The Canadian government has ordered ByteDance-owned TikTok to wind up its operations, citing national security concerns, though it will not ban the app for users. The move, advised by security experts, aims to address risks while urging good cyber practices among Canadians.

A threat campaign called VEILDrive utilizes Microsoft services like Teams and SharePoint to distribute malware via spear-phishing attacks. By exploiting trusted infrastructures, attackers have evaded detection, deploying Java-based malware through OneDrive for command-and-control functions.

Cybersecurity experts warn that the Winos command-and-control framework is spreading through gaming apps like installation tools and speed boosters. Winos 4.0, rebuilt from Gh0st RAT, executes a multi-stage infection, targeting users and gathering sensitive information.

Budget season brings challenges for cybersecurity investments, particularly for Continuous Threat Exposure Management (CTEM). CTEM is critical; it shifts organizations from reactive to proactive stances against threats, ensuring vulnerabilities are addressed before exploitation, ultimately saving costs associated with breaches and enhancing overall security resilience.

INTERPOL dismantled over 22,000 malicious servers linked to cyber threats in Operation Synergia II, running from April to August 2024. The operation saw the seizure of 59 servers and the arrest of 41 individuals, marking a significant blow to phishing and ransomware operations.

Google Cloud will enforce mandatory multi-factor authentication (MFA) for all users by the end of 2025, addressing security concerns amid rising phishing threats. The rollout will occur in three phases, starting November 2024, ensuring a smooth transition for users.

Meta has been fined 21.62 billion won ($15.67 million) by South Korea’s privacy watchdog for illegally collecting sensitive information from Facebook users, including political views. The watchdog stated that Meta did not obtain user consent before sharing this data.

The FBI is investigating a series of cyber intrusions involving malware deployed by an Advanced Persistent Threat group. These breaches target edge devices and networks of government and companies, aiming to exfiltrate sensitive data, with links to Chinese state-sponsored groups.

A new strain of Android banking malware, ToxicPanda, has infected over 1,500 devices, enabling fraudulent transactions through account takeover. Believed to originate from a Chinese-speaking threat actor, it bypasses bank security measures using on-device fraud techniques.

Zero Trust security revolutionizes organizational security by eliminating implicit trust. It focuses on continuous validation of user access and real-time monitoring of devices, addressing cyber threats and improving compliance, especially for remote work environments.