The DEA is using Apple’s AirTags for surveillance

source: imore.com  |  image: pixabay.com

It’s the first time a federal agency has used the tracker for surveillance.

A new report says that the DEA used an AirTag for surveillance in anti-drug operations last year, in what is believed to be the first instance of a federal agency using the tracker in such a manner.

According to Forbes(opens in new tab), border agents intercepted two packages from Shanghai, China, in May of 2022, which were found to contain a pill press that is used to turn powders into tablets. “Believing that they were destined for an illegal narcotics manufacturer”, the DEA stepped in, and rather than swipe the goods, instead placed an AirTag inside the device so they could track its whereabouts. 

A warrant seen by the outlet reveals what “appears to be the first known case of a federal agency turning Apple’s location-tracking device into a surveillance technology.”

Continue reading “The DEA is using Apple’s AirTags for surveillance”

The Deepfake Dangers Ahead

source: wsj.com, contributed by Artemus Founder, Bob Wallace  |  image: pexels.com

 

AI-generated disinformation, especially from hostile foreign powers, is a growing threat to democracies based on the free flow of ideas

 

By Daniel BymanChris Meserole And V.S. Subrahmanian

Feb. 23, 2023 9:58 am ET

Bots, trolls, influence campaigns: Every day we seem to be battling more fake or manipulated content online. Because of advances in computing power, smarter machine learning algorithms and larger data sets, we will soon share digital space with a sinister array of AI-generated news articles and podcasts, deepfake images and videos—all produced at a once unthinkable scale and speed. As of 2018, according to one study, fewer than 10,000 deepfakes had been detected online. Today the number of deepfakes online is almost certainly in the millions.

We can hardly imagine all the purposes that people will find for this new synthetic media, but what we’ve already seen is cause for concern. Students can have ChatGPT write their essays. Stalkers can create pornographic videos featuring images of the people they are obsessed with. A criminal can synthesize your boss’s voice and tell you to transfer money.

Deepfakes risk leading people to view all information as suspicious.

Continue reading “The Deepfake Dangers Ahead”

3 Overlooked Cybersecurity Breaches

source: thehackernews.com  |  image: pexels.com

 

Here are three of the worst breaches, attacker tactics and techniques of 2022, and the security controls that can provide effective, enterprise security protection for them.

#1: 2 RaaS Attacks in 13 Months

Ransomware as a service is a type of attack in which the ransomware software and infrastructure are leased out to the attackers. These ransomware services can be purchased on the dark web from other threat actors and ransomware gangs. Common purchasing plans include buying the entire tool, using the existing infrastructure while paying per infection, or letting other attackers perform the service while sharing revenue with them.

In this attack, the threat actor consists of one of the most prevalent ransomware groups, specializing in access via third parties, while the targeted company is a medium-sized retailer with dozens of sites in the United States.

The threat actors used ransomware as a service to breach the victim’s network. They were able to exploit third-party credentials to gain initial access, progress laterally, and ransom the company, all within mere minutes.

The swiftness of this attack was unusual. In most RaaS cases, attackers usually stay in the networks for weeks and months before demanding ransom. What is particularly interesting about this attack is that the company was ransomed in minutes, with no need for discovery or weeks of lateral movement.

Continue reading “3 Overlooked Cybersecurity Breaches”

IT Leaders Reveal Cyber Fears Around ChatGPT

source: infosecurity-magazine.com  |  image: pexels.com

 

The majority (51%) of security leaders expect ChatGPT to be at the heart of a successful cyber-attack within a year, according to new research by BlackBerry.

The survey of 1500 IT decision makers across North America, the UK and Australia also found that 71% believe nation-states are likely to already be using the technology for malicious purposes against other countries.

ChatGPT is an artificially intelligence (AI) powered language model developed by OpenAI, which has been deployed in a chatbot format, allowing users to receive a prompt and detailed response to any questions they ask it. The product was launched at the end of 2022.

Cyber-Threats from ChatGPT

Despite its enormous potential, information security experts have raised concerns over its possible use by cyber-threat actors to launch attacks, including malware development and convincing social engineering scams.

Continue reading “IT Leaders Reveal Cyber Fears Around ChatGPT”

A Sneaky Ad Scam Tore Through 11 Million Phones

source: wired.com  |  image: pexels.com

Some 1,700 spoofed apps, 120 targeted publishers, 12 billion false ad requests per day—Vastflux is one of the biggest ad frauds ever discovered.

 

EVERY TIME YOU open an app or website, a flurry of invisible processes takes place without you knowing. Behind the scenes, dozens of advertising companies are jostling for your attention: They want their ads in front of your eyeballs. For each ad, a series of instant auctions often determines which ads you see. This automated advertising, often known as programmatic advertising, is big business, with $418 billion spent on it last year. But it’s also ripe for abuse.

Security researchers today revealed a new widespread attack on the online advertising ecosystem that has impacted millions of people, defrauded hundreds of companies, and potentially netted its creators some serious profits. The attack, dubbed Vastflux, was discovered by researchers at Human Security, a firm focusing on fraud and bot activity. The attack impacted 11 million phones, with the attackers spoofing 1,700 app and targeting 120 publishers. At its peak, the attackers were making 12 billion requests for ads per day.

