News

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, has been positioned as a Leader in The Forrester Wave™: Security Awareness and Training Solutions, Q1 2022 report. Using a 30-criteria evaluation, The Forrester Wave report ranks 11 vendors in the security awareness and training market based on their current offering, strategy and market presence. KnowBe4 received the highest scores possible in 16 of the 30 evaluation criteria.   “Being named as...

A relatively new Ransomware, LokiLocker, uses the standard extortion-through-encryption racket but also incorporates disk-wiper functionality. Double extortion soared in popularity last year, with ransomware gangs stealing files before encrypting them to threaten victims with a sensitive data leak if they didn't pay up. BlackBerry Threat Intelligence is warning that LokiLock, first seen in August 2021, now features an "optional wiper functionality" to put increased pressure on victims. Instead of using the threat of leaking a...

New research suggests that mobile applications boasting tens of millions of downloads are leaking sensitive user data due to the misconfiguration of back-end cloud databases, according to Check Point. Check Point's three-month study began with a simple query on VirusTotal for mobile apps listed on the malware scanning service that communicates with the Firebase cloud database. Using this method, the vendor discovered 2113 mobile apps that had their Firebase back-end exposed due to misconfigurations. The vendor...

The Rehab Group, one of the State’s largest disability services provider, been hit with a cyber-attack. The organisation notified the Data Protection Commissioner (DPC) that some of its systems have been compromised. The group informed the Data Protection Commissioner (DPC) that some of its systems have been compromised by malware. In a statement, the group said: “We have convened our serious incident management team and are working with cyber security experts to resolve this issue. The...

The German BSI has warned against the use of Kaspersky antivirus security products as the company is headquartered in Russia. The BSI suggested moving away from any Kaspersky product to another vendor, as the company may be forced to carry out offensive cyber operations by the Russian state. The BBC translated the BSI announcement: "A Russian IT manufacturer can carry out offensive operations itself, be forced against its will to attack target systems, or be...

A cyber attack on South Denver Cardiology Associates (SDCA) may have exposed the protected healthcare information (PHI) of thousands of cardiac patients. The healthcare provider issued a notice to its patients, disclosing that its network had been breached in January 2022. The perpetrator(s) are as yet unknown, gaining access to files containing information on 287,652 patients during the attack. SDCA said: “On January 4 2022, we identified unusual activity within our computer network. We immediately initiated our...

Security researchers have discovered the fourth destructive malware variant targeting Ukrainian machines so far this year. ESET claimed to have made the find yesterday, noting that the “CaddyWiper” malware was seen on a few dozen systems in a “limited number” of organizations. The malware erases user data and partitions information from attached drives. It also doesn't share any code similarities with previous variants discovered by ESET, namely  HermeticWiper and IsaacWiper. Beyond this, the code is not...

Businesses in Asean have placed cybersecurity squarely on the agenda, with business leaders discussing plans to plug existing gaps and adopt next-generation capabilities. This focus has been prompted by 94% of organisations in the region reporting a climb in cyberattacks last year, with 24% seeing at least 50% increase in disruptive attacks. 92% of Asean businesses believe that cybersecurity is a priority for their business leaders, according to a survey by Palo Alto Networks. The...

A new report Accenture suggests that cyber-criminals have split into pro-Ukraine and pro-Russia factions, with the latter focusing on western critical national infrastructure (CNI). The consulting giant's Accenture Cyber Threat Intelligence (ACTI) arm has warned that the recent ideological split could mean increased risk for Western organizations, as pro-Kremlin groups morph into quasi-activists. Government, media, finance, insurance, utilities and resources organizations should prepare for more attacks, said ACTI. “This targeted intent has led some actors...

Security analysts from Korea have detected a malware distribution campaign using Valorant cheat lures on YouTube in order to trick players into downloading RedLine, a powerful information stealer. This kind of lure is relatively common as threat actors can easily avoid YouTube's new content submission reviews, or simply create new accounts when old ones are reported and blocked. ASEC spotted the campaign, which targets the gaming community of Valorant, a free first-person shooter for Windows,...