Blog
Chinese Hacker Nabbed on Italian Vacation Accused of Being Part of Silk Typhoon
Silk Typhoon has been one of the bigger and more active groups of Chinese hackers since at least 2020, but it looks to be down at least one member.
US Secretary of State Impersonated; State Officials Targeted as AI Deepfakes Advance in Capability
An attempt involving Rubio’s voice and writing style was made in an attempt to compromise assorted US and foreign officials, and a warning has gone out about the increasing potential of AI deepfakes and the need for awareness of how realistic they can now be.
Cloudflare’s New Settings for AI Bots Simplify Protections Against Content Scraping
Cloudflare recently introduced an “Easy button” setting that will screen out all attempted content scraping, even for users of its free tier of services, and is promising a “pay to scrape” feature in the near future that would demand a toll from AI bots.
Contact Center Linked to Qantas Frequent Flyer Program Breached, Up to Six Million Records Exposed
Australia’s Qantas has been contacting customers about a data breach that appears to be tied to its loyalty rewards program. The airline says that a third-party contact center was compromised and at least some of its customers, potentially up to six million, are impacted.
Scattered Spider Shifts Cyber Attacks to North American Airlines
After hopping from UK retail to US retail to US insurance firms, the hacking group “Scattered Spider” appears to have switched industries once again. The FBI is advising that North American airlines should be on alert for cyber attacks, as well as their assorted vendors and contractors.
NSA and CISA Turn Up the Heat on Changeover to Memory-Safe Languages
A new CISA/NSA report summarizes the benefits of memory-safe languages for organizations, with a particular focus on critical infrastructure partners, but also acknowledges common challenges that make the changeover a long-term goal and one that may never be 100% attainable.
Users Searching Google for Support Numbers May Be Walking Into a Trap
Scammers take out Google ads impersonating legitimate companies offering support numbers. Victims that clicked on the link are taken to the company’s legitimate URL with a hacker-controlled phone number inserted in the site search bar.
Insurance Companies the New Focus for “Scattered Spider” Hacking Team
Scattered Spider now has a long history of focusing on particular industries and regions for weeks at a time before pivoting somewhere else, and the Google Threat Intelligence Group is warning that their attention has now shifted to US insurance companies.
16 Billion Leaked Login Credentials Just Dropped; How Great Is the Risk?
Formatting of the login credentials makes clear that this collection was largely put together by way of infostealer malware. Most entries have the URL of the applicable service paired with the username and password, but some include further information such as cookies or access tokens.
Highlights of Trump’s New Cybersecurity Executive Order: AI Security, Quantum Cryptography and a Blow to Digital IDs
Trump’s new cybersecurity executive order reflects both ongoing political tensions and necessary cybersecurity realities, ranging from discouraging adoption of mobile driver’s licenses to reframing AI and automation defense approaches to address new developments.