Co-founder and CEO, Ofofo.io
Table of Contents
- WhatsApp has recently introduced new device verification features aimed at preventing account takeover attacks. With the increasing frequency of malware and ransomware attacks, this new feature is a significant step to enhance security for WhatsApp users. Currently, the feature is only available on Android, with plans to roll it out to iOS in the near future.
- Opera, the popular browser, has launched a free VPN add-on for iOS users. This provides an alternative to purchasing a VPN, making it easier for users to access blocked websites.
- A large number of small and medium businesses use WordPress as a primary content management system. Unfortunately, over one million WordPress sites have recently been impacted by the Balada injector malware campaign. As a result, it is important for users to stay vigilant and remove any malicious plugins.
- Google has recently launched an open-source security dependency checking service, allowing developers to check for vulnerabilities and dependencies in open-source libraries. The service is available at https://deps.dev.
- Microsoft and Apple have both released several security patches in the past week. The National Vulnerability Database (NVD) is now being managed by Vulncheck, a leading security company in the US.
- Microsoft has warned about the emergence of QuaDream, a company that is similar to NSO Group. The two companies could be competitors or may be related, but it is important for users to stay informed.
- Cybercriminals are using the dark web to create fake apps on the Google Store and inject malware. This has become a popular method due to increased regulations on the Android Play Store.
- The number of attacks on generative AI products such as ChatGPT and Google Bard is on the rise. To address this, ChatGPT has launched an OpenAI bug bounty program, offering rewards of up to $20,000.
- The FBI has advised the public to avoid using public charging stations, and we recommend using a USB condom for added security.
- For users of Kodi, a popular pirated app, it has been reported that user data is up for sale. It is recommended to either stop using Kodi for pirated content or find a secure way to use OTT services.
- The (ISC)2 organization, which manages the well-known CISSP certification, has recently earned a license for ANAB accreditation to launch the ISO 17024 certification. The number of certifications issued has already surpassed 15,000, but the frequency of ransomware attacks continues to increase.
- The Lazarus Group has evolved, with the emergence of the Legion hacking tool on Telegram. Python has become a crucial tool for hackers, and the Remcos Rat is targeting individuals who are filing taxes to obtain their financial information. Legion malware and RTM Locker are also growing threats. The recent ransomware attack on the Super Yacht specialist company, Lurssen, is a reminder that all organizations are vulnerable to cyber attacks.
- Several Israeli companies, including the irrigation systems, water controllers, and postal service, have been breached recently.
- North Korean hackers were uncovered as a mastermind behind 3CX supply chain attack that we saw last week. It's a state sponsored attack.
- Pakistan based transparent tribe hackers are targeting Indian educational institutions.