Breaking News

IT specialist deploying AI systems securely

NSA guidance on deploying AI systems securely

April 22 -- The U.S. National Security Agency, in collaboration with six government agencies from the U.S. and other Five Eyes countries, has released new guidance on the secure deployment of AI systems. Published on April 15th, the corresponding publication from the NSA's Artificial Intelligence Security Center (AISC), is a landmark document. The guidance is structured around three...
Ransomware concept art

Akira ransomware: $42M from 250+ victims

April 19th -- A recent joint advisory from the FBI, CISA, Europol's European Cybercrime Center (EC3) and the Netherlands' National Cyber Security Centre (NCSC-NL) highlights the extensive impact of the Akira ransomware operation on organizations worldwide. Since its emergence in March of 2023, Akira has breached the networks of over 250 organizations, amassing approximately $42 million in ransom...
Cyber security concept art

Paris Olympics braces for cyber attacks

April 17th -- Olympic organizers are bracing for a surge in cyber attacks during this year's Summer Games, due to take place in Paris. Officials expect millions of hacking attempts, some of which are liable to target critical systems. Cyber attacks could cause minor inconveniences (e.g., ticketing delays) or major reputational damage (e.g., empty stadiums). Nation-state backed attempts...
extra

Telegram addresses zero-day vulnerability in Windows app

April 15th -- Telegram recently took swift action to account for a critical zero-day vulnerability that was discovered within its Windows desktop application. This vulnerability posed a significant threat, as it allowed for the automatic launch of Python scripts. It's all in the details... Initially, rumors circulated regarding a potential remote code execution (RCE) flaw within Telegram for Windows....
extra

Russian hackers breach government emails

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that Russian government-backed hackers exploited vulnerabilities in Microsoft’s email system to steal sensitive correspondence between officials and the tech company. This alarming breach was highlighted in an emergency directive issued by CISA on April 2. According to the directive, the hackers utilized stolen authentication details shared via email...
mercenary spyware

iPhone users hit with mercenary spyware attacks

Apple has issued a warning to iPhone users across the world about an alarming cyber attack. This highly advanced attack, known as “mercenary spyware,” has affected users in at least 92 countries, including India. Unlike typical cyber criminal activity, these attacks don’t focus on average users seeking personal information. Instead, they specifically target high-profile individuals such as...
phishing

Sophisticated Phishing Campaign Targets Latin America

In a concerning development, cyber criminals have shifted their focus to the Latin American region, deploying a highly targeted phishing scheme. According to researcher Karla Agregado, this campaign employs a clever tactic: phishing emails containing ZIP file attachments. When recipients unzip these files, they discover an HTML file that appears innocuous but actually leads to a malicious...
Code concept art

Insider threat exposes open-source vulnerability

Last month, German software developer Andres Freund, who works for Microsoft, was conducting detailed performance tests when he noticed suspicious behavior in a little-known open-source program called XZ Utils. Freund's investigation revealed a disturbing discovery: the latest version of XZ Utils had been deliberately sabotaged by one of its developers, a move that could have created a secret...
Building concept art

Omni hotels experiences nationwide IT outage

April 3rd – Since Friday, the Omni Hotels and Resorts chain, which owns more than 50 different properties across the United States, Canada and Mexico, has been experiencing a widespread system outage. While the company’s website was initially rendered inaccessible by the outage, it has since been restored with a prominent alert warning visitors of “technical difficulties” due...
Binary code concept art

Hundreds rescued from cyber scam factories

April 1st – The Indian government has rescued 250 citizens who were entrapped and forced to engage in illegal cyber activities in Cambodia. Reports show that the individuals were offered seemingly legitimate job placements, but upon arriving in the country, were corralled, entrapped and used for forced labor. What’s happening Official documentation indicates that more than 5,000 Indians have...
Grok logo

Elon Musk’s new chatbot

March 29th – X, the social networking service owned by Elon Musk, has introduced a new conversational AI-based chatbot, known as Grok. In contrast with mild-mannered and neutral-tone chatbots like ChatGPT or Microsoft AI Copilot, Grok exhibits a more unconventional demeanor. Its responses are often delivered in a candid and informal style, occasionally employing extremely colloquial language. For...
Worldcoin logo on eye

Watchdog suspends controversial Worldcoin project

March 27th – The Portuguese data protection authority has ordered Worldcoin, a controversial project aiming to create a global digital identity system, to temporarily halt collection of biometric data from Portuguese citizens. The National Data Protection Commission (CNPD) announced the suspension on March 26th, citing concerns over Worldcoin’s unauthorized data gathering, including data collection from minors. About Worldcoin Worldcoin, founded...
Person using new laptop

