Recently, Apple users have been struggling with this very issue, as widespread reports of forced password resets have surfaced.
If you've been locked out of your Apple ID in the last day or so without warning, you're not alone
Apple users have been suffering a wave of forced lockouts, with some indicating that they have been forced to reset their passwords to regain access.
The lockouts have resulted in customers losing access to their devices, but there appears to be no root cause or anything in common across incidents, and Apple has yet to comment on the matter.
The company's System Status website indicates that all services are "operating normally," with Apple ID services particularly listed as "available."
If your Apple ID has locked you out, you might panic and try your usual password, but it’s useless. You’re left staring at the blank “Incorrect Password” message. What gives?
The cause behind these lockouts remains hidden in mystery. Experts believe it’s a security measure triggered by suspicious activity, while others suspect a glitch in the matrix. Regardless, the concern is real. Users have taken to social media, sharing their stories of being shut.
If your Apple ID has been blocked out and you must change your password, any app-specific passwords you may have created will also need to be reset. That's something you'll have to do whether you utilize apps like Spark Mail, Fantastical, or any number of others.
It could potentially cause significant issues if you use iOS 17.3's Stolen Device Protection. You'll need to use biometrics on your iPhone, such as Face ID or Touch ID, to access your account or use Apple Pay.
As the lockout story falls out, Apple has remained silent. No official statements, no explanations. The tech giant continues to operate, but the users are panicking to regain control of their digital lives. Is it a glitch? A security enhancement? At this moment, we can only wait for Apple’s response
1. Reset Your Password: Change the password. But remember the app-specific ones too.
2. Biometrics: If you’ve set up Face ID or Touch ID, use them to reclaim your digital ID.
3. Stay Tuned: Keep an eye on Apple’s official channels.
The digital society we live in has made it abundantly clear that being cautious about online activities goes beyond avoiding suspicious links. Recent findings by cybersecurity researchers have surfaced a new ransomware threat that exploits web browsers, potentially putting users' files at risk.
The Rising Threat
Modern web browsers like Google Chrome and Microsoft Edge offer advanced functionalities, allowing users to seamlessly interact with various online services, from email to multimedia streaming. However, these capabilities also open doors for hackers to manipulate browsers and gain unauthorised access to users' local file systems.
What Is The Risk?
The File System Access API, utilised by browsers, enables web applications to interact with users' files. This means that uploading files to seemingly benign online tools could inadvertently grant hackers access to personal data stored on the user's computer.
The Implications
Imagine using an online photo editing tool. Uploading files for editing could inadvertently expose your entire file system to malicious actors, who could then encrypt your files and demand ransom for decryption.
The Scale of the Issue
Ransomware attacks have become increasingly prevalent, targeting individuals and organisations across various sectors. In 2023 alone, organisations paid over $1.1 billion in ransomware payments, highlighting the urgent need for robust cybersecurity measures.
Addressing the Threat
Researchers at the Cyber-Physical Systems Security Lab at Florida International University have been investigating this new breed of ransomware. Their findings, presented at the USENIX Security Symposium, underscore the severity of the threat posed by browser-based ransomware.
Recommended Practices
The research team proposed three defence approaches to mitigate the risk of browser-based ransomware. These strategies focus on detecting and preventing malicious activity at the browser, file system, and user levels, offering a multi-layered defence mechanism against potential attacks.
1. Temporarily Halting Web Applications:
This approach involves temporarily suspending a web application's activity within the browser to detect any suspicious behavior related to file encryption. By monitoring the application's actions, security systems can identify and interrupt potential ransomware activity before it causes significant damage. This measure enables users to maintain control over their files and prevent unauthorised access by any threat actors.
2. Monitoring Web Application Activity:
In addition to halting web applications, this defense strategy focuses on continuously monitoring their activity on users' computers. By analysing patterns and behaviours associated with ransomware attacks, security systems can easily detect and respond to any anomalous activities. This real-time monitoring ensures timely intervention and minimizes the impact of browser-based ransomware on users' systems.
