Pixalate Raises $18.1M to Combat Click Tricks and Ad Fraud

Analytics firm Pixalate has announced $18.1 million in growth capital for connected TV and mobile advertising initiatives. The new round brings total capital raised to $22.7 million for the 9-year-old firm, which specializes in fraud prevention, privacy protection and legal compliance via offices in Santa Monica, Palo Alto and London. The move comes as Pixalate rises to meet the challenges of enterprise clients fending off bot attacks, ad fraud and other malicious threats. Malware incursions by intruders like Puppeteer siphon tens of millions of dollars in annual ad revenue, according to Pixalate. Continue reading Pixalate Raises $18.1M to Combat Click Tricks and Ad Fraud

Google Develops New Security Solutions to Strengthen Cloud

Google is introducing new security solutions for Google Cloud, in addition to expanding availability of its Risk Protection Program. Google Cloud vice president and general manager Sunil Potti explained that the updates are part of a larger vision of “invisible security” within the cloud where silos will “eventually” disappear after all security tech is engineered into it. He added that, “rather than essentially build products that fix problems with other products … you have to hit the reset button and embrace something fundamental.” Continue reading Google Develops New Security Solutions to Strengthen Cloud

New York Is First City to Open a Cyberattack Defense Center

New York City just opened its Cyber Critical Services and Infrastructure (CCSI) Project, a real-time operational center to protect the metropolitan area against cyberattacks. Located in lower Manhattan, the center shares intelligence with 282 partners, including the New York Police Department (NYPD), Amazon, International Business Machines (IBM), the Federal Reserve Bank and several New York healthcare systems. The anti-cybercriminal effort started two years ago but has been entirely virtual until now. Continue reading New York Is First City to Open a Cyberattack Defense Center

Google Expands Workspace Features and Opens to All Users

Google is providing full access to Workspace (formerly G Suite) for its 3+ billion existing users in consumer, enterprise and education markets. Users turn on Google Chat in Gmail to enable the full experience. Although Google Drive and Docs have already been free, Workspace brings features such as smart suggestions in emails and documents. Google is also debuting Google Workspace Individual, a paid version aimed at small business owners, offering “booking services, professional video meetings, personalized email marketing” and more. Continue reading Google Expands Workspace Features and Opens to All Users

U.S. Takes Steps Against Russian and Chinese Cyberattacks

Blaming Russia for attacks that interfered in the 2020 U.S. presidential election, President Biden imposed new sanctions on 32 entities and individuals in that country. Although sanctions will make it more difficult to partake in the global economy, the White House did not immediately limit Russia’s ability to borrow money on the global market. Biden noted he “chose to be proportionate” and “is not looking to kick off a cycle of escalation and conflict with Russia.” The FBI has also recently taken strong steps to stop Chinese hacking. Continue reading U.S. Takes Steps Against Russian and Chinese Cyberattacks

Apple Reveals Platform Security Guide with Info on M1 Chip

Apple unveiled its annual Platform Security Guide, now 200 pages, which provides the first-ever detailed documentation of its new M1 chips. The company is known for being reticent to release much in-depth technical information as part of its “security through obscurity” strategy to fend off hackers. However, this latest edition of the guide offers “significantly expanded information,” including details about the secure enclave and other software features and is designed to enable customers use the technology’s defense attributes. Continue reading Apple Reveals Platform Security Guide with Info on M1 Chip

Facebook Detects Malware That Was Being Used for Ad Fraud

Facebook shut down malware out of China that stole user credentials to serve ads for diet pills, sexual health products and counterfeit goods including designer handbags, shoes and sunglasses. The hackers used the consumer’s associated payment method to purchase the ads, at the cost to victims of $4 million. The social media company first exposed these attacks in 2018 and traced them to ILikeAd Media International, filing a civil suit against the firm and the two Chinese nationals who allegedly developed the malware. Continue reading Facebook Detects Malware That Was Being Used for Ad Fraud

Pirate IPTV Subscription Services Now a $1+ Billion Industry

Digital Citizens Alliance and NAGRA released a joint report revealing that illegal piracy subscription services — Internet Protocol Television (PS IPTV) — are now a $1+ billion industry. “Money for Nothing” describes an ecosystem of retailers and wholesalers enabled by legal businesses and consumed by at least nine million U.S. households. The report also looks into its infrastructure, supply chain, and ad-supported business models. Piracy injures consumers via malware among other risks. Continue reading Pirate IPTV Subscription Services Now a $1+ Billion Industry

