022 Decentralized Finance Crypto Cryptocurrency Bitcoin

DeFi platforms become one of the most attacked sectors for 2022

Several reports of cyberattacks targeting the cryptocurrency landscape have been emerging recently, with the Decentralized Finance or DeFi platforms being one of the most attacked. The platform suffered various attacks that caused it to lose massive funds through crypto scams. Security analysts revealed that in 2021, there was over $3 billion worth of digital assets...
Continue Reading
1 2 3 20