Subterms
Image: Getty Images Microsoft has warned that fraudulent Microsoft Partner Network (MPN) accounts were used in a phishing campaign that featured bogus apps that tricked victims into granting them permissions to access their email accounts. The attackers used the fraudulent MPN accounts to register fake versions of legitimate-sounding apps, such as “Single Sign On (SSO)” […] More
Getty Images/Westend61 Organizations feel they are vulnerable to multi-tiered cyber attacks that can impact the entire software stack, as they face more challenges with a widening attack surface. As it is, 92% acknowledge making compromises in application security due to the urgency to innovate and respond to changing customer needs during the global pandemic. Also: […] More
Singapore now can issue directives for social media platforms to block local access to what it deems as “egregious” content. The new regulation also allows access to such sites to be cut, if the operators refuse to comply with the directive. Effective from February 1, the Online Safety (Miscellaneous Amendments) Act enables industry regulator Infocomm Media Development Authority (IMDA) to direct “online communication services” to disable local access to harmful content. This includes, amongst others, content advocating or instructing on physical violence and terrorism, as well as content that pose public health risks in Singapore, said the Ministry of Communications and Information (MCI). First mooted in parliament last October and passed the following month, the Act introduces a section to the Broadcasting Act that allows for the regulation of online communication services. For now, only social media services are specified and subject to the provisions outlined in the new section. If issued with directives to disable access, social media platforms are expected to do so by blocking the “flow of content” from a specific source, such as an account, group, or channel, that is feeding the egregious content to their site. Operators of online communication services that have been issued such directives must comply or face possible fines. They also risk having access to their services blocked locally, as the law allows for IMDA to direct internet service providers to block access in the event of non-compliance. IMDA also can identify online communication services with “significant reach or impact” as platforms that fall under the regulated section. They then must comply with codes of practices that may require them to implement systems and processes to “mitigate the risks of danger” to online users in Singapore from exposure to harmful content. IMDA has drafted a Code of Practice for Online Safety for social media platforms, which is expected to be implemented in the second half of the year. It includes the need to provide users with access to tools that enable them to manage their own safety as well as minimise their exposure to unwanted interactions on the social media platform. The Code points to tools that restrict visibility of harmful or unwanted content and that limit visibility of the user’s account. Under the proposed Code, online communication services providers face a maximum fine of SG$1 million for non-compliance. When the Online Safety Act was mooted in parliament last October, questions were raised on what constituted to “egregious” content and the law’s impact on user privacy and freedom of expression. Communications and Information Minister Josephine Teo then noted that in cases where the content might be tougher to define clearly, IMDA would assess the context. While acknowledging that there were “legitimate privacy concerns”, Teo said the proposed code of practices would provide users a recourse such as user reporting mechanisms.RELATED COVERAGE More
Image: Getty / John Fedele Hackers are going to great lengths, including mimicking real people and creating and updating fake social media profiles, to trick victims into clicking phishing links and handing over usernames and passwords. The alert from the UK’s National Cyber Security Centre (NCSC) — the cybersecurity arm of intelligence service GCHQ — […] More
Features: Content streaming | 94 countries | Kill switch | Over 3000 servers | No-logs policy | Password managerExpressVPN is a widely-used and popular VPN. While expensive, the service is best suited for individuals who want to adopt a reliable VPN that can be used both at home and abroad. Advanced features include content streaming and torrenting availability, split tunneling, and a threat manager designed to stop tracking. You can connect up to five devices simultaneously. A router app is also available if you want to install the VPN directly and open up access to every device in your household. ExpressVPN has adopted the same stance as many other VPN providers and does not offer a standalone trial. Instead, you can sign up for a short-term service — either one month, six months, or a year — and then cancel within 30 days to take advantage of a money-back guarantee. However, if you’re willing to pass on your details, you receive 30 days of use with no restrictions in place when it comes to functionality, speed, and server connections. There is also 24/7 chat support if you have queries or trouble setting up the VPN. Read the review: ExpressVPN review: A fine VPN service, but is it worth the price? More
Image: Getty Images Microsoft is telling customers to apply its latest updates to shield Exchange Server from hackers that keep targeting the platform to access corporate mailboxes and nab company address books for phishing. “Attackers looking to exploit unpatched Exchange servers are not going to go away,” Microsoft’s Exchange team warns in an update. “We […] More
Organisations in Australia, the US, and Singapore are amongst the top most likely to put a halt on their digital transformation initiatives due to cyberwarfare threats. Their counterparts in Japan are the least likely to pay in the event of a ransomware attack, joining government organisations as the sector least likely to do so as well. The Russia-Ukraine war has intensified the cyber threat landscape and impacted corporate decisions, with 55% of global organisations revealing they have stalled digital transformation projects due to cyberwarfare risks, according to findings from Armis’ State of Cyberwarfare and Trends report. The security vendor polled 6,021 IT and security professionals across 14 markets, including 501 respondents each in Singapore and Japan, and 511 in Australia. At 79%, Australian companies were the most likely to halt their digital transformation initiatives over cyberwarfare threats, followed by the US at 67%, Singapore at 63%, the UK at 57%, and Denmark at 56%. Some 40% of respondents in Australia saw more threat activities on their networks between May and October last year, compared to the previous six months, with 57% confirming their organisation had experienced a cybersecurity breach. “Many Australians have felt the effects of cyberwarfare first-hand through the ongoing fallout from the Optus and Medibank breaches,” said Armis’ ANZ partner business manager Evan Thomas. “Threat levels are increasing across the region and Australia is no exception, with resources that should be going into building businesses being diverted to tackle this situation instead.”Describing cyberwarfare as “the future of terrorism on steroids”, Armis’ CTO and co-founder Nadir Izrael said it provided a cost-effective and asymmetric method of attack, and businesses had to be constantly vigilant and invest resources to defend against such threats. “Clandestine cyberwarfare is rapidly becoming a thing of the past. We now see brazen cyberattacks by nation-states, often with the intent to gather intelligence, disrupt operations, or outright destroy data,” Izrael said. In Singapore, 60% of respondents admitted to experiencing a cybersecurity breach, while 36% saw more threat activities on their networks between May and October last year, compared to the previous six months. Organisations in healthcare and telecommunications saw the highest increase.Over in Japan, 44% said they had experienced a cybersecurity breach. Faced with a ransomware attack, though, Japanese organiastions were the least likely to fork out for the ransom, with 7% saying they would. In comparison, 47% in the US said their company’s policy was to always pay the ransom, according to the Armis report. Across the board, 31% of respondents from organisations with more than 500 employees said their policy was to never pay in the event of a ransomware attack, compared to 23% of their peers from companies with between 100 and 249 employees. Respondents from government organisations were the least likely amongst all sectors to pay in the event of a ransomware attack, with 43% noting their company’s policy was to never pay, compared to the global average of 26%. And while 31% globally said their organisation would only pay when customer data was at risk, 24% said their policy was to always pay the ransom. RELATED COVERAGE More
By Dzelat — Shutterstock After a months-long covert operation, the US Justice Department (DOJ) and its international partners have taken down an international ransomware network known as Hive, the agency announced Thursday. Since 2021, the Hive ransomware group has targeted more than 1,500 victims around the world, securing more than $100 million in ransom payments […] More
