Here are some interesting updates about cybersecurity threats and new trends.
Apple Adapts to EU's Digital Markets Act: Sideloading and App Store Alternatives on iPhones
Apple will comply with the EU's Digital Markets Act by enabling sideloading on iPhones in Europe, triggering concerns about potential privacy and security risks. This decision allows iOS to support different app stores and payment processing mechanisms.
The Digital Markets Act seeks to end Apple's App Store monopoly, similar to previous measures against Microsoft's web browser dominance.
Apple intends to introduce nearly 600 new APIs and other features, but warns of increased malware and scam threats. Developers can test these improvements in the iOS 17.4 beta, with full deployment scheduled in March 2024.
Source: Malwarebytes
Chrome Update Targets Zero-Day and Security Flaws
Google recently released an update for its Chrome browser that addressed four security flaws, one of which had already been exploited.
It suggests updating Chrome to protect against these vulnerabilities, pointing out three issues discovered in Chrome's V8 JavaScript engine. These vulnerabilities, as described in the CVE database, include out-of-bounds write, type confusion, and out-of-bounds memory access, which might allow remote attackers to exploit heap corruption via crafted HTML sites.
It also notes Microsoft Edge's response to similar issues, which advises users to use additional security features to reduce risks.
Source: Malwarebytes
Data Breach at Global Affair Canada
Canadian authorities conducted an investigation into a massive data breach impacting Global Affairs Canada. It was identified by detecting malicious cyber activities. Between December 2023 and January 2024, the hack exposed employees' internal drives, emails, and personal information, affecting remote work and network access.
To investigate and minimize the breadth of the compromise, forensic work is being done in conjunction with Shared Services Canada and the Canadian Centre for Cyber Security. The duration of the breach and the sensitive nature of the information at risk emphasize Global Affairs Canada's substantial security concerns, necessitating ongoing investigations and efforts to protect compromised data and restore services.
Source: CBC
Discovery of a New Ransomware Strain
Alpha group's latest ransomware strain has been present for nearly a year. He is targeting corporations in the United States, the United Kingdom, and Israel. The gang provides victims with a decryption key for a portal used to negotiate ransoms and offers to unlock three files as proof of their decryptor's efficiency.
Ransom payments have decreased significantly, owing to improved IT defences and mistrust about attackers keeping their promises to destroy stolen data. According to Coveware statistics, typical ransom payments will drop by 33% in the fourth quarter of 2023. This trend indicates increased resilience among targeted firms, potentially limiting the profitability of ransomware attacks.
Despite official warnings, the vast majority of IT and security professionals believe their firms would pay ransoms to recover data, with many having done so in the previous two years. Cohesity conducted a poll and discovered a strong willingness to pay considerable amounts for data recovery. This suggests a gap between recommended techniques and actual organizational behavior in crisis situations.
Source: IT World Canada
Protecting Elders From Scams in Thailand
Thailand's Ministry of Social Development and Human Security is collaborating with CIB cybercrime investigators to develop a national digital literacy program for seniors, in response to growing concerns about cybercrime and the elderly's vulnerability to online fraud. This project follows research indicating that Thailand's elderly have limited digital media literacy, making them great candidates for scammers.
With cybercrime on the rise, including contact centre fraud, online shopping scams, and investment schemes, the Thai government is stepping up efforts to address these dangers through education, improved law enforcement approaches, and cross-border cooperation. The approach also incorporates public participation through social media awareness and upcoming mobile applications, with the goal of protecting the community against cyberthreats and solving the issues posed by technology-enabled crimes.
Source: CTN News
.jpeg)
