Authentication, Development and Malware - Information Technology Zone

Chinese cyber espionage growing across all industry sectors

CIO Business Intelligence

MARCH 4, 2025

The report also highlighted that Chinese groups continue to share malware tools a long-standing hallmark of Chinese cyber espionage with the KEYPLUG backdoor serving as a prime example. Vault Panda has used many malware families shared by Chinese threat actors, including KEYPLUG, Winnti, Melofee, HelloBot, and ShadowPad.

Industry

Industry Malware Telecommunications Groups

Are Your Firewalls and VPNs the Weakest Link in Your Security Stack?

Network World

OCTOBER 21, 2024

This led to the development of early antivirus software and firewalls, which were designed to protect computers from malicious software and unauthorized access. This philosophy demands rigorous and continuous authentication and authorization procedures before granting access to any resources or systems.

Firewall

Firewall Security Architecture Strategy

DeepSeek and AI-Generated Malware Pose New Danger for Cybersecurity

SecureWorld News

MARCH 13, 2025

A recent report from Tenable highlights how DeepSeek R1, an open-source AI model, can generate rudimentary malware, including keyloggers and ransomware. While the AI-generated malware required manual debugging to function properly, its mere existence signals an urgent need for security teams to adapt their defenses.

Malware

Malware Security Tools Report

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

Chinese cyber espionage growing across all industry sectors

CIO Business Intelligence

MARCH 4, 2025

The report also highlighted that Chinese groups continue to share malware tools a long-standing hallmark of Chinese cyber espionage with the KEYPLUG backdoor serving as a prime example. Vault Panda has used many malware families shared by Chinese threat actors, including KEYPLUG, Winnti, Melofee, HelloBot, and ShadowPad.

Industry

Industry Malware Telecommunications Groups

6 key mobile and IoT/OT attack trend findings

Network World

OCTOBER 18, 2024

Overall, ThreatLabz tracked a rise in financially motivated mobile attacks – with 111% growth in spyware and 29% growth in banking malware – most of which can bypass multifactor authentication (MFA). Zscaler blocked 45% more IoT malware transactions than the previous year. Below, we will summarize key findings from the report.

Mobile

Mobile Trends Malware Spyware

Mobile Malware Uses Deepfakes, Social Engineering to Bypass Biometric Authentication

SecureWorld News

FEBRUARY 15, 2024

A sophisticated form of mobile malware dubbed "GoldPickaxe" has been uncovered, which collects facial recognition data to produce deepfake videos, enabling hackers to bypass biometric authentication protections on banking apps. The malware has been active since 2023, specifically targeting victims in Vietnam and Thailand.

Malware

Malware Authentication Mobile Engineering

Hottest selling product on the darknet: Hacked GenAI accounts

Network World

JULY 31, 2024

Cybercriminals looking to abuse the power of generative AI to build phishing campaigns and sophisticated malware can now purchase easy access to them from underground marketplaces as large numbers of threat actors are putting stolen GenAI credentials up for sale every day.

Malware

Malware Advertising Research Authentication

Don’t break the bank: Stopping ransomware from getting the best of your business

Network World

JUNE 13, 2024

The life cycle of a cyberattack Regardless of the method that threat actors use to commit cyberattacks—phishing, malware, and, yes, ransomware—the stages of every attack are remarkably similar. In cyber terms, this translates into the user, device, or vulnerable asset being compromised by a phishing or malware attack. Stay up to date.

Banking

Banking Insurance Malware Trends

Document Security is More than Just Password-Protection

CIO Business Intelligence

OCTOBER 4, 2023

From embedding malware or a phishing link in a document to manipulated or outright forged documents and other types of cyber fraud, the increase in document-related attacks cannot be ignored, especially if your company handles tax forms, business filings, or bank statements–the three types of most frequently manipulated documents.

