Categories
Featured

Monday.com removes feature after it was abused in phishing attacks

[ad_1]

Popular project management and collaboration tool Monday.com was forced to disable one of its features after it was abused by a threat actor to send out phishing emails.

The “Share Update” feature allows users to share real-time updates, progress, or important information with team members, or stakeholders. Users can post updates, attach files or images, mention specific team members, and even set up automatic notifications for certain updates. 

[ad_2]

Source Article Link

Categories
Featured

Malware attacks on Docker Hub spread millions of malicious repositories

[ad_1]

Cybersecurity researchers from JFrog recently discovered three malicious campaigns in Docker Hub – Docker’s cloud-based registry service for storing and sharing container images. These campaigns contained millions of repositories that pushed generic trojan malware to the developers. 

The conclusion of JFrog’s findings is that with open-source repositories such as Docker Hub, keeping them clean of malware is an immensely difficult task.

[ad_2]

Source Article Link

Categories
Featured

Okta says it is facing unprecented levels of attacks

[ad_1]

Identity and access management company Okta says it is facing an “unprecedented” scale of credential stuffing attacks, looking to breach user accounts of its online services. 

Credential stuffing is a type of cyberattack in which threat actors use a previously obtained username/password list and “stuff” them into different services, to see if they can gain access. 

[ad_2]

Source Article Link

Categories
Featured

South Korea defense firms hit by North Korean attacks

[ad_1]

Multiple North Korean state-sponsored hacking groups have been attacking South Korean defense companies for more than a year, stealing login credentials and sensitive data. 

A Reuters report, citing South Korea’s law enforcement, claims three major threat actors – Lazarus, Kimsuky, and Andariel, have been going after defense organizations and third-party contractors, planting malicious code in data systems, pulling out passwords and technical information. 

[ad_2]

Source Article Link

Categories
News

Apple Warns Users in 92 Countries About Mercenary Spyware Attacks

[ad_1]

Apple on Wednesday sent threat notifications to users in 92 countries warning that they may have been targeted by mercenary spyware attacks, likely because of who they are or what they do.

apple security banner
According to TechCrunch, Apple sent the alerts to the individuals at 12 p.m. Pacific Time, delivered via email and iMessage using the contact details associated with the user’s Apple ID. A notification also appears at the top of the page if the user signs into appleid.apple.com.

“Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID -xxx-,” the company wrote in the warning to affected customers. “We are unable to provide more information about what caused us to send you this notification, as that may help mercenary spyware attackers adapt their behavior to evade detection in the future.”

“This attack is likely targeting you specifically because of who you are or what you do. Although it’s never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning — please take it seriously,” added the warning.

In an updated support document, Apple said it has sent similar threat notifications to users in over 150 countries since 2021. “The extreme cost, sophistication, and worldwide nature of mercenary spyware attacks makes them some of the most advanced digital threats in existence today,” said the company. “As a result, Apple does not attribute the attacks or resulting threat notifications to any specific attackers or geographical regions.”

Last October, Apple sent similar warnings to some journalists and politicians in India. Soon after, nonprofit advocacy group Amnesty International reported that it had found Israeli cyber-arms company NSO Group’s invasive spyware Pegasus on the iPhones of prominent journalists in India. Users in India are among those who received the latest threat notifications, according to people familiar with the matter who spoke to TechCrunch.

The alerts come at a time when many nations are preparing for democratic elections. Apple previously described the attackers as “state-sponsored” in the support document, but has replaced those references with “mercenary spyware attacks.” The warning to customers reads: “Mercenary spyware attacks, such as those using Pegasus from the NSO Group, are exceptionally rare and vastly more sophisticated than regular cybercriminal activity or consumer malware.”

Apple advises those who have received a threat notification to seek expert help, such as the rapid-response emergency security assistance provided by the Digital Security Helpline at the nonprofit Access Now. Apple threat notification recipients can contact the Digital Security Helpline 24 hours a day, seven days a week through their website.

Users who have not received an Apple threat notification but have good reason to believe they may be individually targeted by mercenary spyware attacks are advised to enable Lockdown Mode on their devices for additional protection.

[ad_2]

Source Article Link

Categories
Featured

Cisco alerts users to password-spraying attacks targeting VPN services

[ad_1]

Networking giant Cisco has warned its users of an ongoing attack against its business VPN services.

