Cybersecurity Roundup December 2023

Related Content

Want to keep learning?

Subscribe to SSL.com’s newsletter, stay informed and secure.

Ten New Android Banking Trojans Emerge in 2023 Targeting Nearly 1,000 Apps  

In 2023, ten new Android banking trojan families emerged targeting 985 bank and fintech apps from 61 countries, according to research from mobile security firm Zimperium. In addition, 19 existing trojan families from 2022 were updated with new capabilities like automated transfer systems, social engineering tactics, and screen-sharing tools to increase their effectiveness.  Collectively, the malware families focus on stealing banking credentials and funds through means like keylogging, overlaying phishing pages, and intercepting SMS messages. Many are now offering subscription-based access to other cybercriminals for fees ranging from $3,000 to $7,000 per month.   The ten newly identified Trojans in 2023 are: 
  • Nexus  
  • Godfather 
  • Pixpirate 
  • Saderat  
  • Hook 
  • PixBankBot 
  • Xenomorph v3 
  • Vultur 
  • BrasDex 
  • GoatRat  
They disguise themselves as normal apps and target financial apps primarily in the U.S., U.K., Italy, Australia, Turkey, France, Spain, Portugal, Germany and Canada.   Zimperium advises: 
  • Avoiding downloading APKs outside of Google Play 
  • Carefully reviewing app permissions and developers 
  • Denying accessibility permissions to suspect apps 
  • Avoiding links in unsolicited messages 
As trojans grow increasingly advanced, users should remain cautious when installing apps and granting access. The emergence of 10 new banking trojans in just one year shows the threats are rapidly evolving. 
SSL.com Insights:

Businesses should train employees to scrutinize app permissions meticulously. If an app requests unusual access, like accessibility services, it’s a potential red flag. 

Ensure all software, especially those handling financial transactions, is downloaded from reputable sources like Google Play. Avoid APKs from external sources.  

With trojans employing social engineering, educating your team on recognizing and reporting suspicious activities, such as unsolicited email messages with links, is crucial. Consider using SSL.com’s S/MIME certificates as a tool in email security. S/MIME (Secure/Multipurpose Internet Mail Extensions) certificates enable email encryption and digital signing. Digitally signed emails confirm the sender’s identity, helping users distinguish between legitimate correspondence and emails that may contain malicious links from impersonators or cybercriminals.

Elevate your email security with SSL.com’s S/MIME certificates

Secure Emails Now

MongoDB Investigating Security Incident Exposing Customer Data 

Database management company MongoDB is investigating a security incident that resulted in the exposure of customer account information. The company detected suspicious activity on December 28 and determined unauthorized access had been occurring for some period before discovery.   The compromise impacted MongoDB’s corporate systems, which contained customer names, phone numbers, email addresses, and other account metadata. For at least one customer, the hackers also accessed system logs which can include sensitive information about database operations.  MongoDB has not clarified the extent of customer data exposure, how long hackers were in the systems, or how the initial unauthorized access occurred. The company has not yet notified the U.S. Securities and Exchange Commission as required for cyber incidents.   Importantly, MongoDB believes no customer data stored on MongoDB Atlas, its database-as-a-service offering, was accessed. But its investigation is still ongoing.  In response, MongoDB recommends customers:  
  • Remain vigilant for phishing attempts 
  • Enable multi-factor authentication  
  • Monitor accounts for suspicious activity 
SSL.com Insights:

The incident serves as a reminder that even security-focused technology companies can suffer breaches. Hackers are often looking for ways into corporate systems that hold valuable customer data for extortion and identity theft. 

Companies should conduct regular security audits of their database management systems, ensuring that all access points are secure and monitored. This includes reviewing and updating permissions, as unauthorized access often occurs due to outdated or weak security configurations. 

SSL.com emphasizes the importance of robust authentication measures. Our Client Authentication certificates provide a secure way of verifying user identities, crucial in preventing unauthorized access to sensitive corporate systems and data. 

For organizations managing vast data stores, these certificates are vital in safeguarding against unauthorized access and potential data breaches. They offer a secure and efficient solution for managing access to databases and sensitive information. 

We encourage organizations to engage with SSL.com to explore how our Client Authentication certificates can enhance their security posture, particularly in the context of the evolving digital threats.