Security

Security Disaster Recovery Malware Authentication

Don’t gamble with your identity verification practices

CIO Business Intelligence

OCTOBER 16, 2023

I also emphasized that companies need to urgently review their employee access protocol, writing that companies must “ make it a point to do continuous employee training to help your teams avoid being duped by phishing and malware tactics.” It might make us feel safer and more secure in our connected world. Ransomware, Security

Authentication

Authentication Social Engineering Security

The hidden costs of your helpdesk

CIO Business Intelligence

AUGUST 29, 2024

When you add multi-factor authentication (MFA) resets to the picture, that number is likely even higher. Most authentication methods are actually quite easy to get around, and in many cases were never intended to be security factors. But what happens when a user can’t access their authenticator app?

Authentication

Authentication Social Security Engineering

Protecting Customer Accounts: The Defining Domain of Digital CISOs

CIO Business Intelligence

JUNE 8, 2022

Many of these accounts have elevated privileges to access corporate assets or development and production environments for customer-facing systems. Authentication options: Internally, CISOs have a range of strong authentication options, including smartcards and tokens.

Authentication

Authentication Security Knowledge Base Policies

Bybit Hack: $1.46 Billion Crypto Heist Points to North Korea's Lazarus Group

SecureWorld News

FEBRUARY 26, 2025

Dubai-based exchange Bybit was targeted in a malware-driven attack that resulted in the theft of approximately $1.46 The Bybit theft resulted from malware-driven manipulation of cold wallet transactions, exploiting multi-signature vulnerabilities," Soroko said. billion in crypto assets.

Groups

Groups Malware Security Industry

Claim: DeepSeek AI can be hacked to generate malware

Dataconomy

FEBRUARY 13, 2025

Experts warn that DeepSeek, a generative AI developed in China, has failed multiple security tests, raising concerns about the risks for users. The Silicon Valley security provider AppSOC discovered significant vulnerabilities, including the ability to jailbreak the AI and generate malware.

Malware

Malware Government Applications Security

US Air Force seeks generative AI test pilots

CIO Business Intelligence

JUNE 13, 2024

To be known as NIPRGPT, it will be part of the Dark Saber software ecosystem developed at the Air Force Research Laboratory (AFRL) Information Directorate in Rome, New York. Technology is learned by doing,” said Chandra Donelson, DAF’s acting chief data and artificial intelligence officer.

Policies

Policies Artificial Intelligence Tools Network

Protecting Oil and Gas Industry Infrastructure: Strategies for Resilience

SecureWorld News

JANUARY 16, 2025

Multi-factor authentication (MFA): MFA ensures that access to critical systems is granted only after verifying user credentials through multiple channels. Develop backup and recovery plans: Data recovery plans are essential to mitigate the impact of cyber incidents. This significantly reduces the risk of unauthorized access.

Industry

Industry Strategy Disaster Recovery Backup

SquareX Discloses “Browser Syncjacking”, a New Attack Technique that Provides Full Browser and Device Control, Putting Millions at Risk

CIO Business Intelligence

JANUARY 30, 2025

Browser extensions have been under the spotlight in enterprise security news recently due to the wave of OAuth attacks on Chrome extension developers and data exfiltration attacks. The extension then silently authenticates the victim into a Chrome profile managed by the attackers Google Workspace.

Security

Security Enterprise Enterprise Authentication

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

SecureWorld News

FEBRUARY 20, 2025

He urges enterprises to implement Privileged Access Management (PAM) solutions and multi-factor authentication (MFA) and to enforce robust password policies to reduce the risk of account compromise. Develop and test ransomware response plans. Deploy endpoint detection and response (EDR) solutions.

SMB

SMB Security Network Strategy

An expanded attack surface: The cybersecurity challenges of managing a hybrid workforce

CIO Business Intelligence

SEPTEMBER 29, 2022

As a result, the potential for malware to become resident on home computers is increasing.”. Locandro highlights the need to focus on the securing the edge with cyber products which cover “end point” protection, two-factor authentication as well as employees keeping up to date with virus protection software on home computers.

Exercises

Exercises Malware Security Network

Critical Actions Post Data Breach

SecureWorld News

DECEMBER 30, 2024

If malware is detected on workplace computers, these devices must be promptly disconnected from the network to prevent further spread. ISO 22398: Covers the principles of planning, conducting, and developing training programs to prepare teams for critical situations through practical exercises and simulations.

