Cyber Security

Around 62 per cent of these organisations say that the security incidents have impacted their business operations. This was revealed in the latest edition of Cisco's annual study, 'SSecurity Outcomes Report'ecurity Outcomes Report' launched on Wednesday in Melbourne.Titled, 'Security Outcomes Report, Volume 3: Achieving Security Resilience', the study identifies the top seven success factors that boost enterprise security resilience, with a particular focus on the cultural, environmental, and solution-based factors that businesses leverage to achieve security.

The company detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo. "We immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement," Toubba said in a statement late on Wednesday.

According to SamMobile, using the name of your smartphone/TV/home appliance brand, for example, Samsung, as a password is not the worst offender, but it has grown in popularity in recent years. While the "samsung" password ranked 198th in popularity in 2019, it rose to 189th in 2020 and 78th in 2021, breaking the top-100 mark last year. The most popular password is "password," while other commonly used passwords include "123456," "123456789," and "guest", according to the report.

This may be the first time a senior company executive faced criminal prosecution over a hack. According to the Washington Post, Sullivan was convicted of federal charges "stemming from payments he quietly authorised to hackers who breached the ride-hailing company in 2016".

In an advisory, CERT-In, under the IT Ministry, described two remote code execution vulnerabilities in Meta-owned WhatsApp in both Android and iOS versions. The first vulnerability exists in WhatsApp due to integer overflow. "A remote attacker could exploit this vulnerability to execute remote code in an established video call," warned the cyber agency.

"The adversary, going under the monikers of LeakBase, Chucky, Chuckies, and Sqlrip on underground forums has shared a database containing Personal Identifiable Information (PII) such as email addresses, hashed passwords, User IDs etc, that allegedly affects 16 million users of the swachh city platform," the researchers noted.

Nearly 82 per cent of them estimated their organisation lost up to 10 per cent of revenue from security breaches in the last 12 months. Only 6 per cent of Indian organisations are working with a fully integrated security model, with another 12 per cent in the process of changing their siloed set-up, according to research by cyber-security firm Trellix.

"TA423/Red Ladon is a China-based, espionage-motivated threat actor that has been active since 2013, targeting a variety of organisations in response to political events in the Asia-Pacific region, with a focus on the South China Sea," the company said in a blog post. China has always denied that its hacking groups target foreign companies.

The multiple vulnerabilities could allow a remote attacker to execute arbitrary code and Security restriction bypass on the targeted system, according to an advisory by CERT-In, that comes under IT Ministry. "These vulnerabilities exist in Google Chrome due to use after free in FedCM, SwiftShader, ANGLE, Blink, Sign-In Flow, Chrome OS Shell; Heap buffer overflow in Downloads, Insufficient validation of untrusted input in Intents, Insufficient policy enforcement in Cookies and Inappropriate implementation in Extensions API," the cyber agency said.

Kaspersky researchers analysed what risks innocent-looking browser extensions pose to users and the activities of cybercriminals hiding threats under add-ons. Mimicking popular apps such as Google Translator or extensions with useful functionality like PDF Converter or Video Downloader, threats in browser extensions can insert advertisements, collect data about users' browsing histories and even search for login credentials.