GoFetch: Apple’s Cryptographic Keys at Risk

March 25th – A new security vulnerability called “GoFetch” has been discovered. It affects Apple’s M1, M2 and M3 processors. The vulnerability can be exploited to steal secret cryptographic keys stored in the CPU’s cache memory. The attack leverages a feature called data memory-dependent prefetchers (DMPs), which are present in modern Apple CPUs. DMPs are designed to improve...
DDoS concept art

CISA and FBI warn about DDoS attacks

March 22nd - The U.S Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI) and Multi-State Information Sharing and Analysis Center (MS-ISAC) have jointly released an advisory to provide government groups with guidance around defending against Distributed Denial of Service (DDoS) attacks. These attacks aim to disrupt ordinary web traffic by overwhelming target systems with massive...
Pouring water from bottle into glass

Water sector cyber security threats

March 20th – In the U.S., the White House has issued an urgent warning to state leaders, highlighting the occurrence of “disabling” cyber attacks targeting water systems nationwide. In a joint letter, the White House and the Environmental Protection Agency (EPA) have invited state officials to a meeting scheduled for Thursday. The purpose of the gathering is to...
Blue shield icon

StopCrypt unleashes stealthy new variant that evades detection

March 18th --  One of the most prevalent ransomware groups of 2023, known as StopCrypt, has revealed its new ransomware variant, which leverages sophisticated evasion tactics. This StopCrypt development was brought to light last week. According to a new report, the ransomware family has become more common than LockBit. In contrast with other ransomware groups, StopCrypt typically targets...
DDoS attack concept art

Alabama under siege, DDoS disruption

March 15th – For cyber security professionals who are defending the state of Alabama’s networks, the last couple of weeks have translated to a trial-by-fire. The state has found itself in the crosshairs of a number of cyber attacks that have crippled systems and disrupted critical infrastructure operations for government agencies. The trouble began on March 6th, when...
French flag, concept art

French government hacked, shocking data breach

March 13th – In recent weeks, multiple French government departments have been targeted by sophisticated cyber attacks. These breaches have compromised sensitive data and systems, exposing vulnerabilities within the digital infrastructure of the French government. According to reports from French cyber security agencies, the attacks affected several ministries. Hackers were able to gain unauthorized access to internal networks...
Person using laptop

HP’s firmware now prevents quantum hacks

March 11th – Quantum computers may bring transformative capabilities to organizations, especially those dealing with specific, complex computational challenges. But they also introduce a certain level of risk. Hewlett Packard has launched what it’s calling the world’s first business-grade PCs, which are designed to protect firmware from quantum-based cyber attacks. Preventing quantum hacks Devices will be upgraded with HP’s Endpoint...
Red binary code, concept art

CISA aims to prevent next Log4Shell by…

March 8th – CISA intends to bring agencies, industry, regulators and the open source community closer together for the purpose of better securing the open source ecosystem. The agency announced its commitment to this effort during a two-day summit on open source software (OSS) security, where director Jen Easterly emphasized the role of open source code in critical...
Cloud storage concept

Cloud storage budgets EMEA, busted by fees

March 6th – In Europe, cloud storage costs have taken an outsized bite from budgets, with usage fees eating up a significant portion of allocated resources. More than 50% of EMEA-based firms spent more than intended on cloud storage in 2023. Nonetheless, according to new research, many EMEA organizations are looking to expand cloud storage portfolios. Due to...
Code concept art

North Korea breaks into South Korean chip firms

March 4th – As North Korea looks to upgrade its semiconductor programs for weapon development purposes, several North Korean hacking groups appear to have infiltrated at least two different South Korean chip manufacturing entities. The news follows an announcement by South Korean President Yoon Suk Yeol, which warned that North Korea may attempt to stage provocations – in...
Keyboard close-up

Ransomware takedowns, they’re not working

February 29th – Last year, ahead of the Christmas holiday, the U.S. Federal Bureau of Investigation (F.B.I) ran an international operation intended to squelch the notorious hacking group known as BlackCat or ALPHV. The hacking group is known for operating on a Ransomware-as-a-Service (RaaS) model, and it has also been ranked as the second-most active organized ransomware group...
Cyber security concept art lock screen

NCSC warns of new TTPs employed by APT 29

February 27th – A recent advisory from the U.K. National Cyber Security Centre (NCSC) and international partners highlights the recently developed tactics, techniques and procedures (TTPs) used by APT 29 (also known as Midnight Blizzard, the Dukes or Cozy Bear). The U.S. National Security Agency (NSA), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Cyber National...
Cyber security symbol (padlock) against chip-like background

New tactics adopted by SolarWinds hackers

February 26th -- Western officials have warned that the cyber spies responsible for the 2019 SolarWinds breach are altering their methods and preparing to infiltrate organizations that have transitioned their networks to the cloud. In the past, cloud hosting has presented a challenge for hackers, as it has significantly diminished the attack surface, limiting hackers' capacity to exploit...
Smartphone burning on table

