Subterms
Imagw: Black_Kira/Shutterstock Google Chrome extensions are meant to make your life easier. With Chrome browser extensions that help you get discounts, correct your grammar, take screenshots, and watch shows with friends, downloading an extension can be very tempting. However, malicious extensions are mimicking the appearance of popular ones to put your privacy at risk. Malicious […] More
Image: Getty/NoSystem Defending against ransomware attacks and other cyber threats takes more than just setting up detection measures to identify potential malicious activity. Cybersecurity teams need to ensure that the network is made unattractive to cyber criminals by making it difficult to break into in the first place. Ransomware is a major cybersecurity problem facing […] More
VMware should actively work to assure customers in Asia-Pacific that the Broadcom merger will not follow in the footsteps of previous acquisitions with CA Technologies and Symantec. And while the integration of key assets from the three companies can potentially create a viable multi-cloud player, it remains to be seen if Broadcom can succeed in doing so. Broadcom in May said it was seeking to purchase an 88% stake in VMware for $61 billion, prompting concerns over what that might mean for the latter’s brand. Following the announcement, Forrester analysts said VMware customers should be anxious if Broadcom applied the same treatment it did with its CA and Symantec acquisitions. Customers of the two vendors saw price hikes, dipping support, and stalled development. Forrester added that Symantec shifted its focus to its biggest customers and resellers, prioritising the top 2,000 of its clientele of 100,000. Existing and new customers would want to monitor VMware’s actions, which would serve as early indications of any potential shift in how the vendor engaged with its clientele, Simon Piff, IDC’s Asia-Pacific vice president told ZDNet. He said the acquisition should prompt questions about whether VMware would continue with its current customer path in Asia-Pacific for now as well as in the future, or whether it would result in similar consequences with the CA and Symantec acquisitions. VMware would need to be vocal and active with its customers in the region to assure them that what happened with the two previous acquisitions would not occur again, Piff said.”Broadcom may not have planned for the apparent evaporation of CA and Symantec in Asia-Pacific, but it happened. If they want to assure customers this won’t happen, they need to be vocal and seen to be doing the right things. Any slip-up here and they will spend a lot of cycles recovering, which will not be good for anyone,” the IDC analyst said. While Broadcom or VMware had yet to offer a clearly defined organisation from the impending merger, Piff noted that a combination of critical assets from VMware, Symantec, and CA would create a compelling partner for organisations looking to manage their multi-cloud environments. The merged entity could help accelerate the “effective, secure, and more easily managed adoption” of multi-cloud, he added. Whether Broadcom would be able to do so, though, remained to be seen, he said. During a media Q&A at VMware’s Explore conference Tuesday in San Francisco, ZDNet asked the vendor’s CEO Raghu Raghuram if he saw potential for both CA and Symantec’s technologies to be integrated with VMware’s portfolio and drive the latter’s pitch as the market player to help companies manage their multi-cloud deployment. Raghuram declined to comment, saying that the vendor could not discuss activities related to the impending acquisition that still were under consideration, including product integration and synergies. At the conference, where Broadcom CEO Hock E. Tan was amongst the attendees, Raghuram said VMware currently was helping its future parent understand the “depth and breadth” of its products and business. He added that the company was in its next major transition and “on track” to close the acquisition by the end of Broadcom’s fiscal 2023, which spanned November 2022 to October next year. For now, he said, VMware continued to operate as a standalone company. Adding that details about the merger would be revealed once the acquisition was finalised, Raghuram said the overall message from the union was that its partners would see greater and broader opportunities to support customers of both companies. Until then, VMware will need to work on a “clear and solid” go-to-market strategy.This should encompass its business and financial structures, product and development roadmap, and partner ecosystem, said Charlie Dai, Forrester’s vice president and research director, who leads the team in China. This should serve to demonstrate the vendor’s continued commitment along the journey, he told ZDNet. Based in Singapore, Eileen Yu reported for ZDNet from VMware Explore 2022 in San Francisco, USA, on the invitation of VMware.RELATED COVERAGE More
Shutterstock Google on Tuesday announced it’s launching a new bug bounty program that focuses specifically on open source software. Bug hunters can earn anywhere from $100 to upwards of $31,000 via the new Open Source Software Vulnerability Rewards Program (OSS VRP), depending on the severity of the vulnerability they find. The new program tackles a […] More