“When I first got the results for the volume of the attack, I had to run the numbers multiple times,” says Marion Habiby, a data scientist at Human Security and the lead researcher on the case. Habiby describes the attack as both one of the most sophisticated the company has seen and the largest. “It is clear the bad actors were well organized and went to great lengths to avoid detection, making sure the attack would run as long as possible—making as much money as possible,” Habiby says. 

T-Mobile Breached Again,

This Time Exposing 37M Customers’ Data

source: darkreading.com  |  image: pexels.com

This time around, weak API security allowed a threat actor to access account information, the mobile phone giant reported.

T-Mobile has disclosed a new, enormous breach that occurred in November, which was the result of the compromise of a single application programming interface (API). The result? The exposure of the personal data of more than 37 million prepaid and postpaid customer accounts.

For those keeping track, this latest disclosure marks the second sprawling T-Mobile data breach in two years and more than a half-dozen in the past five years.

And they’ve been expensive.

Continue reading “T-Mobile Breached Again, This Time Exposing 37M Customers’ Data”

Cybersecurity trends in 2023 that will directly impact everyday life

source: cybersecuritydive.com  |  image: Pixabay.com

 

The scale of cyberthreats are growing, spilling into the mainstream. In 2023, expect the spotlight to add pressure to businesses that have underinvested in security.

 

There are a few certainties in cybersecurity: ransomware will cause headaches for companies; third parties will spark cyber incidents; and every December, cybersecurity analysts will put together lists of their predictions and trends they believe will have an impact in the coming year. 

Most of the predictions are designed to help organizations build out their security programs, but every so often a trend will build slowly over time until its impact is clear.

Sometimes these trends will reach far beyond an individual company and impact society at large. 

Here are some of the biggest trends Cybersecurity Dive is watching this year. Are there any security patterns you are watching closely? Email us at cybersecurity.dive.editors@industrydive.com.

The global impact of state-sponsored activities

State-sponsored threats trend every year, but as we begin 2023, those threats have a different, more menacing, feel to them. The countries responsible for much of the state-sponsored activity — Russia, China and Iran — are embroiled in conflict. 

“In the past year, we’ve seen [Russia’s] invasion of Ukraine; a worsening of the relationship between China and the West combined with tightening control by Xi Jinping and further pressure on Taiwan; and a growing concern in Iran about dissident activity and pressures on the regime both internally and abroad,” said Mike McLellan, director of intelligence for the Secureworks Counter Threat Unit. 

Continue reading “Cybersecurity trends in 2023 that will directly impact everyday life”

Microsoft Warns of Uptick in Hackers Leveraging Publicly-Disclosed 0-Day Vulnerabilities

source: thehackernews.com  |  image: pexels.com

 

Microsoft is warning of an uptick among nation-state and criminal actors increasingly leveraging publicly-disclosed zero-day vulnerabilities for breaching target environments.

The tech giant, in its 114-page Digital Defense Report, said it has “observed a reduction in the time between the announcement of a vulnerability and the commoditization of that vulnerability,” making it imperative that organizations patch such exploits in a timely manner.

This also corroborates with an April 2022 advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which found that bad actors are “aggressively” targeting newly disclosed software bugs against broad targets globally.

Continue reading “Microsoft Warns of Uptick in Hackers Leveraging…”

Web inventor Tim Berners-Lee wants us to ‘ignore’ Web3: ‘Web3 is not the web at all’

source: cnbc.com  |  image:  pexels.com

 

LISBON, Portugal — The creator of the web isn’t sold on crypto visionaries’ plan for its future and says we should “ignore” it.

Tim Berners-Lee, the British computer scientist credited with inventing the World Wide Web in 1989, said Friday that he doesn’t view blockchain as a viable solution for building the next iteration of the internet.

He has his own web decentralization project called Solid.

“It’s important to clarify in order to discuss the impacts of new technology,” said Berners-Lee, speaking onstage at the Web Summit event in Lisbon. “You have to understand what the terms mean that we’re discussing actually mean, beyond the buzzwords.”

Continue reading “Web inventor wants us to ‘ignore’ Web3…”

How critical US sectors are coping with rising cyberattacks

source: thehill.com  |  image: pixabay.com

BY INES KAGUBARE

The rise in cyberattacks this year has forced many companies in critical sectors to make improvements to their cyber defenses in an effort to secure their networks from hacks.

Such companies are increasing their investments in cybersecurity and seeking to hire more cyber professionals — a task proving to be challenging amid a shortage of cyber workers across industries. 

The Hill spoke to several security experts and industry leaders in the financial, health care and energy sectors to gauge how those critical industries are seeking to keep their networks secure amid the growing number of cyberattacks.

In the health care sector, which has seen a spike in ransomware this year targeting hospitals and other health care facilities, Christopher Plummer, a senior cybersecurity architect at Dartmouth Health, said having a cybersecurity program is crucial for hospitals, as they hold sensitive information — including patient data. 

But he estimated that only about 10 to 20 percent of the nation’s hospitals have a dedicated cybersecurity program.

Continue reading “How critical US sectors are coping with rising cyberattacks”