Wireless chargers inject voice commands, damage phones

February 22nd – The ‘VoltSchemer’ attacks involve injecting voice commands into a smartphone’s voice assistant using the magnetic field emitted by a standard wireless charger. VoltSchemer can cause physical damage to a phone and can generate intense heat, potentially resulting in temperatures in excess of 500F (260C), which may also affect nearby items. How it works VoltSchemer is an attack...
Healthcare specialists, concept art

‘Most Wanted’ pleads guilty to cyber attacks

February 20th – In a U.S. federal court, a man has plead guilty to taking a leadership role in two different cyber attacks that resulted in tens of millions of dollars in losses and that temporarily prevented a Vermont hospital from functioning correctly. Although the attacks occurred more than three years ago, the impact has been felt for...
Artificial Intelligence concept art

Game-changing AI video tool by OpenAI

February 16th – The artificial intelligence company OpenAI has given the world a preview of a new AI tool that, if given a simple text prompt, can generate beautiful, high-quality 60-second videos. The new tool has been dubbed Sora. “We’re teaching AI to understand the physical world in motion, with the goal of training models that help people...
Deepfake concept art

Biden audio deepfakes alarm experts

February 14th – Last month, deepfake robocalls that impersonated U.S. President Joe Biden raised alarm among government officials. In the state of New Hampshire, an AI version of Biden encouraged voters not to go to the polls in order to vote this year. Statement auth The emergence of these robocalls, combined with a general rise in deepfakes and AI-based content,...
Hive ransomware attacker content - image of insect

U.S. offers $10M for Hive ransomware intel

February 12th – Hive ransomware operators have extorted more than $100 million from thousands of victim organizations. Affected sectors include healthcare, education, finance, and critical infrastructure. The group first emerged in 2021. In November of 2023, cyber security researchers discovered that a new ransomware group, known as Hunters International, had obtained the source code and infrastructure from Hive...
Raspberry Robin, concept art

Raspberry Robin malware adopts new stealth tactics

February 9th – The malware family identified as Raspberry Robin is back, with new and innovative methods that facilitate higher levels of unauthorized privilege access than previously. According to Check Point Researchers, Raspberry Robin has introduced two new 1-day Local Privilege Escalation (LPE) exploits, indicating either access to a dedicated exploit developer or a high level of potential...
Analyst working, data management and storage system

Mozilla scrubs leaked personal info, for a fee

February 7th — Mozilla has recently launched a new paid service that automatically monitors data and removes people's private info from the web. The service is known as Mozilla Monitor Plus, and is an extension of the Mozilla Monitor (formerly Firefox Monitor) service, which provides information around email address compromises. Mozilla Monitor Plus The new data service aims...
Combine harvester, food and agriculture concept art

U.S. proposes cyber security agriculture bill

January 31 -- Two U.S. Senators have introduced a bipartisan bill that's intended to strengthen cyber security in the food and agriculture sector. The new bill is known as the Farm and Food Cybersecurity Act. The legislation, proposed by Senators Kirsten Gillibrand (D-NY) and Tom Common (R-AR), targets the identification of cyber security vulnerabilities in agriculture, enhancing cyber...
Cyber security concept art

CI/CD at risk, critical Jenkins bug

January 29th -- Software developers are advised to promptly update their Jenkins servers in response to the discovery of a critical vulnerability, CVE-2024-23897. This vulnerability could potentially allow unauthorized attackers, even those without specific permissions, to read arbitrary files on the Jenkins controller file system. Jenkins, a widely used open-source automation server in the Continuous Integration and Continuous Deployment...
Businessman feeling stressed out by ransomware attack

Hospital faces class action lawsuit over cyber attack

January 24th – In the U.S. state of Massachusetts, Anna Jacques Hospital experienced a shutdown of its electronic record systems and networked computers late last year. The attack forced administrators to redirect ambulances to other hospitals until service was restored two days later. A ransomware extortion group known as Money Message publicly admitted that it catalyzed the breach. Neither...
Genetic testing company 23andMe, DNA helix concept

23andMe blames customers for data breach

January 22nd – The DNA testing company 23andMe recently made headlines on account of two data breaches that exposed highly sensitive genomics data belonging to millions of customers. In an unprecedented move, the company blamed breach victims, telling them that the theft of data is their own fault. The ‘customer-is-at-fault’ position is based on the idea that customers...
Botnet concept art

FBI warns against Androxgh0st botnet

January 18th – The U.S. Federal Bureau of Investigation (FBI), in partnership with the Cybersecurity and Infrastructure Security Agency (CISA), has issued an urgent advisory regarding the Androxgh0st botnet. This botnet is actively targeting platforms like AWS, SendGrid and Microsoft Office 365 in order to illicitly acquire cloud credentials. Androxgh0st botnet The Androxgh0st botnet first emerged in 2022. It’s a...
ChatGPT concept art