In a security advisory, Cisco said it had been notified of an ongoing password-spraying attack against different third-party VPN concentrators. 

[ad_2]

Source Article Link

Categories
Featured

New Zealand government claims it also suffered attacks from Chinese hacking groups

[ad_1]

New Zealand has joined the UK in accusing China of sponsoring hacking groups in their attempts to steal sensitive information from western nations.

The country’s government has pointed the finger at a group tracked as APT40, which has been linked to a breach of the Parliamentary Counsel Office and the Parliamentary Service in 2021, around the same time that the UK suffered a similar attack.

[ad_2]

Source Article Link

Categories
Featured

VR headsets could be hacked in “Inception-esque” attacks — with attackers able to steal your data without you even noticing

[ad_1]

If someone were to infect your Meta Quest VR headset with malware, they could trick you into seeing things in the virtual world which weren’t real, experts have warned.

Academics from Cornell University recently published a paper describing the possibility of hijacking people’s VR sessions and controlling their interactions with internal applications, external servers, and more. 

[ad_2]

Source Article Link

Categories
News

How to Protect Your Cryptocurrency Investments from Cyber Attacks

cryptocurrency

Cryptocurrency theft or attack is a serious issue of concern in the digital currency world. In fact, in the latest Statista crypto theft report, $320 million was lost in February 2022 alone and was never recovered. While cryptocurrencies are well known for sophisticated security systems, hackers have always found entryways into these tough security systems to cause mayhem. Whether it’s your first time trading coins or you are an experienced trader, it’s important to learn how to protect your investments. Here are some proven ways to go about it.

Store in a Cold Wallet

One of the main reasons why hackers easily attack and steal cryptocurrency investments is because they’re stored online in hot wallets. Cold wallets are devices that store cryptocurrency private keys offline. Once you buy Bitcoin, for instance, you can hold it in a cold wallet and have the private keys transferred from an internet-connected device to a non-connected or offline device. This way, you minimize attacks on your investments either at a personal or corporate level.

Learn About Latest Cyber Scams

Cyber scams have continued to evolve with every new invention of cybersecurity trends. Scammers and cybercriminals also take advantage of the struggles law enforcers go through globally to curb rising cybercrimes. If you’re a newcomer in this trade, even the oldest of scams can catch you unawares, leaving you counting your losses.

For instance, scammers can easily trick you into revealing your one-time password (OTP) to be used in activating two-factor authentication to access your account. Fraudsters can use different tricks to acquire your OTPs, including the following:

  • Accessing unmonitored verification forms
  • Posing as authorized parties
  • Impersonating you at banks
  • Sending malware-infiltrated links

Regardless of the nature of the scam, you should be well prepared to avert the threats they carry to remain safe in the long run.

Always Use Secure Internet

It’s important to emphasize that public or widely shared internet protocols are major leeways to various forms of cyber attacks. Even if you use public Wi-Fi for personal use, when it comes to trading and crypto transactions, you must switch to a secure connection. You can use a VPN to add an extra layer of protection over your home or office network just to cover your location and IP address, keeping you secure whenever you browse.

Open Multiple Wallets

Opening multiple wallets can help minimize the magnitude of loss in case you’re attacked, and your investment goes. You can maintain a separate wallet for various activities, like one for active trading, another for online purchases and transactions and another one for storing your investments.

Doing this will help restrict any loss to the account that’s been attacked, leaving the rest safe and intact. If hackers got your wallet information from a website or platform you purchased something from, they could only steal what’s in that account while your other investments remain safe.

Don’t Expose Your Crypto Holdings

Many users are tempted to show the world their trading success in an attempt to woo newcomers into the craft for some commission. Hackers use social media as a fertile ground for gathering user information before launching an attack. You might end up exposing just what they need to gain access to your account and steal everything remaining there.

Protecting your cryptocurrency investments from cyber attacks will demand a lot from you, which means you must remain vigilant anytime you’re transacting. These five crucial tips should help you achieve a smooth run with your investment accounts in the long run.

Image Credit Kanchanara

Filed Under: Guides, Technology News





Latest timeswonderful Deals

Disclosure: Some of our articles include affiliate links. If you buy something through one of these links, timeswonderful may earn an affiliate commission. Learn about our Disclosure Policy.