CSO » Endpoint Protection
82 FOLLOWERS
CSO offers the latest information and best practices on business continuity and data protection, best practices for the prevention of social engineering scams, malware, and breaches, and tips and advice about security careers and
CSO » Endpoint Protection
11M ago
Bitdefender has uncovered a hidden malware campaign living undetected on mobile devices worldwide for more than six months. The campaign is designed to push adware to Android devices with the purpose of driving revenue.
“However, the threat actors involved can easily switch tactics to redirect users to other types of malware, such as banking trojans to steal credentials and financial information or ransomware,” Bitdefender said in a blog.
To read this article in full, please click here ..read more
CSO » Endpoint Protection
11M ago
A screen recorder app with over 50,000 downloads on Google Play Store was found to be discreetly recording audio using the device’s microphone and stealing files, suggesting it might be part of an espionage campaign, according to researchers at ESET.
iRecorder was a legitimate app made available in September 2021 and a remote access trojan (RAT) AhRat was most likely added to it in 2022. The app is currently unavailable on the app store.
To read this article in full, please click here ..read more
CSO » Endpoint Protection
11M ago
What enforces your security boundary today? What will enforce it in the next few years? For many years, Microsoft Active Directory has been the backbone and foundation of network authentication, identity, and connection. But for many organizations moving to cloud applications or having a mixture of operating systems, the need for cloud-based network management is on the rise.
Some firms are merely adding synchronization between on-premise networks and cloud environments and calling it a day. But too often user habits that were acceptable in a traditional domain are no longer acceptable in a cl ..read more
CSO » Endpoint Protection
11M ago
Cybercrime gang Lemon Group has managed to get malware known as Guerrilla preinstalled on about 8.9 million Android-based smartphones, watches, TVs, and TV boxes globally, according to Trend Micro.
The Guerilla malware can load additional payloads, intercept one-time passwords (OTPs) from SMS texts, set up a reverse proxy from the infected device, and infiltrate WhatsApp sessions.
"The infection turns these devices into mobile proxies, tools for stealing and selling SMS messages, social media and online messaging accounts and monetization via advertisements and click fraud," Trend ..read more
CSO » Endpoint Protection
1y ago
Endpoint security vendor Malwarebytes has announced the release of Mobile Security for OneView to enable managed service providers (MSPs) to protect Chromebooks, Android, and iOS devices against mobile threats such as ransomware and malicious apps. MSPs can now use the Malwarebytes OneView platform to monitor their customers’ mobile phones and tablets alongside their servers, workstations, and laptops, the firm said. They can prevent accidental access to harmful websites, safeguard against malicious apps, block unwanted in-app ads, and enable a secure mobile experience for their customers, acc ..read more
CSO » Endpoint Protection
1y ago
Google has released an emergency Chrome security update to address a zero-day vulnerability targeted by an exploit, already in circulation on the internet, that can allow malicious code to be executed.
Google is urging users to upgrade Chrome to the new version, 112.0.5615.121, as soon as possible. The updated version addresses the vulnerability, which affects Windows, Mac, and Linux systems, and is listed as CVE-2023-2033 in the US' National Vulnerability Database.
Meanwhile, the update will roll out in the coming weeks on Google's stable desktop channel, the company said.
To read this articl ..read more
CSO » Endpoint Protection
1y ago
Microsoft patched over 100 vulnerabilities this week in its products, including a zero-day privilege escalation flaw used in the wild by a ransomware gang. However, another critical vulnerability that can be easily exploited to take over Windows systems remotely over local networks and the internet is likely to be of more interest to attackers and see widespread exploitation in the future.
Dubbed QueueJumper and tracked as CVE-2023-21554, the flaw was discovered by researchers from security firm Check Point Software Technologies and is rated 9.8 out of 10 on the CVSS severity scale. Microsoft ..read more
CSO » Endpoint Protection
1y ago
Several commercial spyware vendors developed and used zero-day exploits against iOS and Android users last year. However, their exploit chains also relied on known vulnerabilities to work, highlighting the importance of both users and device manufacturers to speed up the adoption of security patches.
"The zero-day exploits were used alongside n-day exploits and took advantage of the large time gap between the fix release and when it was fully deployed on end-user devices," researchers with Google's Threat Analysis Group (TAG) said in a report detailing the attack campaigns. "Our findings under ..read more
CSO » Endpoint Protection
1y ago
The transportation industry has doubled down in the area of fleet tracking in recent years, which has come with great benefits and not a few security headaches. On the consumer side, we’ve spoken of Apple’s AirTag and how it has been used to find personal items of import — and also its potential to be abused by the nefarious to track and trace individuals. Now we see that Google is jumping into the fray, with the soon-to-be-released tracking device in development apparently codenamed “Grogu” (after the Baby Yoda character in the “Star Wars” spinoff “The Mandalorian”). The astute cybersecurity ..read more
CSO » Endpoint Protection
1y ago
Intune Suite will streamline endpoint management with added features for controlled and secure access ..read more