Recent Security News

  • Criminals open DocuSign’s Envelope API to make BEC special delivery

    November 5, 2024 at 01:43PM Business email compromise scammers are leveraging the DocuSign API to create seemingly legitimate e-signature requests, leading to fraud. These attackers use custom templates to send invoices, bypassing spam filters. In 2023, BEC scams have cost US businesses $2.9 billion, highlighting the need for vigilance and sender verification. **Meeting Takeaways:** 1.…

    Read More

  • FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions

    November 5, 2024 at 12:36PM The FBI is investigating cyber intrusions involving malware targeting sensitive data from companies and government networks by Chinese state-sponsored groups. Reports by Sophos reveal attacks leveraging multiple vulnerabilities, shifting from widespread to targeted attacks since 2021, compromising critical infrastructure mainly in South and Southeast Asia. ### Meeting Takeaways: 1. **FBI…

    Read More

  • City of Columbus Drops Case on Cyberattack Whistleblower

    November 5, 2024 at 11:42AM Columbus, Ohio, settled with whistleblower David Leroy Ross after he reported a cyberattack exposing residents’ personal information. The city sued him for damages but agreed to dismiss the case with a permanent injunction, allowing him to share only approved public data, amidst concerns of discouraging future whistleblowers. **Meeting Takeaways:** 1.…

    Read More

  • Ongoing typosquatting campaign impersonates hundreds of popular npm packages

    November 5, 2024 at 11:32AM A typosquatting campaign is targeting developers through similar-named malicious JavaScript npm packages, leading to info-stealing malware. Originating in October, it employs Ethereum smart contracts for command and control, complicating detection. Researchers emphasize the need for stricter package management and authentication to protect development environments from these attacks. Here are the…

    Read More

  • US warns of last-minute Iranian and Russian election influence ops

    November 5, 2024 at 11:23AM The U.S. Cybersecurity & Infrastructure Security Agency warns of last-minute influence operations by Iranian and Russian actors aimed at undermining trust in the upcoming presidential election. These include spreading false information and fabricated media targeting swing states, as well as impersonating the FBI in misleading videos. **Meeting Takeaways:** 1. **Threat…

    Read More