June 19, 2024 at 08:39AM US, New Zealand, and Canada government agencies release guidance for organizations to adopt modern security solutions like Secure Service Edge (SSE) and Secure Access Service Edge (SASE) to enhance network access security. The document advises transitioning beyond VPNs due to recent cyber incidents and advocates for approaches aligned with zero … Read more
June 4, 2024 at 05:59PM Multiple high-profile TikTok accounts were hijacked by attackers exploiting a zero-day vulnerability in the platform’s direct messages feature. Victims included Sony, CNN, and Paris Hilton. The exploit required targets to open a malicious message, without needing to download a payload or click on embedded links. TikTok is working to restore … Read more
May 10, 2024 at 03:33PM Dell recently suffered a data breach compromising 49 million customer records, including personal data and hardware details, which were subsequently offered for sale on the Breach hacking forum. A threat actor named Menelik admitted to exploiting a partner portal to access and scrape the information, claiming ease of registration and … Read more
May 8, 2024 at 01:31PM The FBI warns of Storm-0539, a hacking group targeting retail employees’ personal and work devices with phishing attacks. Once infiltrated, the attackers move laterally through the network to compromise gift card business processes and generate fraudulent gift cards. To defend against these attacks, the FBI advises corporations to review incident … Read more
April 12, 2024 at 05:30AM A LastPass employee was recently targeted in a phishing attack using deepfake technology, with threat actors impersonating the company’s CEO. The employee, suspicious of the urgency and communication outside of normal business hours, ignored the messages and reported the incident. LastPass emphasizes the increasing use of deepfakes in cyber attacks … Read more
April 9, 2024 at 08:52AM UK businesses’ response to security breaches has “astounded” experts following the release of the 2024 cybercrime stats. The report reveals only 22% have a formal incident response plan, with low reporting rates to authorities. Small businesses drive down figures, showing lack of awareness and seeking outside cybersecurity expertise. Breaches cost … Read more
April 8, 2024 at 05:56AM Notepad++ seeks help to take down a lookalike website not affiliated with the project. Despite a disclaimer, it poses security risks and allegedly diverts traffic from the official site. While some defend the site, concerns remain due to potential misuse of the project’s branding. Users are urged to report the … Read more
April 8, 2024 at 02:36AM A top Israeli spy, Yossi Sariel, was exposed after a basic error, revealing him as the author of a book. Meanwhile, multiple security vulnerabilities have been reported, including issues in Android Pixel devices, IOSix’s devices, and Ivanti Secure Connect. Additionally, Jackson County, Missouri suffered a ransomware attack, and Kaspersky reported … Read more
April 5, 2024 at 03:39PM CISO Corner offers security articles for operational readers and leaders, covering issues from cybersecurity awareness to cyber threats in the Middle East. It discusses funding for securing the internet, nearly-hacked 2022 World Cup, Azure AI defense, Ivanti security overhaul, and the importance of a whole-of-society approach to cybersecurity. From the … Read more
April 4, 2024 at 05:01AM The UK National Cyber Security Centre warns that the use of artificial intelligence (AI) in cybercrime will increase the volume and impact of attacks. Cybersecurity firm Sophos also highlights the potential for AI to enable large-scale scam campaigns, demonstrating how AI can be used to create convincing content to lure … Read more