 

Fortify your digital defenses now with SSL.com’s Client Authentication Certificates 

Secure your Critical Systems Now

Messenger Rolls Out Default End-to-End Encryption for Billions of Users 

Meta has launched default end-to-end encryption for personal chats and calls in Messenger and Facebook. This means message content will be encrypted as it leaves the sender’s device and can only be decrypted when it reaches the receiver, preventing third parties like Meta from accessing it.   Implementing encryption across Messenger’s over 1 billion users took years to build while preserving privacy and safety properly. Meta worked with outside experts to identify risks and build accompanying safety features in areas like: 
  • Message controls 
  • App lock  
  • Reporting flows 
With encryption enabled, Messenger is also launching new features to improve control and security: 
  • Edit sent messages within 15 minutes 
  • Make messages disappear after 24 hours  
  • Disable read receipts  
  • Enhanced media sharing with reactions 
  • Faster voice message playback  
Meta aims to be transparent about its cryptography approaches, publishing two research papers on its techniques. Encryption will roll out slowly over months until it covers all personal chats globally.  
SSL.com Insights:

Meta’s introduction of default end-to-end encryption on Messenger marks a significant stride in cybersecurity, aligning closely with SSL.com’s commitment to secure communication. 

The process undertaken by Meta, involving extensive collaboration with experts and gradual feature rebuilding, mirrors our approach at SSL.com. We understand the importance of balancing security with functionality. Just as Messenger maintains its user-friendly features like custom reactions and disappearing messages alongside its new encryption, SSL.com provides digital certificates that secure communications without hindering user experience.

GitHub Requiring 2FA By January 19th for Code Contributors

GitHub is mandating two-factor authentication (2FA) by January 19th, 2024 for all users who contribute code on the platform. Accounts without 2FA after the deadline will have limited functionality until enrolled.   The policy aims to protect GitHub source code from supply chain attacks by adding an extra authentication layer. It applies to github.com but not GitHub Enterprise or Business Cloud.  After January 19th, GitHub will automatically direct users without 2FA to complete setup when attempting to access the site. Existing access tokens, SSH keys, and OAuth apps will continue working. However, new credentials or account changes will need 2FA enabled first.  GitHub supports various 2FA methods: 
  • Security keys  
  • Mobile apps 
  • Authenticator apps 
  • SMS texts 
Enabling multiple methods is recommended for redundancy. Users can manage 2FA in their security settings. Those who already have 2FA enabled before the deadline remain unaffected. After January 19th, 2FA can’t be disabled but verification methods can be changed. 
SSL.com Insights: The policy change reflects GitHub acting to prevent real-world software supply chain threats impacting downstream users. 

2FA adds an essential layer of security beyond just the password. By requiring a second form of verification, it significantly reduces the chances of unauthorized access. This is particularly crucial in platforms like GitHub, where the integrity of code repositories is paramount. With increasing incidents of code alteration and supply chain attacks, 2FA acts as a critical barrier, protecting both individual users and the wider community relying on the code. 

GitHub’s initiative aligns with SSL.com’s philosophy of adopting multi-layered security approaches. It serves as a strong reminder to organizations and individuals alike of the importance of embracing enhanced security practices.

 

SSL.com Announcements

SSL.com’s S/MIME Certificates can now be integrated with an LDAP-enabled network

LDAP (Lightweight Directory Access Protocol) is an industry-standard protocol for accessing and managing directory information services. It is commonly used for storing and retrieving information about users, groups, organizational structures, and other resources in a network environment.

Integrating LDAP with S/MIME certificates involves utilizing LDAP as a directory service to store and manage user certificates. 

By integrating LDAP with S/MIME certificates, organizations can centralize certificate management, enhance security, and streamline the process of certificate retrieval and authentication in various applications and services that leverage LDAP as a directory service.

Contact sales@ssl.com for more information on LDAP integration. 

Automate Validation and Issuance of Email Signing and Encryption Certificates for Employees 

< p align=”justify”>Bulk enrollment is now available for Personal ID+Organization S/MIME Certificates (also known as IV+OV S/MIME), and NAESB Certificates through the SSL.com Bulk Order Tool. Bulk enrollment of Personal ID+Organization S/MIME and NAESB Certificates has the additional requirement of an Enterprise PKI (EPKI)  Agreement. An EPKI Agreement allows a single authorized representative of an organization to order, validate, issue, and revoke a high volume of these two types of certificates for other members, thereby enabling a faster turnaround in securing an organization’s data and communication systems.    

We’d love your feedback

Take our survey and let us know your thoughts on your recent purchase.