Data

Data Business Continuity Exercises Security

How to manage cloud exploitation at the edge

CIO Business Intelligence

JULY 17, 2023

Malware Distribution: Cloud exploitation can involve hosting or distributing malware through cloud-based platforms or services. Attackers may upload malicious files or applications to cloud storage or use cloud infrastructure to propagate malware to unsuspecting users. What can businesses do?

Cloud

Cloud How To Open Source Applications

Russian hackers are targeting vaccine development, officials say

The Verge

JULY 16, 2020

Hackers from Russian intelligence services are targeting organizations that are involved in COVID-19 vaccine development, according to US, UK, and Canadian authorities. The NCSC believes the hackers are collecting COVID-19 research, including vaccine development information. “We Photo by Ute Grabowsky/Photothek via Getty Images.

Development

Development Pharmaceuticals Groups Malware

Your Company’s Executives Are in the Crosshairs of Whaling. Are They Ready?

SecureWorld News

DECEMBER 19, 2024

Since then, phishing attacks have increased, become more widespread and frequent, and developed more sophisticated methods. However, phishing tactics continue to evolve and become more convincing, with criminals now harnessing AI to develop phishing campaigns that are hard to detect.

Training

Training Firewall Sports Malware

Google Accounts Compromised by Hackers Without the Need for Passwords

IT Toolbox

JANUARY 9, 2024

The development came soon after Google made the switch from passwords to passkeys. The post Google Accounts Compromised by Hackers Without the Need for Passwords appeared first on Spiceworks.

Google

Google Development Authentication Malware

Buyer’s guide: Secure Access Service Edge (SASE) and Secure Service Edge (SSE)

Network World

JUNE 6, 2024

Gartner cautions that Cloudflare lacks some features, such as file malware sandboxing, DEM, and full-featured built-in reporting and analytics. Broadcom’s VMware unit: VMware SASE was developed in-house and includes SD-WAN, ZTNA, CASB, FWaaS, and SWG. VMware is a leader in Gartner’s Magic Quadrant for WAN Edge Infrastructure.

Security

Security WAN Vmware Network

BGP: What is border gateway protocol, and how does it work?

Network World

MAY 17, 2024

The absence of security and authentication controls, particularly in early drafts of BGP, makes it challenging to verify the legitimacy of route operations, leaving networks vulnerable to unauthorized route advertisements. And all the while end users think they are visiting legitimate sites.

Internet

Internet Advertising Network Security

The Rise of Insider Threat Automation: When Employees Weaponize AI

SecureWorld News

MARCH 10, 2025

Create custom malware that adapts to countermeasures in real time. Understanding these factors is crucial to developing defenses that can evolve alongside these emerging threats. Or consider a developer embedding subtle, AI-enhanced backdoors into critical software updates, remaining undetected by conventional security scans.

Open Source

Open Source Security System Data

Developing Your Business Email Compromise (BEC) Incident Response Plan

SecureWorld News

NOVEMBER 22, 2021

Additionally, adding a banner or warning to external emails can make it easier to detect spoofed phishing attempts and enabling Domain-based Message Authentication, Reporting & Conformance (DMARC) can help block some attempts. Your escalation procedures for BEC may be slightly different than for malware or other incidents.

Development

Development Financial Banking Resources

Over 100,000 ChatGPT Accounts Compromised by Cybercriminals

SecureWorld News

JUNE 21, 2023

Since its creation, ChatGPT has gained rapid popularity among employees for optimizing various aspects of their work, including software development and business communications. Info stealers are a type of malware that specializes in collecting various credentials and personal information from infected computers.

Groups

Groups Malware Software Development Authentication

Apple responds to privacy concerns over Mac software security process

The Verge

NOVEMBER 16, 2020

Apple says a service known as Gatekeeper “performs online checks to verify if an app contains known malware and whether the developer’s signing certificate is revoked.” This security feature checks that an app’s developer certificate hasn’t been revoked before it’s allowed to launch.