3. Introducing Permission Dialog Boxes:
To empower users with greater control over their file system access, this approach proposes the implementation of permission dialogue boxes. When a web application requests access to the user's local files, a dialogue box prompts the user to approve or deny the request, along with providing information about the associated risks and implications. By promoting user awareness and informed decision-making, this measure ensures security posture and reduces the likelihood of inadvertent file exposure to ransomware threats.
As technology continues to transform, so do the tactics employed by cybercriminals. By staying informed and implementing proactive cybersecurity measures, users can safeguard their digital assets against threats like browser-based ransomware.
Every day, Microsoft analyzes over 78 trillion security signals to gain a deeper understanding of the current threat pathways and methodologies. Since last year, we've seen a shift in how threat actors scale and use nation-state backing. It's apparent that companies are facing more threats than ever before, and attack chains are becoming more complicated. Dwell times have decreased, and tactics, techniques, and procedures (TTPs) have evolved to be more agile and evasive.
Based on these findings, here are five attack trends that end-user organizations should be watching regularly.
Some threat actor organizations prioritize stealth by using tools and processes that are already installed on their victims' systems. This enables attackers to fly under the radar and go undiscovered by concealing their operations among other threat actors that use similar approaches to launch assaults.
Volt Typhoon, a Chinese state-sponsored actor, is an example of this trend, having made news for targeting US critical infrastructure using living-off-the-land practices.
Nation-state actors have also developed a new type of tactics that blends cyber and influence operations (IO) techniques. This hybrid, known as "cyber-enabled influence operations," combines cyber methods such as data theft, defacement, distributed denial-of-service, and ransomware with influence methods such as data leaks, sockpuppets, victim impersonation, misleading social media posts, and malicious SMS/email communication to boost, exaggerate, or compensate for weaknesses in adversaries' network access or cyberattack capabilities.
For example, Microsoft has noticed various Iranian actors trying to use bulk SMS texting to increase and psychologically impact their cyber-influence activities. We're also seeing more cyber-enabled influence operations attempt to imitate alleged victim organizations or key figures inside those organizations to lend legitimacy to the impacts of the malware or compromise.
The increased use of small-office/home-office (SOHO) network edge devices is especially relevant for distributed or remote employees. Threat actors are increasingly using target SOHO devices—such as the router at a local coffee shop—to assemble hidden networks.
Some adversaries will even employ programs to locate susceptible endpoints around the world and identify potential targets for their next attack. This approach complicates attribution by having attacks appear from almost anywhere.
Microsoft has noticed an increase in the number of nation-state subgroups using publicly released proof-of-concept (POC) code to exploit vulnerabilities in Internet-facing apps.
This tendency can be seen in threat groups such as Mint Sandstorm, an Iranian nation-state actor that quickly exploited N-day vulnerabilities in common corporate systems and launched highly focused phishing attacks to get speedy and effective access to target environments.
We've noticed a persistent trend toward ransomware expertise. Rather than conducting an end-to-end ransomware campaign, threat actors are focusing on a limited set of skills and services.
This specialization has a breaking effect, distributing components of a ransomware attack across different vendors in a complicated underground market. Companies can no longer think of ransomware attacks as originating from a single threat actor or group.
Instead, they might be attacking the entire ransomware-as-a-service ecosystem. In response, Microsoft Threat Intelligence now tracks ransomware providers individually, identifying which groups deal in initial access and which supply additional services.
As cyber defenses seek better ways to strengthen their security stance, it is critical to look to and learn from past trends and breaches. By examining these occurrences and understanding different attackers' motivations and preferred TTPs, we can better prevent such breaches in the future.
The North Korean hacker group Lazarus has once again made headlines, this time for exploiting LinkedIn in their cyber operations. According to a report by blockchain security analytics firm SlowMist, Lazarus hackers are leveraging the professional networking platform to target unsuspecting users and pilfer their assets through malware attacks.