OpenAI GPT store, open for business

January 16th – OpenAI has finally launched its much anticipated GPT store. The company intended to open the GPT Store in November, but plans were delayed on account of internal company events. The store expands ChatGPT’s potential applications and broadens OpenAI’s ecosystem beyond its current offerings. Effectively, the store will operate as a marketplace for AI tools. The GPT...
Abstract cyber security concept

Taiwanese gov’t facing 5M cyber attacks per day

January 12th – Just days ahead of a critical presidential election, Taiwan has battled an alarming number of cyber attacks. The interference has, reportedly, been quite sophisticated. Taiwanese government agencies alone are contending with an estimated five million cyber attacks per day. Attacks have also been carried out against the country's technology and critical infrastructure entities, with exact...
iPhone concept art

Lawsuit reveals weakness in iOS 16

January 10th – In Moscow, a lawsuit filed by Russian company Elcomsoft alleges that competitor MKO-Systems stole code that can reach into the depths of iOS 16 devices to extract information. The code can grab hidden passwords, locations, browsing history and other data. Elcomsoft states that its law enforcement clients find this software tool useful when trying to...
Airport concept art

Beirut airport screens hijacked by cyber criminals

January 8th – Over the weekend, Beirut International Airport’s information display screens were hacked by domestic anti-Hezbollah groups. Where departure and arrival information would ordinarily be listed, a message accused Hezbollah of putting Lebanon at risk of an all-out war with Israel, which the message writers didn't want. Beirut International Airport attack The message on airport monitors read, “Hassan Nasrallah,...
Hacker concept art

Cyber criminals take over gold accounts on X

January 4th – On the social media platform X, formerly known as Twitter, a gold badge indicates that the service has independently verified the account as owned by a celebrity or an organization. The gold badge system was introduced last year as a paid option to help individuals and organizations show account authenticity. It’s the high-profile and business...
Code concept art

New Year’s resolutions for cyber security

January 2nd – Fortunately, your cyber security isn’t trying to lose 100 lbs in 3 months. Unfortunately, cyber threats are escalating, and organizations do need to take more action in order to protect data and the people to whom it belongs. As the new year unfolds, seize the opportunity to elevate your organization’s cyber security. Be sure to set...
Protection concept art

Update Chrome to get new safety features

Dec. 28 – Chrome's latest version includes a 'safety check' tool, which is designed to notify users of malicious activity and to help free up the browser's memory. When a user's stored passwords have been compromised in a known breach, the tool offers up an alert. It also scans recently installed extensions to identify any software that may...
Cyber security breach

Data breach affects CBS and Paramount

Dec. 26 – Private media giant National Amusements, which owns Paramount and CBS, has reported a data breach. The company is legally required to file a report with Maine’s attorney general. The breach occurred in December of 2022, but only came to light recently. The stolen information Hackers parsed personal information belonging to 82,128 people. Affected individuals began to...
cyber attack concept art

U.S. and A.U. warn of Play ransomware threat

Dec 20th – Since June of 2022, the Play ransomware group has conducted 300 successful cyber attacks, according to a joint advisory published by the U.S. and Australian governments. The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA) and Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC), have warned that the group has targeted...
Data loss concept art

MongoDB customer data exposed

Dec. 18th – Data management giant MongoDB works with over 46,000 enterprises, including Adobe, eBay, Verizon and the U.K.’s Department for Work and Pensions. In the last day, MongoDB has shared that a breach in corporate systems exposed customer data, including metadata and contact information. For one customer alone, this included system log data. The company has found...
Conceptual smart phone image, connectivity

Prince Harry wins damages over phone hack

Dec. 15th – Several years ago, Prince Harry fell prey to phone hacking, as determined by a London High Court judge. The editors of the Daily Mirror, Sunday Mirror and Sunday People were found to have known of the spyware installation, but seemingly stayed silent on the matter. Key facts U.K. tabloids intentionally hacked Prince Harry’s phone Prince...
Computer malware concept art

Nation-state actors burrow into critical systems

Dec. 13th – U.S. government officials and cyber security experts are concerned about recent nation-state backed attempts to infiltrate critical infrastructure, including American power, water, and transportation systems. Cyber criminals who appear to be affiliated with China have wormed their way into computer systems belonging to roughly two dozen critical infrastructure organizations across the past year. It is believed...
Mobile device use concept art

18 malicious mobile apps downloaded 12M times

Dec 11th – At least 18 malicious financial services apps have been downloaded from the Google Play store over 12 million times in the last year alone. These malicious apps steal personal data from devices, including device info, call logs, installed apps, calendar events, local Wi-Fi network details, metadata from images and more. The cyber security community has...
Bug in system, concept art