Apple

Apple Software Software Security

Security and Windows 10 Will Cross Paths for Enterprises

CTOvision

MARCH 17, 2015

1 area of spending increase in 2015, with nearly half (46%) planning to invest more in access control, intrusion prevention, and virus and malware protection. Multi-factor authentication for both cloud-based accounts and on-premise Active Directory will now be part of Windows, rather needing a hardware solution to complete.

Windows

Windows Enterprise Enterprise Security

ClearFake reCAPTCHA scam infects 9,300 websites

Dataconomy

MARCH 20, 2025

First identified in July 2023, ClearFake utilizes compromised WordPress sites as a vector for malware distribution, primarily relying on fake web browser update prompts. The primary objective of these infection chains is to deliver information-stealing malware targeting both Windows and macOS systems.

Malware

Malware Automotive Analysis Windows

Visa Security Alert: 12 Steps to Keep Card Skimmers Off Your Website

SecureWorld News

SEPTEMBER 8, 2020

While the use of an XOR cipher is not new, this is the first time Visa has observed its use in JavaScript skimming malware. The developer of this malware kit uses the same cipher function in the loader and the skimmer.". Regularly scan and test eCommerce sites for vulnerabilities or malware.

Malware

Malware Security Firewall Analysis

Insider Threat: A perspective on how to address the increasing risk

CTOvision

OCTOBER 28, 2015

Spanning a wide range of malicious activities from destructive malware and denial of service attacks, to the theft of intellectual property and even espionage, cyber threats pose a significant risk to any business. In recent years, multiple high-profile, high-impact breaches have raised awareness of the cyber threat.

How To

How To Policies Security Malware

Recipe for Cybersecurity Success in the Restaurant Industry

SecureWorld News

SEPTEMBER 18, 2024

Checkers and Rally's (2019): The fast-food chain reported a point-of-sale malware attack affecting more than 100 locations. Regular audits, the use of password managers, enforcement of password complexity policies, and multi-factor authentication (MFA) can significantly reduce the attack surface." Subway U.K.

Industry

Industry Authentication Security Data

Google beefs up Play Store developer verification in response to scams

The Verge

JUNE 29, 2021

Google is working to enhance the integrity of the Play Store by adding new restrictions and safeguards to developer accounts. Developers will also be required to use two-step verification. To keep Google Play safe and secure and to better serve our developer community”. Google is introducing the new requirements in stages.

Google

Google Development Malware Authentication

New Alert: Russian Hackers Are Targeting COVID-19 Research

SecureWorld News

JULY 16, 2020

Throughout 2020, APT29 has targeted various organisations involved in COVID-19 vaccine development in Canada, the United States and the United Kingdom, highly likely with the intention of stealing information and intellectual property relating to the development and testing of COVID-19 vaccines.". What TTPs does APT29 use?

Research

Research Malware Pharmaceuticals Groups

Technology Short Take 176

Scott Lowe

MARCH 15, 2024

Think Linux doesn’t have malware? And here’s another example of malware that is targeting Linux (along with Windows). This would be why I hate it when companies force me to use SMS for two-factor authentication—at least let me use a one-time passcode or something. Rory McCune explains Kubernetes authentication.

Linux

Linux Vmware Load Balancer Malware

Zero Trust

Phil Windley

AUGUST 28, 2023

My new book Learning Digital Identity from O'Reilly Media covers many of the topics in this post such as multi-factor authentication, authorization and access control, and identity policy development in depth. User Authentication: Multi-Factor Authentication (MFA): Requiring users to provide multiple forms of verification (e.g.,

Authentication

Authentication Policies Applications Firewall

Top 10 Data Breaches of All Time

SecureWorld News

MARCH 24, 2022

Summary: This data breach was unique in the sense that there was not a breach in the company's servers, but an authentication error, meaning no authentication was required to view documents. They then gained access to a customer service database and uploaded malware to capture sensitive information. Who attacked: no attacker.

Data

Data Malware Government Adobe

How Deep Are We in these Fakes?