“There ain’t no such thing as a free lunch.” That phrase has actually been around since the days of Old West saloons. If you bought a drink, the saloon would provide you with a free lunch. There was a catch, of course. The lunches were so salty that patrons wound up buying more and more drinks, to slake their thirst. ZDNET Recommends If you think you’re getting something for free, there’s always a catch. This also applies to VPN services. But instead of paying for a few extra drinks, free VPN services could end up putting your personal privacy at risk. At the very least, free VPNs often have such strong limitations that even when they are offered by a reputable company, they aren’t very useful. A good rule of thumb is to be wary of any free service and only consider free VPNs offered by companies with strong privacy policies and a good track record. A VPN provider may offer a limited version of its service for free as a way to generate business for its paid product. In a pinch, this type of free VPN could be useful for a one-off trip, but you’re not going to have access to many features and free VPNs typically aren’t good for heavy-duty use, such as file sharing or streaming. More
Image: Getty Images/Oscar Wong After a run of thefts from Decentralized Finance (DeFI) platforms, the Federal Bureau of Investigations (FBI) has warned that criminals are increasingly exploiting bugs in these platforms to steal investors’ cryptocurrency. The FBI has issued a warning to investors who pour money into DeFI platforms that they could be exposing themselves […] More
Image: Getty/iStockphoto Crypto-mining malware is being hidden in fake versions of popular software distributed via free download sites and is avoiding detection by waiting for a month before it runs in a campaign that has infected Windows PCs around the world. Dubbed Nitrokod, the malware campaign has been active since at least 2019 and has […] More
Ransomware and phishing attacks continue to climb in Singapore, hitting small and midsize businesses (SMBs) and social media platforms. Cybercriminals also are expected to turn their attention to Internet of Things (IoT) devices and crypto-based transactions, leveraging the lack of security safeguards on these platforms. Some 55,000 local-hosted phishing URLs were identified last year, up 17% from 2020, with social media companies accounting for more than half of spoofed targets. This might have been due to threat actors looking to exploit public interest in WhatsApp’s announcement to update its privacy policy, said Singapore’s Cyber Security Agency (CSA) on Monday, when it released its Singapore Cyber Landscape 2021 report. Social networking sites were the most commonly spoofed sector, followed by financial services and the online and cloud services sector. WhatsApp, Facebook, Lloyds, Chase Bank, and Microsoft were the most commonly spoofed brands, according to CSA. The government agency noted that scammers also spoofed government websites in late-2021, amidst heightened interest in the Omicron subvariant outbreak here. The number of ransomware cases reported to CSA totalled 137 last year, up 54% from 2020, with SMBs from sectors such as manufacturing and IT mostly falling victims to such attacks. These industries typically operated 24 by 7, leaving little time for organisations to patch their systems and potentially enabling ransomware groups to exploit vulnerabilities, CSA said. It noted that ransomware groups targeting SMBs in Singapore tapped the ransomware-as-a-service model, which made it easier for amateur hackers to use existing infrastructure to push out ransomware payloads. CSA also identified 3,300 malicious command and control (C&C) servers hosted in Singapore last year, more than triple the number in 2020 and the largest figure registered since 2017. The significant climb was attributed to the number of servers distributing Cobalt Strike malware, accounting for almost 30% of all C&C servers. Some 4,800 botnet drones with Singapore IP addresses were identified last year, a 27% dip from the daily average of 6,600 in 2020. There were no dominant malware variants amongst compromised devices, which CSA said could be due to threat actors moving away from older strains to explore new infection methods, as organisations cleaned up infected systems. Cybercrimes in Singapore continued on their upward climb, with 22,219 such cases recorded last year, up 38% from 2020. Online scams accounted for 81% of cybercrime cases, comprising cheating incidents that involved e-commerce or during which victims were approached through the internet.In its report, CSA also outlined key developments that should be closely monitored, warning that critical IoT devices, for instance, could be targeted in ransomware attacks. “Cybercriminals are recognising that they can inflict significant damage to organisations by infecting critical IoT devices, such as internet-connected uninterruptible power supply (UPS) units, leading to significant downtime costs,” it said. “IoT devices often lack critical cybersecurity protection [and] employees have been known to connect their personal IoT devices to the organisation’s networks without the knowledge of security teams.””Should organisations in critical, time-sensitive industries such as healthcare, be infected with ransomware, there could be serious, life-threatening consequences.”The Singapore government agency further cautioned that crypto-based scams were increasing, fuelled largely by the use of decentralised finance (DeFi) and peer-to-peer financial platforms, which bypassed the need for intermediaries. The borderless accessibility of DeFi’s open platforms as well as anonymity features also made it challenging to track illicit activities and enforce Singapore’s regulations across borders, CSA said. This further enabled cybercriminals to launch crypto-based scams. It also noted that decreased global reliance on Western technology–due to increasing geopolitical tensions–would result in differing cyber norms, ecosystems, and standards in the near future. In addition, organisations could suffer “collateral damage” from geopolitical conflicts, as cybercriminal and hacktivist groups take sides and engage in more malicious cyber activities for politically-motivated purposes. This increased the risk of reprisals and, in a hyper-connected global cyberspace, could impact organisations not linked to nations involved in the geopolitical conflicts, CSA said. RELATED COVERAGE More