LinkedIn Used as a Trojan Horse
This involves Lazarus members masquerading as blockchain developers seeking employment opportunities in the cryptocurrency industry. By posing as job seekers, they lure in vulnerable targets, enticing them to share access to their code repositories under the guise of collaborative work. However, the innocuous-seeming code snippets provided by the hackers contain malicious elements designed to syphon off confidential information and assets from the victims' systems.
History of Innovation in Cybercrime
This tactic isn't new for Lazarus, as they previously employed a similar strategy in December 2023, posing as recruiters from Meta. Back then, they convinced victims to download malware-infected coding challenges, which, when executed, granted remote access to their computers.
Lazarus: A Cyber Threat
Lazarus has earned a notorious reputation in the cybersecurity realm since its emergence in 2009. The group is infamous for orchestrating some of the largest cryptocurrency heists, including the 2022 Ronin Bridge hack, which saw a staggering $625 million being stolen.
Laundering Techniques
Once they've plundered their ill-gotten gains, Lazarus employs sophisticated techniques, such as crypto mixing services, to launder the funds back to North Korea. Reports suggest these funds are funnelled into financing the country's military endeavors.
Industry Response and Countermeasures
In response to persistent cyber threats, crypto companies are advocating for heightened security measures and conducting awareness seminars to educate employees about potential risks. The industry's proactive stance has led to the implementation of robust security protocols and increased investment in cybersecurity to safeguard against data breaches and financial theft.
The recent exploits by Lazarus serve as a stark reminder of the ever-present dangers lurking in the digital realm. As cyber threats continue to expand, it's imperative for individuals and organisations alike to remain careful and adopt proactive measures to mitigate risks and be digitally secured.
By staying informed and proactive, investors, traders, and social media users can collectively work towards thwarting cyber threats and safeguarding digital assets in an increasingly interconnected world.
Rubrik, a data management company, recently made waves by going public through an initial public offering (IPO). The reception was nothing short of remarkable, signaling a shift in sentiment toward tech startups. For years, the public markets seemed somewhat closed to these fledgling companies, but Rubrik’s success challenges that notion.
The IPO process is a litmus test for any company. It involves transparency, financial scrutiny, and investor confidence. Rubrik’s strong pricing and positive market response indicate that investors are willing to embrace tech startups, provided they demonstrate robust fundamentals and growth potential.
As Rubrik’s stock ticker symbol blinks across trading screens, it serves as a beacon for other startups eyeing the public markets. The message is clear: If you have a compelling product, a solid business model, and a vision for the future, the IPO route is viable.
TikTok, the viral short-form video platform, has been on a rollercoaster ride. Loved by millions for its entertaining content, it also faces regulatory hurdles. The United States government has demanded that TikTok divest from its parent company or face a ban. This move underscores the geopolitical complexities surrounding tech companies.
Why the scrutiny? TikTok’s Chinese ownership raises concerns about data privacy, national security, and censorship. As the app continues to captivate users globally, governments grapple with how to balance innovation and security. The TikTok saga serves as a cautionary tale for tech companies operating in a globalized world.
For startups, understanding regulatory landscapes is crucial. Navigating legal frameworks, data protection laws, and geopolitical tensions requires strategic foresight. TikTok’s experience highlights the need for transparency, compliance, and proactive engagement with regulators.
Tech Crunch hosted its annual Early Stage event. This gathering brought together startups, investors, and industry experts. The event’s focus? Empowering early-stage companies to thrive.
In Boston, where the event took place, entrepreneurs pitched their ideas, networked, and absorbed insights from seasoned veterans. The buzz around early-stage startups was palpable. Investors scouted for promising ventures, and founders honed their pitches.
Why does this matter? Early-stage support is the lifeblood of innovation. Startups need mentorship, capital, and exposure to flourish.
Cybersecurity researchers at Zscaler ThreatLabz have uncovered a concerning trend in which cybercriminals are exploiting popular web hosting and blogging platforms to disseminate malware and steal sensitive data. This sophisticated tactic, known as SEO poisoning within the realm of Black Hat SEO techniques, has been employed to manipulate search engine results, pushing fraudulent websites to the forefront of users' search queries, thereby increasing the risk of unwittingly accessing malicious content.
