Weekly Cybersecurity News
Ayushman Singh
Community Manager
We share this week’s important news of current events in the world of cybersecurity that directly or indirectly impact our lives as well as operations of businesses, various institutions and organizations, and governments-nation states in this highly digitalized and interconnected world.
Since the launch of ChatGPT in November 2022, vishing, smishing, and phishing attacks have surged by 1,265%, leading to a significant lack of protection against voice and messaging fraud in 76% of enterprises. Mobile fraud, particularly through smishing and vishing, is causing substantial losses for 61% of enterprises. Despite this, over three-quarters of enterprises do not invest in SMS spam or voice scam/fraud protection. Communication Service Providers (CSPs), on which enterprises depend for telecom-related fraud protection, face challenges in implementing robust security measures. A notable 46% of CSPs lack threat intelligence services, making them vulnerable to evolving threats. Security leaders among CSPs, prioritizing and investing in security, are better positioned to win enterprise business. The report underscores the need for enhanced network security measures to address the growing threat landscape fueled by advancements in AI-powered cybercrime techniques.
Malicious AI models on Hugging Face backdoor users’ machines:JFrog’s security team uncovered around 100 instances of malicious AI and machine learning (ML) models on the Hugging Face platform. Despite Hugging Face’s security measures, including malware and secrets scanning, these models pose a significant risk, with some capable of executing code on victims’ machines, creating persistent backdoors. JFrog’s advanced scanning system found harmful payloads within PyTorch and Tensorflow Keras models. One highlighted case involved a PyTorch model that, when loaded, could establish a reverse shell, demonstrating the potential for serious security breaches. The findings emphasize the need for heightened vigilance and proactive measures to secure the ecosystem from such malicious AI actors.
Google Says Some Gmail Accounts Will Be Deleted, Messages Blocked:Google is implementing significant changes for Gmail users in 2024. Inactive Gmail accounts, not used for at least two years, are being deleted as part of an update to the inactive account policy. Users are urged to sign in to important accounts to prevent data purging, emphasizing a ‘use it or lose it’ approach. Additionally, starting no earlier than June 2024, Google will enforce measures against unauthenticated bulk sender emails to Gmail, aiming to reduce spam and enhance user security. Gmail users can expect a reduction in spam emails and improved protection from malicious content. Marketers are advised to adopt authentication protocols like DMARC to ensure trust, deliverability, and navigate evolving anti-spam challenges.
Exclusive: Companies flock to passwordless tech:Many companies are planning to move away from traditional passwords, with 55% having a plan in place, according to a survey. The shift aims to counter the increasing threat of hackers using leaked login credentials. Among these organizations, 32% plan to reduce password reliance within a year, and 54% intend to do so within two years. Major websites like Google and PayPal now support password less logins, although some friction remains as not all platforms fully embrace these technologies.
Why You Should Never Open This Dangerous Message On Your Phone:There is a growing menace of SMS fraud, or smishing, impacting smartphone users worldwide. SMS fraud has surged, accounting for 4.8% of global messaging traffic and causing significant financial losses for brands. The inherent convenience and ubiquity of SMS contribute to its susceptibility. There are ongoing challenge in finding effective industry solutions to smishing. Users should promptly delete suspicious messages.
New iOS Update Warning Issued To All iPhone Users:Apple is set to make significant changes to its App Store for EU users, allowing sideloading in compliance with the Digital Markets Act. A security report by Promon reveals that 93% of tested iOS apps are vulnerable to repackaging attacks, posing a risk with the upcoming sideloading feature. The report highlights the ease of bypassing iOS app encryption and emphasizes the need for greater repackaging prevention strategies. While Apple is implementing safeguards, users are advised to be cautious about app downloads, delete unused apps, and promptly update iOS for security.
Security Bite: Jamf warns cyber hygiene among many Apple-using businesses is ‘abysmal’:A report from Jamf, a popular Apple device management platform, reveals concerning statistics about the security practices of Apple-using businesses. Key findings include the presence of known vulnerabilities on 40% of mobile users and 39% of organizations, 20% of organizations impacted by malicious network traffic, and 8% of organizations with a mobile device accessing a third-party App Store. The report also highlights specific Apple-related findings, such as the detection of 21 new malware families on macOS in 2023 and the growing popularity of Trojans, accounting for 17% of all Mac malware instances.
Beware of a new Android threat targeting your photos and texts without even opening them:There is a growing threat of the XLoader malware, particularly targeting Android devices. The malware, also known as MoqHao, has evolved to infiltrate devices more effectively. XLoader spreads through text messages using a method known as “smishing” and it can trick users into downloading malicious files or granting permissions. Six practical tips to protect Android devices from XLoader are avoiding sideloading apps, being cautious with permissions, limiting the number of installed apps, downloading only from reputable sources, keeping software updated, and using reliable antivirus software.
Secure email gateways struggle to keep pace with sophisticated phishing campaigns:The annual State of Email Security Report by Cofense reveals a 104.5% increase in malicious emails bypassing secure email gateways in 2024. Phishing attacks, particularly credential phishing, have evolved with new tactics like vishing and QR code phishing. Healthcare and finance are top-targeted industries. New malware families emerged after the dismantling of Qakbot. Persistent threats include Emotet/Geodo, Snake Keylogger, and FormBook. A new phishing tactic using Google Accelerated Mobile Pages saw a 1,092% increase. Business Email Compromise (BEC) scams remain highly damaging. The report emphasizes the need for a different approach to email security due to escalating cyber threats.
Relevant tags:
Published on Medium
