Cybercrime News
6 Urgent Steps Companies Need to Take to Ensure POPIA Compliance
Sourced from Europa EU. The eleventh hour is upon businesses who are not POPIA (Protection of Personal Information Act) compliant. The effective date of 1 July is upon us. Your business should have already started its compliance journey, as it will at least help lessen the risk of cybersecurity breaches. Securing your data will help your business be in good standing with local and international partners. This will also enhance the reputation of your business and exempt you from fines and non-compliance. Here are six steps your business can take before 01 July to be POPIA compliant: 1. Encrypt Everything One of the major requirements under POPIA is to ensure that you apply Generally Accepted Information Security Protocols. While these requirements are not the same for all organisations, som...
Kaspersky Discovers Various Malicious Apps Disguising as Bestselling Game Minecraft
Sourced from Stuff. Recognised as the world’s top-selling game of all time, Minecraft attracts the attention of enthusiastic players around the world but also draws the interest of fraudsters. Earlier, Kaspersky researchers discovered more than 20 applications advertised on app stores offering additional Minecraft features. Though these malicious apps were deleted from official stores, Kaspersky experts have found newly developed ones, which exploit the game to further fraudster’s objectives. Malware on Google Play Store Kaspersky researchers analysed various apps, including those which are available for download on the Google Play store and claimed to be modpacks (user-created packages with additional gameplay elements) for the game. As a result, the company’s experts found various malici...
Vulnerabilities in Windows and Chrome Used in Series of Highly Targetted Attacks
In April, Kaspersky experts discovered a number of highly targeted attacks against multiple companies utilising a previously undiscovered chain of Google Chrome and Microsoft Windows zero-day exploits. One of the exploits was used for remote code execution in the Chrome web browser, while the other was an elevation of privilege exploit fine-tuned to target the latest and most prominent builds of Windows 10. The latter exploits two vulnerabilities in the Microsoft Windows OS kernel: Information Disclosure vulnerability CVE-2021-31955 and Elevation of Privilege vulnerability CVE-2021-31956. Microsoft has patched both today as part of Patch Tuesday. Zero-Day Attacks Recent months have seen a wave of advanced threat activity exploiting zero-days on the internet. In mid-April, Kaspersky experts...
Confidential Computing – Why Privacy Should be the Heart of Digital Experiences
Image sourced from Intel. In this past year, the consumer experience came to the forefront. As we faced various stages of lockdowns, we turned to online banking, seeing our doctors remotely, running our businesses using technology and socialising through a screen. Digital interactions became a part of our lives – ever-present and normalised as we navigated changes swept in by this pandemic. As our digital interaction became seamless and permeated through every aspect of our lives, privacy continued to be top of mind. We carried out our lives predominantly online – making many of us more vulnerable to fraudsters. As we navigated living our lives digitally, data theft dominated 2020 as the most common attack in the Middle East and Africa. Across the region, data theft and leaks accounted for...
Mobile Authentication Can Be the Key to Negating Cybercrime in East Africa
Image sourced from BICS. The rapid pace of digital transformation in East Africa has had a significant impact on not only how people live their lives, but also on how communication and commerce are conducted, allowing the modern customer to do everything – immediately. This has also had the unintended consequence of altering the way we are targeted by fraudsters and cybercriminals, notably changing the nature of cyber threats and attacks that we face in a mobile-first digital world. The Price of Cybercrime According to an Accenture report published in 2019, the total value at risk of cybercrime over the next five years is an estimated $5.2 trillion. The average cyberattack costs $13 million, according to the same report, with phishing, social engineering and stolen device crime making up $...
4 Security Loopholes Have Been Found in Microsoft Office Apps Including Excel, Word
Sourced from Wikimedia Check Point Research (CPR) urges Windows users to update their software, after discovering four security vulnerabilities that affect products in the Microsoft Office suite, including Excel and Office online. The loopholes were found in sections of legacy code, the vulnerabilities could have granted an attacker the ability to execute code on targets via malicious Office documents, such as Word, Excel and Outlook. Malicious code could have been delivered via Word documents (.DOCX) , Outlook Email (.EML) and most office file formats. Vulnerabilities are the result of parsing mistakes made in legacy code, leading CPR to believe security flaws have existed for years CPR responsibly disclosed to Microsoft, who then issued fixes: CVE-2021-31174, CVE-2021-31178, CVE-2021-311...
What is POPIA and What Does it Mean for Cybersecurity
With an inundation of information from all angles regarding The Protection of Personal Information Act (POPIA), and the 1 July commencement date quickly approaching, organisations could be forgiven for feeling more than a little overwhelmed. Emmanuel Tzingakis, Technical Lead for Trend Micro Sub-Saharan Africa, contemplates how POPIA can assist organisations to secure their data and be better enabled to handle any potential cyber threats. What is POPIA? With personal information becoming a hot commodity on the dark web it is critical to understand exactly how to protect data from cybercriminals. A recent global survey revealed that 79% of organisations experienced disruptions, financial loss or other setbacks due to a lack of cyber preparedness in 2020. As work from home strateg...
Digital Transactions Fraud Rise 187% in South Africa
As more consumers go online for banking and other financial transactions, new research from TransUnion, an American consumer credit reporting agency, has found that fraudsters are ramping up their efforts in the financial services industry. When comparing the last four months of 2020 (September 1 – December 31) and the first four months of 2021 (January 1 – May 1), the company found the percentage of suspected digital fraud attempts coming from South Africa in financial services increased by 187%. Globally, the rate of financial services fraud attempts increased by 149%. Across industries, the rate of suspected digital fraud attempts globally rose 24% when comparing the first four months of 2021 with the last four months of 2020. In South Africa, the overall percentage of fraud attempts in...
Google Launches Website to Help People Avoid Online Scams
Sourced from Google. Ever opened your emails and received a poorly-worded message about a payment that you weren’t expecting? What about one proclaiming that you’ve won a competition you never entered. “Congratulations!” it reads, beneath, a sinister attachment that you probably should not open. This is becoming more and more common, and now Google has unveiled a website to teach people how to spot and avoid online scams. Digital hoaxes, malware and cyberattacks have been surging during the ongoing coronavirus pandemic. The website – Scamspotter.org – tries to show users how to identify things such as false stimulus checks, fake vaccine offers, or other fake medical information. The site also attempts to make clear certain patterns that are typical of hoaxes, like a romance scammer asking ...
One-in-Three Ransomware Attacks Target Corporate Users
Sourced from Kaspersky On May 12, 2017, the largest ransomware epidemic in history, WannaCry, reached its peak. Three years later, this and other ransomware threats are still affecting people and companies. Recent Kaspersky research has revealed that in 2019, WannaCry kept its position at the top of the most prevalent ransomware families, while almost a third (30%) of those targeted by ransomware were corporate users. On 12 May 2020, Kaspersky and INTERPOL continue to urge organisations to think about backing up their data and adopting relevant protection so that they could avoid any potential ransomware siege and a catastrophe similar to WannaCry doesn’t happen again. Ransomware has become a big challenge for many organisations. Even though this is not the most advanced threat from a tech...
