In 2023, the ransomware industry experienced a concerning surge, with a staggering 55.5% increase in victims worldwide, reaching a total of 5,070. However, the landscape looks markedly different in 2024. While the numbers spiked to 1,309 cases in Q4 2023, the ransomware industry has seen a significant decline in Q1 2024, with only 1,048 cases reported. This represents a notable 22% decrease in ransomware attacks...
Read More
Hackers have been exploiting a brand-new flaw found in Palo Alto Networks PAN-OS software since March 26, 2024, almost three weeks before it was made public yesterday. The network security company's Unit 42 team is keeping tabs on this under the name Operation MidnightEclipse. They believe it's the work of one unidentified threat actor. This security hole, called CVE-2024-3400 (scored 10.0 out of 10 on the severity...
Read More
Google is taking legal action against two app developers for tricking people into downloading fake cryptocurrency apps and stealing their money. The accused individuals, Yunfeng Sun and Hongnam Cheung, are believed to be based in Shenzhen and Hong Kong. They allegedly uploaded around 87 bogus crypto apps to the Google Play Store since 2019, leading to over 100,000 users falling victim to their scam. The tech...
Read More
Google has reached an agreement to eliminate vast amounts of data - billions of records detailing users' online activities - as a resolution to a lawsuit accusing the company of monitoring individuals without their explicit consent through its Chrome browser. The lawsuit, initiated in 2020, alleged that Google deceived users into believing their internet browsing remained confidential when utilizing "incognito" or "private" mode on browsers such...
Read More
Several malicious Android apps have been spotted on the Google Play Store. These apps have a sneaky purpose: turning your Android phone into a proxy for cybercriminals. The discovery was made by HUMAN's Satori Threat Intelligence team. They found a group of VPN apps on the Play Store that come with a special feature. These apps use a Golang library to secretly transform your device...
Read More
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) put three security problems on its Known Exploited Vulnerabilities (KEV) list this Monday. They found proof that these flaws are being actively used. Here are the problems they added: CVE-2023-48788 (CVSS score: 9.3) - Fortinet FortiClient EMS SQL Injection Vulnerability CVE-2021-44529 (CVSS score: 9.8) - Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability CVE-2019-7256 (CVSS score: 10.0) -...
Read More
The International Monetary Fund (IMF) has reported a cyber security breach involving the compromise of several internal email accounts. This incident, first detected on February 16, prompted the Washington-based UN financial agency to conduct an investigation with the help of independent cyber security experts. According to a statement released on Friday, the investigation determined that 11 IMF email accounts were compromised. Immediate remediation actions were taken...
Read More
Security experts have found serious security weaknesses in ChatGPT plugins. These flaws could let attackers take over an organization's account on other platforms and get access to important user data, like Personal Identifiable Information (PII). Amar Basic, Co-Founder at CyberArrow, said, "The problems found in these ChatGPT plugins are worrying. There's a big risk of someone stealing private information or taking control of accounts. Nowadays, employees...
Read More
In a groundbreaking display of technological innovation, CyberArrow and Mobily joined forces at LEAP 2024 to demonstrate the incredible capabilities of the CyberArrow GRC (Governance, Risk, and Compliance) Platform. The event showcased how this cutting-edge solution has revolutionized cyber security compliance, making it a seamless process for organizations. [video width="720" height="1280" mp4="https://staging.cyberarrow.io/storage/2024/03/Presenting-CyberArrow-GRC-at-LEAP.mp4" autoplay="true"][/video] CyberArrow has emerged as a game-changer in the realm of cyber security, particularly in...
Read More
In a comprehensive study conducted by Kaspersky, the cyber security landscape reveals a surprising statistic: 26% of cyber incidents in businesses over the past two years resulted from intentional security protocol violations by employees. This percentage closely rivals the 20% attributed to external hacking attempts, challenging prevailing beliefs that human error is the primary cause of cyber security incidents. The research, seeking insights from IT security...
Read More