SecureWorld News

JULY 6, 2023

Trust your instincts: Develop a healthy skepticism and question the authenticity of online content, especially if it seems too good to be true. Understanding where the content came from can provide insights into its authenticity and help you make informed judgments.

Authentication

Authentication Video Malware Report

Bad Actor Using New Method to Avert Detection, Google Discovers

SecureWorld News

SEPTEMBER 25, 2021

Whether it is ransomware, other types of malware, or any number of cyberattacks, threat actors keep inventing new techniques to cause disruption. In a blog post, Neel Mehta, Information Security lead for Google, explains how a hacker has managed to break certificate code parsing to invade email inboxes and infect users with malware.

Google

Google Malware Analysis Windows

The 10 biggest cybersecurity trends to follow in 2025

Dataconomy

MARCH 4, 2025

Gartner estimates that by 2025, 75% of IoT security spending will focus on device management and identity authentication. Implementing strong authentication, regular firmware updates, and segmentation of IoT networks will be essential to reduce IoT vulnerabilities.

Trends

Trends Security Cloud Network

The Small Business Guide to Information Security

Galido

FEBRUARY 25, 2020

Have the Talent in House, or Develop it. This is why you should consider developing the skill set in the house, or gain the expertise yourself. Install Anti Malware Software and Prevent Phishing Attacks. Another important piece of software that you should install is anti-malware software. Better communication.

Small Business

Small Business Information Security Security Firewall

Chinese cyber espionage growing across all industry sectors

Are Your Firewalls and VPNs the Weakest Link in Your Security Stack?

Webinars

Trending Sources

DeepSeek and AI-Generated Malware Pose New Danger for Cybersecurity

Webinars

Chinese cyber espionage growing across all industry sectors

6 key mobile and IoT/OT attack trend findings

Mobile Malware Uses Deepfakes, Social Engineering to Bypass Biometric Authentication

Hottest selling product on the darknet: Hacked GenAI accounts

Don’t break the bank: Stopping ransomware from getting the best of your business

Document Security is More than Just Password-Protection

Don’t gamble with your identity verification practices

The hidden costs of your helpdesk

Protecting Customer Accounts: The Defining Domain of Digital CISOs

Bybit Hack: $1.46 Billion Crypto Heist Points to North Korea's Lazarus Group

Claim: DeepSeek AI can be hacked to generate malware

US Air Force seeks generative AI test pilots

Protecting Oil and Gas Industry Infrastructure: Strategies for Resilience

SquareX Discloses “Browser Syncjacking”, a New Attack Technique that Provides Full Browser and Device Control, Putting Millions at Risk

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

An expanded attack surface: The cybersecurity challenges of managing a hybrid workforce

Critical Actions Post Data Breach

How to manage cloud exploitation at the edge

Russian hackers are targeting vaccine development, officials say

Your Company’s Executives Are in the Crosshairs of Whaling. Are They Ready?

Google Accounts Compromised by Hackers Without the Need for Passwords

Buyer’s guide: Secure Access Service Edge (SASE) and Secure Service Edge (SSE)

BGP: What is border gateway protocol, and how does it work?

The Rise of Insider Threat Automation: When Employees Weaponize AI

Developing Your Business Email Compromise (BEC) Incident Response Plan

Over 100,000 ChatGPT Accounts Compromised by Cybercriminals

Apple responds to privacy concerns over Mac software security process

Security and Windows 10 Will Cross Paths for Enterprises

ClearFake reCAPTCHA scam infects 9,300 websites

Visa Security Alert: 12 Steps to Keep Card Skimmers Off Your Website

Insider Threat: A perspective on how to address the increasing risk

Recipe for Cybersecurity Success in the Restaurant Industry

Google beefs up Play Store developer verification in response to scams

New Alert: Russian Hackers Are Targeting COVID-19 Research

Technology Short Take 176

Zero Trust

Top 10 Data Breaches of All Time

How Deep Are We in these Fakes?

Bad Actor Using New Method to Avert Detection, Google Discovers

The 10 biggest cybersecurity trends to follow in 2025

The Small Business Guide to Information Security

Stay Connected