Popular video-sharing platform TikTok on Tuesday agreed to pause a controversial privacy policy update that could have allowed it to serve targeted ads based on users' activity on the social video platform without their permission to do so. The reversal, reported by TechCrunch, comes a day after the Italian data protection authority — the Garante per la Protezione dei Dati … [Read more...] about TikTok Postpones Privacy Policy Update in Europe After Italy Warns of GDPR Breach
Warns
Microsoft Warns About Evolving Capabilities of Toll Fraud Android Malware Apps
Microsoft has detailed the evolving capabilities of toll fraud malware apps on Android, pointing out its "complex multi-step attack flow" and an improved mechanism to evade security analysis. Toll fraud belongs to a category of billing fraud wherein malicious mobile applications come with hidden subscription fees, roping in unsuspecting users to premium content without their … [Read more...] about Microsoft Warns About Evolving Capabilities of Toll Fraud Android Malware Apps
U.S. Warns of APT Hackers Targeting ICS/SCADA Systems with Specialized Malware
The U.S. government on Wednesday warned of nation-state actors deploying specialized malware to maintain access to industrial control systems (ICS) and supervisory control and data acquisition (SCADA) devices. "The APT actors have developed custom-made tools for targeting ICS/SCADA devices," multiple U.S. agencies said in an alert. "The tools enable them to scan for, … [Read more...] about U.S. Warns of APT Hackers Targeting ICS/SCADA Systems with Specialized Malware
Microsoft Warns of ‘Ice Phishing’ Threat on Web3 and Decentralized Networks
Microsoft has warned of emerging threats in the Web3 landscape, including "ice phishing" campaigns, as a surge in adoption of blockchain and DeFi technologies emphasizes the need to build security into the decentralized web while it's still in its early stages. The company's Microsoft 365 Defender Research Team called out various new avenues through which malicious actors may … [Read more...] about Microsoft Warns of ‘Ice Phishing’ Threat on Web3 and Decentralized Networks
QNAP Warns of DeadBolt Ransomware Targeting Internet-Facing NAS Devices
Taiwanese company QNAP has warned customers to secure network-attached storage (NAS) appliances and routers against a new ransomware variant called DeadBolt. "DeadBolt has been widely targeting all NAS exposed to the Internet without any protection and encrypting users' data for Bitcoin ransom," the company said. "QNAP urges all QNAP NAS users to […] immediately update QTS to … [Read more...] about QNAP Warns of DeadBolt Ransomware Targeting Internet-Facing NAS Devices
NHS Warns of Hackers Targeting Log4j Flaws in VMware Horizon
The digital security team at the U.K. National Health Service (NHS) has raised the alarm on active exploitation of Log4Shell vulnerabilities in unpatched VMware Horizon servers by an unknown threat actor to drop malicious web shells and establish persistence on affected networks for follow-on attacks. "The attack likely consists of a reconnaissance phase, where the attacker … [Read more...] about NHS Warns of Hackers Targeting Log4j Flaws in VMware Horizon
Microsoft Warns of TodayZoo Phishing Kit Used in Extensive Credential Stealing Attacks
Microsoft on Thursday disclosed an "extensive series of credential phishing campaigns" that takes advantage of a custom phishing kit that stitched together components from at least five different widely circulated ones with the goal of siphoning user login information. The tech giant's Microsoft 365 Defender Threat Intelligence Team, which detected the first instances of the … [Read more...] about Microsoft Warns of TodayZoo Phishing Kit Used in Extensive Credential Stealing Attacks
Microsoft Warns of a Wide-Scale Phishing-as-a-Service Operation
Microsoft has opened the lid on a large-scale phishing-as-a-service (PHaaS) operation that's involved in selling phishing kits and email templates as well as providing hosting and automated services at a low cost, thus enabling cyber actors to purchase phishing campaigns and deploy them with minimal efforts. "With over 100 available phishing templates that mimic known brands … [Read more...] about Microsoft Warns of a Wide-Scale Phishing-as-a-Service Operation
New Study Warns of Security Threats Linked to Recycled Phone Numbers
A new academic study has highlighted a number of privacy and security pitfalls associated with recycling mobile phone numbers that could be abused to stage a variety of exploits, including account takeovers, conduct phishing and spam attacks, and even prevent victims from signing up for online services. Nearly 66% of the recycled numbers that were sampled were found to be tied … [Read more...] about New Study Warns of Security Threats Linked to Recycled Phone Numbers
Microsoft Warns CrowdStrike of Hackers Targeting Azure Cloud Customers
New evidence amidst the ongoing probe into the espionage campaign targeting SolarWinds has uncovered an unsuccessful attempt to compromise cybersecurity firm Crowdstrike and access the company's email. The hacking endeavor was reported to the company by Microsoft's Threat Intelligence Center on December 15, which identified a third-party reseller's Microsoft Azure account to be … [Read more...] about Microsoft Warns CrowdStrike of Hackers Targeting Azure Cloud Customers