Nation-state attacks target U.K. officials

Dec. 8th – The United Kingdom has made allegations against Russia’s Security Service regarding a sustained cyber hacking campaign. The campaign is said to have targeted U.K. politicians and other public figures. “We will continue to work together with our allies to expose Russian covert cyber activity and hold Russia to account for its actions,” said former Prime...
Credit union breach, concept art

Breach hits 60 U.S. credit unions

Dec. 6th – In the wake of a ransomware attack, nearly 60 credit unions across the U.S. are contending with breach fallout. Credit union disruptions The National Credit Union Administration is in communication with affected entities, and an investigation is ongoing. Among the organizations significantly impacted by ransomware-related outages is New York-based Mountain Valley Federal Credit Union, although member data...
Cyber security concept art, bright, glowing shield

U.S. confirms cyber attack on water facility

Dec. 4th – Around the world, water suppliers have been urged to upgrade their cyber security measures, after at least one U.S. operator experienced a breach via its industrial control systems, last week. In the wake of the attack, after the facility’s Unitronics programmable logic controllers (PLCs) were compromised, systems were taken offline and the facility switched to...
Booking.com concept art

Social engineers target Booking.com customers

Dec. 1 – Travel planners beware. A novel social engineering campaign, in operation for the last 12 months, targets both hotel employees and Booking.com customers. How it works To gain initial access to Booking.com hotel credentials, cyber attackers deploy the Vidar infostealer. In the process, the scam targets hotel front-desk staff, who need to download malicious content in order...
Abstract colorful lines; energy and motion

Amazon announces new AI image generator at AWS re:Invent

November 29th – As many Cyber Talk readers know, Amazon organizes the annual AWS re:Invent conference, where it makes announcements, launches exciting new products, unveils new product features and releases new tools. The premiere event is currently in underway in Las Vegas. Early this morning, Amazon debuted its new Titan Image Generator, which is now available in preview...

Police departments issue iOS 17 warning

November 27th – Local police departments have issued privacy warnings around Apple’s recent iOS 17 update for iPhones. The update includes a feature called “NameDrop” that allows for contact information to be shared — a little too easily. Users can share contact information simply by situating the phones in close proximity to one another. Nothing needs to be...

Fortune 500 company shuts down network

November 22 – A prominent Fortune 500 company specializing in title insurance and settlement services for the real estate sector, disclosed a cyber security incident critical computer systems. The company initiated an investigation, informed law enforcement, and implemented measures to assess and contain the situation. As a result, disruptions occurred in services related to title insurance, escrow, and mortgage...
USelectricgrid_russianhackers

North American grid prepares for cyberattacks

November 20 - The North American Electric Reliability Corp (NERC) announced that it has completed a two-day simulation with power sector companies to test their emergency response and recovery plans for physical and cyber security attacks. Recently, agencies have uncovered plots against power infrastructure and electric substations in various parts of the country. In light of this, NERC...
Bug in system, concept art

U.S. Agencies Warn of Gen Z Cybercrime Ecosystem

November 17 - U.S. cyber security and intelligence agencies have issued a joint advisory on the cybercriminal group known as Scattered Spider – a group notorious for carrying out sophisticated phishing campaigns. Scattered Spider is associated with the Gen Z cybercrime ecosystem known as the Com, which engages in illegal activities and swatting attacks. These threat actors specialize in...
Abstract colorful lines; energy and motion

Beware of Las Vegas Formula 1 scams

November 15 – Are you on the search for last-minute tickets to the Formula 1 Las Vegas Grand Prix? If you are, then be on the lookout for scammers who are aiming to take advantage of the hype surrounding this significant racing event. Many threat actors are creating phishing pages that look identical to the official website that sells...
cyber attack concept art

Major Australian port disrupted by cyberattack

November 13 – Since Friday Nov. 10, The Australian government has been grappling with a significant cyber security incident that resulted in the suspension of port operations. The port organization is responsible for nearly half of the country’s flow of goods and is investigating potential data breaches and assessing critical systems necessary to resume operations and freight movement. The...
ChatGPT concept art

Major ChatGPT outage, DDoS attack

November 9th – In the last 24 hours, ChatGPT and its API have experienced a major outage due to a DDoS attack. Disruptions in the chatbot's functionality were first documented on November 7th, and initially described as partial outages. However, a “major outage” was reported a day later. The attack comes on the heels of OpenAI’s first-ever developer conference,...
Cyber security concept art, cyber threats, cyber attack prevention

