14 December 2023
■ EU's Proposed eIDAS 2.0 Raises Security Concerns
The eIDAS 2.0 bill in the European Union poses a threat to online security and privacy by potentially revoking web browsers' ability to independently validate the trustworthiness of certificate authorities, impacting online security advancements.
■ Scammers Employ Google Forms in BazarCall Attacks
A new variant of the BazarCall attack involves scammers using Google Forms in phishing campaigns, impersonating well-known brands via payment notifications or subscription confirmations to deceive victims.
■ Supply Chain Attack on Ledger dApp Steals $600K in Cryptocurrency
A supply chain attack on the 'Ledger dApp Connect Kit' resulted in the theft of $600,000 in crypto and NFTs. Ledger advised against using web3 dApps following this incident.
■ Microsoft Seizes Domains Linked to Fraudulent Outlook Account Sales
Microsoft's Digital Crimes Unit took down domains associated with a Vietnamese cybercrime group, Storm-1152, selling over 750 million fraudulent Outlook accounts, thwarting a major fraudulent account trade.
■ Sophisticated KV-Botnet Linked to Chinese State-Sponsored APT Group
The Chinese state-sponsored APT group known as Volt Typhoon (Bronze Silhouette) is attributed to a sophisticated botnet named 'KV-botnet,' used since 2022 to compromise SOHO routers in high-value targets.
■ Google Uses Clang Sanitizers to Secure Android Cellular Baseband
Google implements Clang sanitizers like IntSan and BoundSan to enhance Android's cellular baseband security, detecting and preventing vulnerabilities during program execution.
■ Sony's Insomniac Games Investigates Potential Ransomware Attack
Sony's subsidiary, Insomniac Games, is investigating a potential ransomware attack by the Rhysida gang, marking a concerning development amid previous attacks on government institutions and healthcare organizations.
■ Swiss District Court Targeted in Cyber Attack
Following a previous ransomware attack on Zollikofen's municipal administration, a district court in Switzerland fell victim to a cyberattack, emphasizing the increasing threat posed by ransomware attacks on Swiss organizations.