November 19, 2024 at 07:35AM Maryland AI company iLearningEngines reported a $250,000 loss from a wire transfer fraud linked to a business email compromise scheme. Following the incident, the company activated its cybersecurity response plan and engaged external experts. Despite containing the situation, iLearningEngines faces potential legal scrutiny and adverse impacts on operations and stock … Read more
November 18, 2024 at 08:14AM Scammers are exploiting the Microsoft 365 Admin Portal to send sextortion emails that bypass spam filters by using the legitimate “[email protected]” address. These emails claim to have compromising content and demand payment. Microsoft is investigating this abuse, but users should remain vigilant and not respond to these scams. ### Meeting … Read more
November 18, 2024 at 07:03AM Google is developing a feature called Shielded Email that enables users to create unique email aliases for online sign-ups, enhancing privacy and reducing spam. This follows similar features from Apple and others. Additionally, Google has launched the Android System Key Verifier for improved security in messaging through encryption keys. ### … Read more
November 12, 2024 at 04:47PM Microsoft revealed a critical vulnerability (CVE-2024-49040) in Exchange Server 2016 and 2019, allowing email spoofing by forging legitimate senders. Discovered by Vsevolod Kokorin, the flaw leads to exploitation risks. Microsoft has released updates for detection and added warning banners for suspicious emails, urging users to maintain security features. ### Meeting … Read more
November 12, 2024 at 10:15AM Cybersecurity researchers warn of GoIssue, a tool for orchestrating large-scale phishing attacks on GitHub users by extracting emails from profiles. Marketed by a threat actor, it enables customized mass email campaigns, increasing risks of data theft and breaches. Additionally, a new two-step phishing attack uses compromised Microsoft files. ### Meeting … Read more
November 12, 2024 at 09:32AM GoIssue is a new tool enabling cybercriminals to extract email addresses from GitHub profiles for bulk email attacks on users, highlighting vulnerabilities in GitHub’s security for developers and corporate supply chains. The article discusses its implications for online security. **Meeting Takeaways:** 1. **Introduction of GoIssue Tool**: A new tool named … Read more
November 12, 2024 at 07:26AM Hot Topic experienced a data breach affecting around 57 million email addresses and the personal information of about 25 million customers. The incident raises concerns about data security and customer privacy. ### Meeting Notes Takeaways: 1. **Data Breach Overview**: – Hot Topic has experienced a significant data breach. 2. **Impacted … Read more
November 6, 2024 at 05:56PM Check Point Research has tracked a spear-phishing campaign, “CopyR(ight)hadamantys,” targeting hundreds of companies globally with emails claiming copyright infringement. The emails deliver the sophisticated infostealer Rhadamanthys, capable of stealing sensitive data. Attackers use automation to send these messages, often impersonating known brands in technology and entertainment industries. ### Key Takeaways … Read more
November 5, 2024 at 08:49AM Cybercriminals are exploiting DocuSign APIs to send fraudulent emails, including fake invoices, that evade spam and phishing filters. This highlights vulnerabilities in the platform, posing significant risks for users. The information was reported by SecurityWeek. **Meeting Takeaways:** 1. **Issue Identified**: Cybercriminals are exploiting DocuSign APIs. 2. **Method of Attack**: They … Read more
November 4, 2024 at 02:40PM Generative AI attacks, including deepfakes, are increasing, with AI-generated text in emails growing to 12%. OWASP published guidance for organizations to strengthen defenses. A deepfake incident during a job interview at Exabeam highlighted vulnerabilities. Experts suggest focusing on tech solutions and robust processes rather than solely training individuals to detect … Read more