Tag Archive for: report

Android 15 Could Offer a Boost to Two-Factor Authentication Security to Keep User Data Safe: Report

/in


Android 15 is still under development, but on Friday, February 16, Google released the first Developer Preview of the upcoming operating system. The tech giant said that the new Android software will largely focus on security, and a new report claims to have found three new ways it will make your smartphone and your sensitive data more secure. According to it, Android 15 will be able to better protect the notifications that arise from two-factor authentications (2FA) so that a malicious app or malware cannot access it to steal user data.

According to a report by Android Authority’s Mishaal Rahman, Android 15 will be implementing new ways to cover the gaps left behind by its predecessors. Currently, most two-factor authentication methods for social media profiles, emails, and banking apps use SMS to send a one-time password (OTP). However, there is a risk if a malicious third-party app can read this notification and use it to hack into sensitive data or get into your banking apps and steal money.

To reduce the risk, Google has already begun placing strings of codes in the current edition of the OS. The report found a line of code in the Android 14 QPR3 Beta 1 update that mentions a new permission named RECEIVE_SENSITIVE_NOTIFICATIONS. This permission comes with a higher protection level and can only be given to apps that Google personally verifies. The exact role of this permission is not known but given its naming, it appears to deal with a special category of notifications that will not be accessible for third-party apps to read.

The report highlights that it is likely aimed at 2FA-related notifications. The belief comes from a separate string of code found by Rahman, which points to an under-development platform feature, to which the permission is tied. The feature is named NotificationListenerService and it is an API that lets apps read or take action on notifications. A general use case would be how many apps ask for access to notifications to auto-fill OTP when creating a new account. However, once this API becomes active (it isn’t in the Android 14 build), this will get more difficult.

This API will require the user to enter Settings and then manually grant permission to apps…

Source…

Ransomware attack knocks 20 Romanian hospitals offline: Report

/in


A ransomware attack on Hipocrate Information System (HIS), used by hospitals to manage medical activity and patient data knocked, impacted at least 21 hospitals in Romania forcing them offline.

The attack launched over the weekend targeted the production servers running HIS information system, resulting in the system’s database being encrypted.

The incident, currently under investigation, impacted various hospitals across Romania, including regional and cancer treatment centers, a report from the Bleeping Computer said.

There is no information on what ransomware operation targeted the hospitals’ system or if the patient’s personal or medical data was stolen. Romania’s National Cyber Security Directorate (DNSC) is currently investigating the cyber incident.

(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)

Technological advancements in the healthcare industry like remote health monitoring, electronic health records and the Internet of Thins (IoT) has provided cybercriminals with more opportunities to attack the sector.

Also Read | How safe is our personal health data with the Indian government? 

Attacks on the healthcare sector have also impacted India, with the country registered the second highest number of attacks on the sector in 2022.

Attacks on hospitals could lead to sensitive data being exposed to threat actors. This data can then be used to perform digital identity theft, online banking thefts, tax frauds and other financial crimes.

This is a Premium article available exclusively to our subscribers. To read 250+ such premium articles every
month

You have exhausted your free article limit.
Please support quality journalism.

You have exhausted your free article limit.
Please support quality journalism.

This is your last free article.

Source…

Ransomware payments hit $1bn in 2023 as cybercrime grows — Report

/in


Ransomware actors got over $1billion in extorted cryptocurrency payments from victims in 2023.

These actors, who targeted high-profile institutions and critical infrastructure, including hospitals, schools, and government agencies, exploited file transfer software MOVEit for their operations, a report from Chainalysis revealed.

In a snippet of its anticipated, ‘2024 Crypto Crime Report,’ the blockchain firm disclosed that firms like BBC and British Airways were victims of attacks in the year.

Last year’s developments highlighted the evolving nature of cyber threats and their increasing impact on global institutions and security at large. The payments in 2023 have been the highest ever recorded, and according to the firm, it still does not capture the economic impact of productivity loss and repair costs associated with attacks.

The blockchain firm noted that the ransomware landscape is not only prolific but continually expanding, making it challenging to monitor every incident or trace all ransom payments made in cryptocurrencies. “It is important to recognise that our figures are conservative estimates, likely to increase as new ransomware addresses are discovered over time.

“For instance, our initial reporting for 2022 in last year’s crime report showed $457million in ransoms, but this figure has since been revised upward by 24.1 percent,” the firm said.

Ransomware is a type of malicious software that encrypts data, making it inaccessible to the owner. It is when someone else takes files hostage and demands a ransom payment in exchange for unlocking them.

Chainalysis explained that ransomware attacks are carried out by a variety of actors, from large syndicates to smaller groups and individuals, with the numbers on the rise. Allan Liska, Threat Intelligence Analyst at cybersecurity firm, Recorded Future, said. “A major thing we are seeing is the astronomical growth in the number of threat actors carrying out ransomware attacks.”

While threat actors might have had a field day in 2023, the fight against ransomware with collaboration between international law enforcement, affected organisations, cybersecurity firms, and blockchain intelligence also recorded…

Source…

Record-breaking year for global ransomware incidents- new report

/in




Record-breaking year for global ransomware incidents- new report | Insurance Business Canada















Activity greatly surpassed the total seen in the prior year

Record-breaking year for global ransomware incidents- new report


Cyber

By
Abigail Adriatico

Ransomware activity for 2023 had surpassed the total number recorded in 2022 by 68%, according to a report by Corvus Insurance (Corvus), a cyber underwriter.

Corvus’ Q4 2023 Ransomware Report found that ransomware attacks occurred at a record-setting pace during 2023. It revealed that for the first three quarters of the year, ransomware attacks had been increasing, only slightly declining by the last quarter.

Source…