A new study introduces novel security schemes to address the growing security challenges with the Internet of Vehicles (IoV). The goal is to improve connected vehicles' integrity and resilience as smart technologies continue evolving to give vehicles greater autonomy and connectivity. Any connectivity involves security risks such as authentication breaches, data confidentiality breaches, and routing attacks, so the IoV must be made secure.

A new study titled "Post Hoc Security and Privacy Concerns in Mobile Apps: The Moderating Roles of Mobile Apps' Features and Providers" delves into how users' privacy and security concerns affect app usage, as well as whether elements such as privacy policies reduce these concerns. As talks regarding data leakage and mobile app security rise, users have become increasingly concerned about the level of privacy and security that mobile apps can provide. This article continues to discuss key findings and points from the study.

According to a new X-Force Threat Intelligence Index report, cyberattackers have shifted their focus from phishing to abusing valid accounts. Last year, X-Force, IBM's security research team, noticed cyberattackers increasingly targeting people's identities. For the first time, attacks using valid credentials made up nearly one-third of all incidents brought to X-Force's attention. This article continues to discuss cyberattackers increasingly abusing valid accounts.

A package on the Python Package Index (PyPI) repository has been updated after two years to spread Nova Sentinel, an information-stealing malware. According to the software supply chain security company Phylum, the package was first published to PyPI in April 2022. The company detected an anomalous update to the library on February 21, 2024. Although the linked GitHub repository has not been updated since April 10, 2022, a malicious update suggests that the developer's PyPI account has been compromised.

According to security researchers at Cybereason, almost four in five (78%) organizations who paid a ransom demand were hit by a second ransomware attack, often by the same threat actor.  Of the 78% breached a second time, 36% of perpetrators were the same threat actor, and 42% were a different attacker.  In total, 56% of organizations suffered more than one ransomware attack in the last 24 months.  During the study, the researchers surveyed over 1000 cybersecurity professionals.

According to an analysis of hundreds of cryptocurrency wallets linked to the LockBit ransomware operation, the gang behind it received over $125 million in ransom payments over the past 18 months. After the LockBit takedown in Operation Cronos, the National Crime Agency (NCA) in the UK, with help from the blockchain analysis company Chainalysis, identified over 500 active cryptocurrency addresses. Law enforcement obtained 30,000 Bitcoin addresses that were used to manage the group's profits from ransom payments.

A vulnerability in Apple's popular Shortcuts app enables attackers to access sensitive data across the device without the user's permission. The Shortcuts app, designed for macOS and iOS, aims to automate tasks. According to Bitdefender's analysis, the vulnerability tracked as CVE-2024-23204, allows the creation of a malicious Shortcuts file that can bypass Apple's Transparency, Consent, and Control (TCC) security framework, which is implemented to ensure apps explicitly request permission from the user before accessing specific data or functionalities.

AT&T recently announced Thursday's hourslong outage to its U.S. cellphone network was due to a technical error, not a malicious attack.  The outage knocked out cellphone service for thousands of its users across the U.S. starting early Thursday before it was restored. AT&T blamed the incident on an error in coding without elaborating. National Security Council spokesman John Kirby said the Federal Communications Commission contacted AT&T about the outage, and the Department of Homeland Security and FBI were also looking into it.  

Australian telecommunications provider Tangerine recently announced that the personal information of 230,000 individuals was stolen in a recent cyberattack.  The incident occurred on February 18 but was not discovered until two days later.  The company said that the attackers accessed a legacy customer database containing the information of roughly 230,000 current and former customer accounts.  The compromised personal information includes names, addresses, dates of birth, email addresses, mobile phone numbers, and Tangerine account numbers.