Category: Cyber

The biggest data breaches in 2024: 1 billion stolen records and rising

Posted on by esimantiras

The biggest data breaches in 2024: 1 billion stolen records… and rising

source: techcrunch.com (contributed by FAN, Steve Page)  |  image: pixabay.com

 

We’re over halfway through 2024, and already this year we have seen some of the biggest, most damaging data breaches in recent history. And just when you think that some of these hacks can’t get any worse, they do.

From huge stores of customers’ personal information getting scraped, stolen and posted online, to reams of medical data covering most people in the United States getting stolen, the worst data breaches of 2024 to date have already surpassed at least 1 billion stolen records and rising. These breaches not only affect the individuals whose data was irretrievably exposed, but also embolden the criminals who profit from their malicious cyberattacks.

Travel with us to the not-so-distant past to look at how some of the biggest security incidents of 2024 went down, their impact, and in some cases, how they could have been stopped. 

Mystery AT&T data leak exposed 73 million customer accounts

Some three years after a hacker teased a published sample of allegedly stolen AT&T customer data, a data breach broker in March dumped the full cache of 73 million customer records online to a known cybercrime forum for anyone to see. The published data included customers’ personal information, including names, phone numbers and postal addresses, with some customers confirming their data was accurate

But it wasn’t until a security researcher discovered that the exposed data contained encrypted passcodes used for accessing a customer’s AT&T account that the telecoms giant took action. The security researcher told TechCrunch at the time that the encrypted passcodes could be easily unscrambled, putting some 7.6 million existing AT&T customer accounts at risk of hijacks. AT&T force-reset its customers’ account passcodes after TechCrunch alerted the company to the researcher’s findings. 

One big mystery remains: AT&T still doesn’t know how the data leaked or where it came from. Continue reading “The biggest data breaches in 2024: 1 billion stolen records and rising”

Listening is so last year — Meta’s new tech wants to feel your voice

Posted on by esimantiras

Listening is so last year — Meta’s new tech wants to feel your voice

source: media.hubspot.com (contributed by Artemus founder, Bob Wallace)  |  image: pixabay.com

 

Great news for the vocal fry community: Your vocal cord vibrations could soon be put to good use protecting your data.

Seriously. Meta filed a patent application for user authentication using a “combination of vocalization and skin vibration,” per Patent Drop.

That title is a mouthful, so let’s break it down:
  • Meta wants to replace the need for passwords or fingerprint scanning with voice authentication for accessing systems like its AR headset or smart glasses.
  • But AI has made impersonating someone’s voice really easy, with convincing voice cloning and deep fakes already swirling.
  • So Meta is taking voice authentication one step further by scanning the “vibration of tissue” during speech in addition to one’s voice.
  • When a user says a wake word, a “vibration measurement assembly” picks up the vibrations of their skin and the acoustic waves of their voice to authenticate them.

The combined dataset would create a unique audio fingerprint and, when built into headsets and glasses, would let users access their systems with a single word.

And while no one likes their password getting hacked, the stakes are getting a hell of a lot higher, with new tech poised to start harvesting data directly from our brains.

Sounds interesting

This patent is just the latest of Meta’s voice authentication tech. A separate “user identification with voice prints” patent application would see voice prints integrated into the two-factor authentication process for the company’s social media apps.

And Meta is far from the only company thinking about voice biometrics — the market is projected to hit 11.1B by 2032.

It will only become more important as AI companies crank out new voice generation tools, like OpenAI’s Voice Engine, which can clone someone’s voice using only a 15-second clip of them speaking, or ElevenLabs’ Reader App, which can clone celebrity voices.

 

 

Space: The Final Frontier for Cyberattacks

Posted on by esimantiras

Space: The Final Frontier for Cyberattacks

 

source: darkreading.com  |  image: pixabay.com

 

A failure to imagine — and prepare for — threats to outer-space related assets could be a huge mistake at a time when nation-states and private companies are rushing to deploy devices in a frantic new space race.

A distributed denial-of-service (DDoS) attack this week disabled electronic door locks across a major lunar settlement, trapping dozens of people indoors and locking out many more in lethal cold. The threat actor behind the attack is believed responsible for also commandeering a swarm of decades-old CubeSats last year and attempting to use them to trigger a chain reaction of potentially devastating satellite crashes.

Neither “incident” has happened, of course. Yet. But they well could, sometime in the not-too-distant future, and now is the time to start thinking about and planning for them. Continue reading “Space: The Final Frontier for Cyberattacks”

Is Your Computer Part of ‘The Largest Botnet Ever?’

