Speaking of social engineering, new data from Atlas VPN shows this kind of attack was responsible for the majority of business breaches in 2020.
According to the data presented by the Atlas VPN team, social engineering cyberattacks were the primary cause of company breaches in 2020 at 14%, followed by advanced persistent threats, unpatched systems and ransomware. As a result, learning to prevent social engineering attacks needs to be a top priority for businesses.
Hao Kuo Chi, 40, of La Puente, has agreed to plead guilty to four felonies, including conspiracy to gain unauthorized access to a computer.
The CEOs of Apple, Microsoft, and Amazon will attend a meeting at the White House to discuss cybersecurity.
Over a thousand web apps from Microsoft’s Power Apps platform have leaked 38 million records. This data includes COVID-19 contact tracing.
The data included a range of sensitive information, from people’s phone numbers and home addresses to social security numbers and COVID-19 vaccination status.
The incident affected major companies and organizations, including American Airlines, Ford, the transportation and logistics company J.B. Hunt, the Maryland Department of Health, the New York City Municipal Transportation Authority, and New York City public schools.
Bryan Chaffin and Dave Hamilton join host Kelly Guimont to discuss new legislation around App Stores and “sideloading” of apps on iOS.
There are security features that Apple tells us about on stage at keynotes, and then there are hidden improvements it doesn’t mention.
macOS has gradually made the UNIX security model irrelevant. For example, even the superuser is only allowed to access the private documents of a regular user with the user’s permission—permission that is given on a per-application basis, through that protector of users and bane of developers known as the Transparency, Consent & Control (TCC) framework.
Andrew Orr and Kelly Guimont chat about the latest Security Friday news, including data breaches and ways to protect your data.
On Friday network provider Cloudflare shared how it mitigated a record-breaking 17.2 million request-per-second (rps) DDoS attack.
On Thursday, crypto exchange Coinbase announced phone support in the event of an account takeover.
Today, we’re beginning to roll out phone support for ATOs, to provide customers with a live agent to kick off an investigation. If you believe you’re a victim of an ATO, please call +1 888 908–7930 or visit our support page to protect your account and get help.
A report on Wednesday shows that the damage from cyber attacks has reached over US$$25 billion since 2015.
The most costly attacks are credential attacks (the theft of an organization or individual’s passwords), which have accounted for $6.4 billion in company losses. Often, these credentials are stolen and then sold on the dark web, which happened in the recent T-Mobile breach. Backdoors, like what was used in the SolarWinds hack, have cost companies $5.6 billion.
Apple’s NeuralHash algorithm it will use to detect child sexual abuse material (CSAM) has been extracted from a device and rebuilt using Python.
On Tuesday Corellium announced the launch of the Corellium Open Security Initiative. It will support independent public research of mobile security.
A flaw in the ThroughTek “Kalay” network affects millions of IoT devices including smart baby monitors, DVRs, smart cameras, and other products.
this latest vulnerability allows attackers to communicate with devices remotely. As a result, further attacks could include actions that would allow an adversary to remotely control affected devices and could potentially lead to remote code execution.
Due to how the Kalay protocol is integrated by original equipment manufacturers (“OEMs”) and resellers before devices reach consumers, Mandiant is unable to determine a complete list of products and companies affected by the discovered vulnerability.
GitHub will no longer accept passwords when authenticating Git operations and will require the use of strong authentication factors. Yubico also posted about the announcement here, and its 2FA hardware keys are an acceptable solution for GitHub users.
In December, we announced that beginning August 13, 2021, GitHub will no longer accept account passwords when authenticating Git operations and will require the use of strong authentication factors, such as a personal access token, SSH keys (for developers), or an OAuth or GitHub App installation token (for integrators) for all authenticated Git operations on GitHub.com. With the August 13 sunset date behind us, we no longer accept password authentication for Git operations.
On Monday morning thousands of Wikipedia pages were vandalized with swastikas. The vandalism was reversed and admins are fixing the issue.
The U.S. Securities and Exchange Commission announced a settlement with Pearson, a company that provides software to schools, which will pay US$1 million.
A person in an online forum is offering data for sale that they claim comes from T-Mobile servers. The carrier says it is investigating the accuracy of this alleged breach.
The data includes social security numbers, phone numbers, names, physical addresses, unique IMEI numbers, and driver licenses information, the seller said. Motherboard has seen samples of the data, and confirmed they contained accurate information on T-Mobile customers.
Update: T-Mobile has issued a statement confirming the breach.
Facebook has begun rolling out end-to-end encryption for Messenger calls and Instagram DMs, bringing greater security and privacy to users.
Researchers have proposed a way to limit smartphone tracking from carriers. It’s called Pretty Good Phone Privacy.
Software system provider Intact collected data and analyzed it to see which brands hackers are searching for as their next potential hacking targets.
We analysed search intent by digging out the number of searches for terms including ‘how to hack [xyz]’. Although career cybercriminals are likely to use more nefarious means to research and test their hacking processes, Google search data provides an insight into global intent and changing trends.
Apple and security firm Corellium have reached a settlement and Apple has dropped its lawsuit. The terms of the settlement are confidential.
Poly Network is a cross-chain decentralized finance platform and operates on the Binance Smart Chain, Ethereum and Polygon blockchains. It suffered a hack recently in which approximately US$600 million in crypto was stolen.
About one hour after Poly announced the hack on Twitter, the hacker tried to move assets including USDT through the Ethereum address into liquidity pool Curve.fi, records show. The transaction was rejected. Meanwhile, close to $100 million has been moved out of the Binance Smart Chain address in the past 30 minutes and deposited into liquidity pool Ellipsis Finance.
Mozilla’s latest update to Firefox, version 91, offers enhanced cookie clearing when a user deletes their browser history.
When you decide to tell Firefox to forget about a website, Firefox will automatically throw away all cookies, supercookies and other data stored in that website’s “cookie jar”. This “Enhanced Cookie Clearing” makes it easy to delete all traces of a website in your browser without the possibility of sneaky third-party cookies sticking around.
5G that uses “non-standalone architecture” is rife with security issues and doesn’t protect people from Stingray police surveillance.
Borgaonkar and fellow researcher Altaf Shaik, a senior research scientist at TU Berlin, found that major carriers in Norway and Germany are still putting out 5G in non-standalone mode, which means that those connections are still susceptible to stingrays. The two presented at the Black Hat security conference in Las Vegas last week.