Predator AI hack tool leverages GPT

November 8th – A new hacking tool, ominously named “Predator AI,” has emerged. What sets this tool apart from others is the integration of artificial intelligence; specifically, a ChatGPT-driven class embedded within a Python script. The unique GPT class adds a chat-like text-processing interface. The integration appears intended to reduce reliance on OpenAI’s API, while also advancing Predator...
C-suite executive working on a project

Executives seek exceptions to cyber rules

November 6th – In the last year, nearly half of C-level executives have requested to bypass one or more cyber security measures. This points to a growing disparity between what executives say and the actions that they take. C-level security skips To conduct the aforementioned research, more than 6,500 executive leaders, cyber security professionals and office workers were polled. While...
Deepfake concept art

IT service desks targeted by social engineers

November 3rd – IT service desks have recently experienced a wave of social engineering threats. Traditionally, the IT service desk has functioned as the first point of contact for an organization’s employees who are experiencing technical challenges, such as forgotten passwords and computer crashes. In order to assist with such requests, service desk staff typically verify users’ identities...
U.S.-led initiative vowing not to pay ransoms. Abstract, holographic image of two leaders shaking hands, with arms made out of block chain, infront of American flag.

More than 40 allied countries vow not to pay ransoms

November 1st - In a U.S.-led initiative, more than forty countries have agreed to never again pay ransom to cyber criminals, and to actively work towards eliminating hackers’ funding sources. The timing couldn’t be better, as ransomware attacks are increasing in volume and sophistication worldwide. Says U.S. deputy national security advisor, Anne Neuberger, the United States experiences the...
Abstract cyber security concept

CISA releases security toolkit for healthcare

October 30th – After a series of devastating healthcare-related breaches across the past few months, the Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Department of Health and Human Services (HHS), has released a new set of resources intended to help professionals in the healthcare space improve their organization's security posture. This year to-date, CISA has...
Critical communications infrastructure, concept art

Nation-state actors target critical networks in France

October 27th – Since 2021, the nation-state backed group known as APT28 (a.k.a ‘Strontium’ or ‘Fancy Bear’) has been linked to a series of breaches targeting French government entities, businesses, universities and think tanks. Most recently, APT28 leveraged CVE-2023-38831, a remote code execution vulnerability in WinRAR, and a zero-day privilege elevation flaw in Microsoft Outlook to compromise organizations. The...
healthcare cyber attack, concept art

5 hospitals hit by cyber attack

October 25th 2023 – In Ontario, five different hospitals are contending with a cyber attack that has caused delays in care delivery. Some patients and their families report that they’ve waited hours for care and that procedures have been canceled. One individual required an ambulance to reach the Windsor Regional Hospital’s Met campus and was required to wait...
Australian waterfront, concept art

Microsoft makes $5bn investment in Australia

October 23rd – Across the next two years, Microsoft will invest $5bn in Australia to help protect the nation from cyber threats. While on a trip to Washington D.C., flanked by Microsoft’s vice-chair and president, Brad Smith, Australia's Prime Minister Anthony Albanese confirmed the investment. Australian cyber security strategy The announcement was made just ahead of the Albanese government’s articulation...
Medical clinic concept art

NYC hospital cyber attacks, large-scale disruptions

October 20th – In New York, two hospitals are diverting patients to other facilities due to cyber attacks. The incidents affect systems at HealthAlliance Hospital, in Kingston, and at Mountainside Residential Care Center, both of which are part of the Westchester Medical Center Health Network. Authorities are investigating the incidents, as is an independent cyber security firm. Across...
X Twitter concept art

The unexpected reason X will begin charging users

October 18th – Ever since Elon Musk purchased Twitter, the platform has changed a lot. The famous blue bird logo disappeared, Twitter Blue was a thing for a minute, and most notably, the platform has rebranded to X. And now, X is has announced a new experiment… The platform will now charge a one dollar per year fee...
Global cyber attack concept art, DDoS related imagery

Most expansive DDoS ever seen leverages zero-day

October 13th – This week, a group of technology firms publicly shared information about a DDoS campaign that compressed a month’s worth of Wikipedia traffic into a two-minute deluge. Within the campaign, attackers exploited a flaw in the fundamental technology that powers the internet… Most expansive DDoS ever seen The DDoS campaign described by Google, Cloudflare and Amazon AWS...
Spyware concept art

The EU spyware problem, new investigation insights

October 11th – A recent media investigation has revealed that European Union-based entities have financed the development of and backed the sale of cyber surveillance tools, which have made their way into the clutches of authoritarian regimes. This has occurred with the passive complicity of EU governments, according to the European Investigative Collaborations (EIC) network. The investigation “…shows what...
23andMe headquarters, California, USA

