Blog
-
Law Enforcement Operation Reveals Phishing Services Are Drawing in Young and Inexperienced Clients
A recent law enforcement operation that took down the LabHost phishing service has raised some questions about the “mainstreaming” of cyber crime, as the London police found that young university students with no prior record of hacking or online criminal activity were among the suspects that were rounded up.
-
String of Water Treatment Plant Invasions Linked to Russian Hackers
The water treatment plant incidents appeared to be more of a show of capability than a serious attempt to cause damage, with the Russian hackers taking videos of at least two of these incidents to boast about on Telegram.
-
2024 Credential Stuffing Attacks Have Pushed Roku to Require 2FA Logins
Two successful credential stuffing attacks since the beginning of 2024 have caused Roku to now require all users to log in with 2FA. At the moment, the company only supports email 2FA.
-
MFA Log Theft at Cisco Duo Caused by Third Party Breach, Customers at Risk of Follow-up Scams
Customers of Cisco Duo are advised to be on heightened alert for phishing and identity theft attempts, as the authentication service has revealed that a third party breach resulted in some MFA logs being stolen.
-
Attempted Audio Deepfake on LastPass is “The New Normal” for Voice Phishing
Employee targeted in the voice phishing attack received several different deepfake call attempts and at least one voicemail message, but did not respond as it’s exceedingly rare for anyone to communicate internally via WhatsApp, let alone for the CEO to randomly start peppering an employee with messages after business hours.
-
Change Healthcare Caught up in Another Cyber Extortion Attempt
A Februrary attack on Change Healthcare was enough of a national disruption to prompt federal government action, and now the company is dealing with a second cyber extortion attempt that may involve some of the perpetrators from the first.
-
Microsoft Faces Harsh Criticism as DHS Report Finds Company at Fault for 2023 Security Breach by Chinese Hackers
Microsoft’s security breach, which essentially gave the Chinese hackers the ability to walk into any Exchange Online email account and ended up impacting at least 500 people in high-ranking positions, would have been unthinkable at one time.
-
2021 AT&T Data Leak Revealed to be Legitimate, 73 Million Records Uploaded to Public Forum
While about 7.6 million current AT&T customers are impacted by the data leak, the vast majority (65.4 million) are former customers from before the start of 2020. Aside from partial SSNs, the most worrying item in the data leak is the account passcodes.
-
U.S. Federal Agencies Face New Wave of AI Rules
The AI rules require federal agencies to not just conduct ongoing testing and audits, but also to make much of their internal workings transparent to the public. That will include annual inventories of AI use cases, data used to train and support models, and also code.
-
Apple’s Privacy and Security Branding Scrutinized in New DOJ Antitrust Lawsuits
The antitrust lawsuit is perhaps best summed up in its characterization of Apple’s privacy and security policies as an “elastic shield” that it can selectively move when a business opportunity suits it.