ThiefQuest Is New Ransomware and Spyware Aimed at Macs

K7 Labs malware researcher Dinesh Devadoss discovered a new form of malware aimed at Mac computers. ThiefQuest (originally dubbed EvilQuest, until researchers discovered that’s the name of a Steam game) isn’t simply ransomware but also contains spyware that allows it to exfiltrate an infected computer’s files, search it for passwords and cryptocurrency wallet data, and nab passwords and credit card numbers. Even after a computer reboots, the spyware lingers as a backdoor that could be used for a second-stage attack. Continue reading ThiefQuest Is New Ransomware and Spyware Aimed at Macs

Intel Issues a Patch to Address Concerns About Chip Security

According to researchers at security firm Positive Technologies, Intel chips that were released during the past five years contain a flaw that may allow hackers to overcome built-in security measures. The flaw is in the Converged Security and Management Engine (CSME), described as a subsystem inside CPUs and chipsets similar to AMD’s Platform Security Processor. Intel has issued a patch, but Positive Technologies said it may not be enough to protect systems containing the flawed products. Intel’s 10th generation processors are reportedly not among those affected. Continue reading Intel Issues a Patch to Address Concerns About Chip Security

Las Vegas Was a Target of Cyberattack While Hosting CES

Early Tuesday morning, just as CES 2020 was getting underway, the team that monitors computers for Las Vegas detected a potential cyberattack as the city’s systems were reportedly compromised. While city officials tweeted about the breach, the information was light on details regarding which operations had been affected or the extent of the attack. The timing was unfortunate, since the annual CES confab is one of the largest events in Las Vegas. Last year, the show attracted more than 175,000 people and 4,400 exhibitors, including a number of Fortune 500 companies. Continue reading Las Vegas Was a Target of Cyberattack While Hosting CES

5G Offers Wireless Carriers More Security, Privacy Options

One of the benefits of 5G, expected to be 100 times faster than 4G networks, is the improved protection of sensitive data. Much of the conversation about 5G networks has focused on the security issues related to Chinese vendors of gear used in 5G networks. But Verizon chief information officer Chandra McMahon noted that “security is designed into 5G and there will be additional [security] technical features.” Another advantage is that 5G providers will rely on the cloud, providing more capacity and flexibility. Continue reading 5G Offers Wireless Carriers More Security, Privacy Options

Games Are Targets for Ransomware and Credential Stuffing

Cybersecurity firm Cyren recently discovered Syrk, a free tool that allows players to cheat at video game “Fortnite.” It also learned that Syrk can disable anti-malware software and encrypt batches of user files for ransom. Akamai has reported a significant rise in so-called credential-stuffing attacks, by which criminals use stolen identities in automated attacks to break into accounts. Akamai found 55 billion credential stuffing attacks from November 2017 to the end of March 2019. Gaming sites had 12 billion of these attacks. Continue reading Games Are Targets for Ransomware and Credential Stuffing

Why Adware Is the Most Intrusive Malware on Our Devices

Adware is the flavor of malware that the ordinary person is most likely to encounter on a smartphone or browser. Aimed at generating profits, adware sneaks ads into apps and browsers, with advertisers paying developers based on the number of people who load them. The smartphone is the ideal environment for this version of malware, via apps sold in Apple’s App Store or Google Play Store. Ad malware largely goes unnoticed because its main impact (besides relentlessly serving ads) is to slow down the device. Continue reading Why Adware Is the Most Intrusive Malware on Our Devices

Researchers Identify Bugs in Microsoft Excel, Apple macOS

Threat intelligence firm Mimecast revealed that hackers are exploiting a Microsoft Excel feature called Power Query to facilitate Office 365 attacks. This feature lets legitimate users combine data from various sources by linking to those components in a spreadsheet. Hackers replace a link with another that leads to a site infected with malware. The hacked Excel spreadsheets then allow attackers to install backdoors, using the software program’s own tools. Meanwhile, Apple has yet to fix a macOS bug first identified by a cybersecurity researcher in February. Continue reading Researchers Identify Bugs in Microsoft Excel, Apple macOS