October 30, 2024 at 06:25PM Interbank, a major Peruvian bank, has reported a data breach involving the theft of sensitive information from over 3 million customers. A hacker is selling this data online, which includes account details and personal information. While some online services were disrupted, Interbank assures customers their deposits remain secure. **Meeting Takeaways: … Read more
October 30, 2024 at 01:43PM QNAP released security patches for two critical zero-day vulnerabilities, CVE-2024-50387 and another in HBS 3 Hybrid Backup Sync, exploited during Pwn2Own 2024. These patches were issued quickly, highlighting QNAP devices’ susceptibility to cyberattacks. Users are urged to update their software promptly to protect sensitive data. ### Meeting Takeaways 1. **Recent … Read more
October 30, 2024 at 12:00PM North Korean threat actor Jumpy Pisces, linked to various aliases, has collaborated with the Play ransomware group, marking a significant first. This incident involved compromised accounts, credential harvesting, and deployment of Play ransomware. The connection remains unclear—Jumpy Pisces may be an affiliate or merely an initial access broker. ### Meeting … Read more
October 30, 2024 at 11:24AM A former Disney employee, Michael Scheuer, was arrested for hacking into the company’s systems post-termination, altering restaurant menus to eliminate allergen information and redirect QR codes. These actions could have posed serious health risks. Charged with multiple violations, he faces significant prison time if convicted. A bond hearing is pending. … Read more
October 30, 2024 at 10:05AM The text discusses the paradox of cybersecurity tools, which, while essential for protection, can cause major disruptions when mishandled. High-profile outages from CrowdStrike and Verizon highlight the need for careful management and testing of updates, resilience planning, and continuous vigilance to mitigate risks and minimize impact during failures. ### Meeting … Read more
October 30, 2024 at 09:49AM The FBI warns of various scams exploiting the 2024 U.S. general election, including fake campaign donations, merchandise sales, and voter registration alerts. Fraudsters impersonate candidates to steal money and personal data. The FBI advises caution and reporting fraudulent requests to the IC3 to protect potential victims. ### Meeting Takeaways: FBI … Read more
October 30, 2024 at 09:42AM The 2024 ICS Cybersecurity Conference in Atlanta offers sessions focused on various cybersecurity topics. Stay updated with cybersecurity news, webcasts, and virtual events through SecurityWeek. Subscribe to their email briefing for insights on threats and industry trends, with options to unsubscribe anytime. ### Takeaways from the 2024 ICS Cybersecurity Conference … Read more
October 30, 2024 at 09:22AM Researchers revealed a new browser attack, “CrossBarking,” that exploits private APIs in Opera, granting hackers extensive control over users’ browsers. By using a malicious Chrome extension masquerading as a harmless app, attackers can manipulate browser settings, hijack accounts, and access sensitive information, highlighting security risks in browser API management. ### … Read more
October 30, 2024 at 08:48AM Microsoft reports a two-week mass phishing campaign by Russia’s SVR, targeting over 100 organizations through novel techniques, including remote desktop protocol (RDP) configuration files. The campaign, which began on October 22, impersonates Microsoft and other providers, primarily affecting entities in the UK, Europe, Australia, and Japan. ### Meeting Takeaways 1. … Read more
October 30, 2024 at 07:05AM The article emphasizes that while AI shares security challenges with traditional methods, it necessitates new approaches to security. Understanding these differences is crucial for effectively securing generative AI technologies. ### Meeting Takeaways: 1. **Understanding Security Challenges**: There are security challenges in AI that are similar to those in traditional security, … Read more