Singapore's retail banking sector has been given a three-month deadline to eliminate the use of one-time passwords (OTPs) for online account authentication, according to a joint announcement by the Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) on July 9, 2024. 

To combat the growing threat of phishing attacks, banks will transition to using digital tokens for customer logins. The MAS stated, "Customers who have activated their digital...

Apple has issued a firmware update for AirPods addressing a security flaw that could potentially allow unauthorized access to the headphones. Identified as CVE-2024-27867, the vulnerability impacts various models including AirPods (2nd generation and later), AirPods Pro, AirPods Max, Powerbeats Pro, and Beats Fit Pro. 

According to Apple's advisory released on Tuesday, the issue involves an authentication weakness during...

An investigation into malware logs on hidden internet platforms revealed thousands of users accessing illegal images of children. This discovery underscores how such data can aid in combating serious crimes. Recorded Future reported finding about 3,300 users with accounts on websites known for these images, and 4.2% had credentials for multiple sites, suggesting involvement in criminal activities. Recently, easily accessible software designed to steal sensitive information like passwords,...

Cybersecurity agencies from Australia, Canada, Germany, Japan, New Zealand, South Korea, the U.K., and the U.S. have issued a warning about a China-linked hacking group called APT40. This group can exploit new security flaws very quickly, sometimes within hours or days of their discovery.

APT40 has targeted organizations in various countries, including Australia and the U.S. They are known for quickly adapting and using proof-of-concept vulnerabilities for attacks. This group, also...

The cybersecurity landscape has seen a shocking increase in ransomware payments, soaring over 500% recently. According to Sophos' "State of Ransomware 2024" report, organizations now pay an average of $2 million, up from $400,000 last year. Similarly, RISK & INSURANCE reported median ransom demands jumping to $20 million in 2023 from $1.4 million in 2022, with payments climbing to $6.5 million from $335,000 in the same period. 

This rise highlights the...

Since April 2022, the Black Basta ransomware group has attacked over 500 organizations in North America, Europe, and Australia. A report from CISA, FBI, HHS, and MS-ISAC shows that they have targeted 12 of the 16 main critical infrastructure sectors, encrypting and stealing data. Black Basta commonly uses phishing and known software flaws to break in, then demands money by threatening to publish stolen data if not paid. Instead of giving a ransom amount u

Source: May 13, 2024 20:16 (on 5/14/24) |  0 | 1 minute read

Dropbox, the cloud storage services provider, disclosed a significant breach affecting its digital signature service, Dropbox Sign (formerly known as HelloSign). This breach, discovered on April 24, 2024, resulted in unauthorized access by unidentified threat actors to user emails, usernames, and general account settings associated with all users of the digital signature product. Additionally, for certain subsets of users, the attackers accessed...

Google has delayed its plan to remove third-party tracking cookies from its Chrome browser amid ongoing concerns from U.K. regulators about its Privacy Sandbox initiative. The company is working closely with the U.K. Competition and Markets Authority (CMA) to address these issues and hopes to reach an agreement by the end of the year. 

The new timeline involves beginning the phase-out of...

Binarly's recent findings reveal a security loophole in the Lighttpd web server utilized within baseboard management controllers (BMCs), left unaddressed by major device manufacturers like Intel and Lenovo. Originally discovered and patched by Lighttpd maintainers in August 2018, the absence of a CVE identifier or advisory led to its oversight by developers of AMI MegaRAC BMC, thus integrating it into Intel and Lenovo products.

April 15, 2024 23:28 (on 4/16/24) |  0 | 2 minutes read

Google has unveiled support for the V8 Sandbox in its Chrome web browser, aiming to combat memory corruption issues. According to Samuel Groß, the V8 Security technical lead, the sandbox prevents the spread of memory corruption within the host process. 

Described as a lightweight, in-process sandbox for the JavaScript and WebAssembly engine, the V8 Sandbox mitigates common vulnerabilities....