Google Rolls Out End-to-End Encryption for Android Messages
The Security Magazine dwell on Google finally introducing E2EE for its Message platform.
Google has finally announced that end-to-end encryption (E2EE) will begin rolling out on its Messages platform, bringing it in line with rivals WhatsApp and iMessage in the security stakes.
Messages by Google is built on the open Rich Communication Services (RCS) standard to offer improvements over legacy SMS such as anti-spam, launching of video calls direct from conversations, Smart Reply and more
Read further on the Security Magazine
UN and Europol Warn of Growing AI Cyber-Threat
InfoSecurity Magazine published a report on growing threat of AI cybercrime
Cyber-criminals are just getting started with their malicious targeting and abuse of artificial intelligence (AI), according to a new report from Europol and the UN.
Compiled with help from Trend Micro, the Malicious Uses and Abuses of Artificial Intelligence report predicts AI will in the future be used as both attack vector and attack surface.
Read more on the InfoSecurity Magazine
ThreatList: Pharma Mobile Phishing Attacks Turn to Malware
As companies fight for leadership in developing COVID-10 vaccine, cybercriminals do not rest as well...
After the breakout of the COVID-19 pandemic, mobile phishing attacks targeting pharmaceutical companies have shifted their focus from credential theft to malware delivery.
As pharmaceutical companies such as Pfizer race to develop a vaccine for COVID-19, mobile phishing gangs are swapping up their tactics in hopes to get their hands on critical research.
Read further on the Threat Post
Deception Technology: No Longer Only A Fortune 2000 Solution
The Hacker News reported on the latest developments in deception technology which made it more affordable.
A cyber-attacker successfully breaks into your environment and begins sneaking around to find something valuable - intellectual property, bank account credentials, company plans, whatever. The attacker makes his way to a certain host on a network node to browse the directories, and suddenly, his connection is cut off. The stolen username and password he acquired no longer works.
Unknowingly, the attacker triggered a well-concealed trap that detected his presence, took immediate action to sever his connection, and then blocked his reconnect ability. Very cool.
Remote Working Exposing Businesses to Unforeseen Threats
The Infosecurity Magazine reported on unforeseen dangers of major shift to remote jobs.
The sudden shift to remote working this year as a result of COVID-19 has left businesses at far higher risk of cyber-attacks, largely due to their corporate infrastructure being exposed to attack vectors and threats that would not have been considered a year ago.
This is according to Bitdefender's The New Normal State of Cybersecurity report, which showed that businesses are particularly at risk of attacks exploiting unpatched vulnerabilities that are under a year old, with 36.37% of all unpatched vulnerabilities involving CVEs that were assigned in 2019 in the first half of 2020.
Read more on The Infosecurity Magazine
New Chrome Zero-Day Under Active Attacks: Update Your Browser
The Hacker News reported on actively exploited zero-day flaw in the Chrome browser.
Google has patched a second actively exploited zero-day flaw in the Chrome browser in two weeks, along with addressing nine other security vulnerabilities in its latest update.
The company released 86.0.4240.183 for Windows, Mac, and Linux, which it said will be rolling out over the coming days/weeks to all users...
Read more on The Hacker News
Microsoft and Other Tech Companies Take Down TrickBot Botnet
The Hacker News reported on joint successful effort aimed at eliminating a dangerous botnet
Days after the US Government took steps to disrupt the notorious TrickBot botnet, a group of cybersecurity and tech companies has detailed a separate coordinated effort to take down the malware's back-end infrastructure.
The joint collaboration, which involved Microsoft's Digital Crimes Unit, Lumen's Black Lotus Labs, ESET, Financial Services Information Sharing and Analysis Center (FS-ISAC), NTT, and Broadcom's Symantec, was undertaken after their request to halt TrickBot's operations were granted by the US District Court for the Eastern District of Virginia.
Read further on The Hacker News
Android Ransomware Has Picked Up Some Ominous New Tricks
Wired has published a report on new tricks of Android Ransomware.
THOUGH RANSOMWARE HAS been around for years, it poses an ever-increasing threat to hospitals, municipal governments, and basically any institution that can't tolerate downtime. But along with the various types of PC malware that are typically used in these attacks, there's another burgeoning platform for ransomware as well: Android phones. And new research from Microsoft shows that criminal hackers are investing time and resources in refining their mobile ransomware tools—a sign that their attacks are generating payouts.
New Flaws in Top Antivirus Software
The Hacker News reported on details of security vulnerabilities found in popular antivirus solutions that could enable attackers to elevate their privileges, thereby helping malware sustain its foothold on the compromised systems.
According to a report published by CyberArk Labs today and shared with The Hacker News, the high privileges often associated with anti-malware products render them more vulnerable to exploitation via file manipulation attacks, resulting in a scenario where malware gains elevated permissions on the system.
Read further on The Hacker News
The 5 must do’s for every workplace risk management plan
The Security Magazine published an insight into successful risk management plan development
COVID-19 has unleashed unprecedented challenges for all businesses. Workplaces are going to need to adapt and adopt training and risk assessment protocols to keep employees healthy and safe. In my over 30 years of experience in civilian and law enforcement response to active threats, it is clear to me that the business community will never “go back to normal.†While there is no single, turn-key solution, the most critical action is to have a clear plan. Below are five, foundational steps to take when developing a workforce risk management plan:...
Read further on the Security Magazine