Genetic data stolen in targeted 23andMe breach

October 9th – The U.S. based genetic profiling service 23andMe has launched an investigation into how a million data points were exposed via online forums. At least one anonymous hacker claims to have genetic profiles for sale on the dark web, as cobbled together from hijacked 23andMe customer accounts. The seller has indicated that the profiles include email addresses,...
Vulnerability awareness, concept art

NSA and CISA reveal top security misconfigurations

October 6th – The National Security Agency (NSA) and the Cybersecurity and Infrastructure Agency (CISA) have announced the top 10 most common cyber security misconfigurations within enterprise networks, as discovered by their red and blue teams. NSA and CISA: Misconfigurations The agencies’ Red and Blue teams collected information during assessments and incident response activities, which shaped their overall report...
Meta headquarters, Menlo Park, CA

Hacker impersonates Meta recruiter to target aerospace firm

October 2 – If you’ve been offered a new job opportunity, exercise caution and ensure that the job offer is legitimate. New reports indicate that North Korean hackers, pretending to be recruiters from Meta —the parent company of Facebook— are unscrupulously deceiving individuals into downloading malware. Aerospace breach These findings have been revealed as part of an investigation into a...
Building concept art

Ransomware forces large logistics firm to close

September 28 – In the U.K., one of the largest privately held logistics firms, KNP Logistics Group, has declared itself under financial duress to the point of insolvency, blaming a ransomware attack. Roughly 730 employees will be dismissed as a result of the ensuing legal processes, although one of the group’s key entities has been sold, saving roughly...
Artificial Intelligence concept art

Now you can talk to ChatGPT and it will talk back

September 26 – The popular chatbot known as ChatGPT can now “see, hear and speak,” or at least process spoken words and respond with a synthetic voice. It can also process images, according to parent company OpenAI. ChatGPT’s feature push The features rollout has occurred as competition among chatbot developers heats up. Google has announced a variety of features...
Panoramic view of UAE city

UAE sets cyber security vision for next 50 years

September 20 – In the UAE, senior officials are developing a cyber security vision that is intended to strengthen action against digital crime for the next 50 years. The initiative will provide the country with a high level of resilience, boosting its ability to address “growing digital challenges.” “As the UAE looks forward to its centennial in 2071, we...
binary code

U.S. leaders call for stronger open-source security

September 18 – In a recent two-day summit that included technology companies, banks and industry groups, the White House pushed for stronger standards on behalf of open-source software development. The Biden administrations wants to see companies expand use of inventories, known as software bill of materials, which include information about open source components, licensing and version information for...
Portrait of CISA professional learning about systems

CISA panel wants national cyber security alert system

September 15 – According to a panel that advises the Cybersecurity and Infrastructure Security Agency (CISA), the U.S. need a national cyber security alert system that would provide actionable insights into threats and risks. Without providing details around the development of such a system or how it would operate, the panel noted that “there is a genuine need...
Apple concept art

Zero-click iMessage exploit hits iPhones

September 11 – Last week, Apple revealed that two security bugs were being exploited within a zero-click campaign designed to distribute the NSO Group’s Pegasus spyware. Apple resolved the bugs shortly thereafter. Targets included those connected with government organizations. In the past, NSO spyware has been used to target journalists, lawyers, activists and government officials. Device updates Researchers encourage Apple...
iPhone concept art

This country just banned iPhones in select areas of gov’t & economy

September 08 – In China, the government plans to extend a ban on the use of iPhones within government-backed agencies and companies. If China moves ahead with the ban, the unprecedented event will be the culmination of a multi-year effort to eliminate foreign technology use in sensitive environments. No iPhones A number of agencies have already instructed staff not...
Concept art, cyber security

MITRE and CISA reveal new OT security approach

Sept. 05 – The MITRE Corporation and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have announced a new extension for the open source Caldera platform, which emulates adversarial attacks against operational technology (OT). The latest Caldera for OT extension stems from a collaboration between the Homeland Security Systems Engineering and Development Institute (HSSEDI) and CISA as part...
Airbnb logo in Dresden, Germany

Airbnb accounts hacked with new tactics

Sept. 01 – An increasing number of cyber criminals are exploiting the Airbnb platform in order to profit from user accounts and stolen data. A household name in the travel industry, Airbnb has become a target due to its global popularity. However, cyber security researchers have explained that the platform’s accessibility has also enabled cyber criminals to manipulate...
Artificial intelligence concept art

NCSC warns of ChatGPT prompt injection attacks

Aug 30 – The U.K’s National Cyber Security Centre (NCSC) has stated that there is a growing risk of chatbot “prompt injection” attacks. As implied in the name, in these attacks cyber criminals manipulate prompts, forcing language models like ChatGPT and Bard to behave in unexpected ways. Because chatbots may share data with third-party applications and services, the NCSC...