How They Operate
The cybercriminals orchestrating these operations have devised intricate strategies to evade detection and entice unsuspecting users into downloading malware. They fabricate fraudulent websites spanning a wide array of topics, ranging from pirated software to culinary recipes, often hosted on well-established platforms such as Weebly. By adopting the guise of legitimate sites, complete with endorsements like "Powered by Weebly," they exploit users' trust in reputable services to perpetrate their malicious activities.
The process commences with cybercriminals setting up sham sites on web hosting services, adeptly avoiding detection by both hosting providers and users. When individuals search for relevant content and click on links from search results, they unknowingly find themselves on these malevolent sites. To circumvent scrutiny from security researchers, the perpetrators implement evasion techniques, including scrutinising referral URLs. Should a user access the site directly, indicating a potential analysis, the site tactfully sidesteps redirection to preserve its cloak of invisibility.
The Payload Delivery System
Malicious payloads are secretly delivered through multi-layered zipped files concealed within seemingly innocuous content. For instance, an individual seeking cracked software may inadvertently download malware instead of the anticipated content. Upon execution, the malware puts together a sequence of activities, encompassing process hollowing and DLL sideloading, aimed at downloading additional malware and establishing communication with command-and-control servers.
Tricks to Avoid Detection
To further complicate their activities, threat actors employ techniques, including string concatenation, mathematical manipulation, and the utilisation of password-protected ZIP archives. These tactics serve to confound security measures, rendering the malicious code arduous to decipher and bolstering the malware's ability to slightly pass over detection.
Data Theft and Deceptive Tactics
Once ensconced within a system, the malware embarks on an mission to harvest extensive troves of data, encompassing system information, browser data, credentials, and browsing history. Additionally, it sets its sights on emails pertaining to cryptocurrency exchanges, adeptly modifying email content and intercepting one-time authentication codes to facilitate unauthorised access.
How To Protect Yourself?
Keeping in mind such campaigns, users are advised to exercise utmost caution when procuring software from unfamiliar sources and to prioritise visiting reputable websites. Staying abreast of emerging cybersecurity threats and securing defences with robust protocols can substantially mitigate the risk of succumbing to potential infections.
In an April 17 analysis from its Sophos X-Ops research team, cybersecurity firm Sophos observed an increase in low-cost, primitive ransomware—a boon for aspiring threat actors and a headache for defenders.
It's far more difficult to find something that there are only twenty copies of in the world, said Christopher Budd, director of threat research at Sophos X-Ops.
The group linked the choices to the cheap handguns that flooded the US firearms market in the 1960s and 1970s, known as junk guns.
Between June 2023 and February 2024, the Sophos team spotted 19 different types of "independently produced, inexpensive, and crudely constructed ransomware." Some missed clean graphics, while others used programming languages like C# and.NET, which "have a shallower learning curve," noted the paper.
It seems to be a fairly recent thing," noting that poor-quality malware has existed for decades.
Sophos discovered one with no price indicated, two open-source models, one for $20 (later reduced to free), and one for 0.5 BTC (about $13K).
According to a 2023 research by cybersecurity firm CrowdStrike, the cost of a Ransomware as a Service (RaaS) kit "ranges from $40 per month to several thousand dollars." RaaS models depend on affiliates purchasing ransomware and consenting to a subscription fee based on the victim's payment.
Junk-gun ransomware destroys that commission: capitalism in action, in a sense.
In most instances, you don't have any kind of partner fees to pay, Budd stated.
Ransomware groups such as LockBit have become large enough to be tracked and halted by government agencies. Junky ransomware has the potential to fly under the radar and bypass detection technology.
There is no single source of knowledge for investigators and researchers to track, the Sophos report stated.
Budd and his crew saw users asking basic inquiries in forums praising the cheap items. What is the best language for creating ransomware? Is writing in C# worthwhile? How should malware be priced and sold?
Budd describes a forum featuring inexpensive ransomware and beginner queries as a welcome place for young hackers waiting for their chance in the big leagues.