Spyware hack shows 76,000 phones breached

Aug 28 – A spyware maker’s servers and databases have been hacked. By exploiting flaws in the group’s web dashboard, the adversaries were able to download every dashboard record, including every customer’s email address. Access to the dashboard enabled hackers to delete victims’ devices from the spyware network, severing the connection at the server level to prevent the...

NIST shares post-quantum cryptography standards

Aug 25 – Draft copy of post-quantum cryptography (PQC) standards has been published by the U.S. National Institute of Standards and Technology (NIST). The framework will enable organizations to protect themselves from future quantum-based cyber attacks. The draft documents encompass three draft Federal Information Processing Standards (FIPS). PQC standardization process Starting in December of 2016, NIST began to collect...

CISA says 1,300 new hires in two years

Aug 23 – This week, U.S. Cybersecurity and Infrastructure Security Agency (CISA) Director, Jen Easterly, announced that the agency has substantially increased its staffing, reaching 3,161 employees after an extensive two-year recruitment campaign. More than 1,300 individuals have been hired, translating to more than 18M additional hours of labor every year. CISA talent CISA has explained that not only does...
Google search page in the internet

This new Chrome feature can increase security

Aug 21 – A new Chrome feature aims to proactively alert users when a recently installed extension is no longer available on the Chrome Web Store. The feature, known as the “Safety Check,” is intended to address three scenarios. In the first one, it will send out an alert to users in the event that an extension has...
Concerned cyber security team

Cyber threats turn real for industry professionals

Aug 18 – Earlier this year, the CEO of a small, well-known cyber security company received a disturbing message from cyber criminals stating that the company’s data would be leaked, unless a ransom payment were made. The CEO refused to negotiate. In a never-before-seen move, the hackers dug up an electronic copy of the CEO's son's passport, the...

LinkedIn accounts hacked in hijacking campaign

Aug 16 - In recent months, many LinkedIn users have been locked out of accounts for security reasons or ultimately, had their accounts hijacked by cyber attackers. And LinkedIn users have become vocal about the recent account takeovers and lockouts. An inability to solve the issue through LinkedIn support has compounded users' negative experiences. According to cyber security researchers,...
Ransomware attacks hospitals, healthcare ransomware attacks concept

This ransomware attack disrupted U.S. hospitals

Aug 11 – Starting last week, a ransomware attack affecting 16 different hospitals, all of which are run by Prospect Medical Holdings, resulted in multi-day disruptions to patient services across facilities in four different states. Hospitals were forced to divert ambulances to other care centers, cancel appointments, and close connected satellite clinics. Some had to use paper records...
Business man on video call

AI can eavesdrop while you’re on Zoom

Aug 9 – In your average workday, do you take Zoom calls and simultaneously work on other projects in the background? If so, this software could pose a threat... A new study reveals that AI-powered software can “eavesdrop” on people by working out which keys are being pressed while typing occurs. The software has an accuracy rate of...
Programming code abstract technology background of software developer and computer script

A new ‘superconductor’ could change the world

Aug 7 – The world of material sciences generally doesn’t receive much public spotlight, but after scientific discovery of a new superconductor material, dubbed LK-99, the discipline is receiving Barbenheimer-level attention. In late July, a group of researchers claimed to have discovered a superconductor that works at normal temperatures and pressure. As with conventional superconductors, this superconductor can...
iphone concept art

FCC fines robocallers $300 million

Aug 4 –The FCC has issued one of its largest fines ever. After an investigation spanning many months, the FCC decided to issue a record-setting $300 million fine on one of the largest illegal robocall operations the agency has ever faced. The operation, comprised of an international network of companies, made more than five billion robocalls to 500...
Cyber security shield concept art; protecting technology; blue design

White House plan for cyber workforce

Aug 2 – The Biden administration and the Office of the National Cyber Director have a plan to improve the nation's cybersecurity skills. They want to build up the workforce and make sure all working Americans are prepared for the digital world. This is the first government plan of its kind to accomplish one goal: meet the increasing...
Abstract red design

What is FraudGPT?

Jul 28 -- A new cyber criminal tool, known as FraudGPT, has appeared on various dark web marketplaces and Telegram channels. As the name implies, the tool is intended to promote malicious activity. It's been in circulation since at least July 22nd of this year. "This is an AI bot, exclusively targeted for offensive purposes, such as crafting...
Cityscape concept art

Companies have 4 days to report breaches

Jul 26 – Under controversial new rules that the U.S. Securities and Exchange Commission is expected to adopt, companies hit by cyber attacks will have four days to publicly disclose any significant impact. At a meeting today, the agency’s commissioners will vote on the details of the reporting rules, which were proposed last year. Trade organizations and enterprises...
×

Subscribe to CyberTalk.org Weekly Digest for the most current news and insights.

×

 

We’d love to learn from you!

Please take a minute to complete a brief survey!

Begin our Survey