Posted on by esimantiras

Is Your Computer Part of ‘The Largest Botnet Ever?’

source: krebsonsecurity.com  |  image: pixabay.com

 

he U.S. Department of Justice (DOJ) today said they arrested the alleged operator of 911 S5, a ten-year-old online anonymity service that was powered by what the director of the FBI called “likely the world’s largest botnet ever.” The arrest coincided with the seizure of the 911 S5 website and supporting infrastructure, which the government says turned computers running various “free VPN” products into Internet traffic relays that facilitated billions of dollars in online fraud and cybercrime.

On May 24, authorities in Singapore arrested the alleged creator and operator of 911 S5, a 35-year-old Chinese national named YunHe Wang. In a statement on his arrest today, the DOJ said 911 S5 enabled cybercriminals to bypass financial fraud detection systems and steal billions of dollars from financial institutions, credit card issuers, and federal lending programs. Continue reading “Is Your Computer Part of ‘The Largest Botnet Ever?’”

NSA Warns iPhone And Android Users To Turn It Off And On Again

Posted on by esimantiras

NSA Warns iPhone And Android Users To Turn It Off And On Again

source: Forbes.com (contributed by FAN, Steve Page)  |  image: pixabay.com

 

Updated Saturday, June 1: This article has been updated to include clarifcation around the safety of using public Wi-Fi networks and additional advice from the NCSC and FCC.

Although some people might worry about the National Security Agency itself spying on their phones, the NSA has some sage advice for iPhone and android users concerned about zero-click exploits and the like: turn it off and on again once per week.

How often do you turn off your iPhone or android device? Completely turn it off and then reboot it, rather than just going into standby mode, that is. I suspect that the answer for many people is only when a security or operating system update requires it. That, according to the NSA, could be a big mistake.

Users can mitigate the threat of spear-phishing, which can lead to the installation of yet more malware and spyware, by the same simple action. However, the NSA document does warn that the turn it off and on again advice will only sometimes prevent these attacks from being successful. Continue reading “NSA Warns iPhone And Android Users To Turn It Off And On Again”

3 North Koreans infiltrated US companies in ‘staggering’ alleged telework fraud: DOJ

Posted on by esimantiras

3 North Koreans infiltrated US companies in ‘staggering’ alleged telework fraud: DOJ

 

source: yahoo.com (contributed by FAN, Steve Page)  |  image: pixabay.com

 

The Justice Department on Thursday unsealed an indictment charging three North Korean workers and a United States citizen with allegedly engaging in “staggering fraud” through a complex scheme where they secured illicit work with a number of U.S. companies and government agencies.

The indictment against the North Korean IT workers — using the aliases Jiho Han, Chunji Jin and Haoran Xu — alleges the group used fraudulent identities belonging to 60 real Americans to secure telework positions between October 2020 and 2023 that ultimately generated nearly $7 million in profits for the Democratic People’s Republic of Korea.

Continue reading “3 North Koreans infiltrated US companies in ‘staggering’ alleged telework fraud: DOJ”

Defense contractors face a long road on cybersecurity

Posted on by esimantiras

Defense contractors face a long road on cybersecurity

source: axios.com (contributed by FAN, Steve Page)  |  image: pexels.com

 

Most defense contractors believe they’re too small and inconsequential for nation-state hackers to target them, a National Security Agency official told Axios.

Why it matters: China, in particular, has been laser-focused on targeting key American critical infrastructure, officials have warned. Continue reading “Defense contractors face a long road on cybersecurity”

Apple’s iPhone Spyware Problem Is Getting Worse

Posted on by esimantiras

Apple’s iPhone Spyware Problem Is Getting Worse. Here’s What You Should Know

source: wired.com | image: pexels.com

 

The iPhone maker has detected spyware attacks against people in more than 150 countries. Knowing if your device is infected can be tricky—but there are a few steps you can take to protect yourself.

 

In April, Apple sent notifications to iPhone users in 92 countries, warning them they’d been targeted with spyware. “Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID,” the notification reads.

Users quickly took to social media sites including X, trying to work out what the notification meant. Many of those targeted were based in India, but others in Europe also reported receiving Apple’s warning.

Weeks later, little is still known about the latest iPhone attacks. Former smartphone giant Blackberry, now a security firm, has released research indicating they are linked to a Chinese spyware campaign dubbed “LightSpy,” but Apple spokesperson Shane Bauer says this is inaccurate, and researchers at security firm Huntress say the variant Blackberry analyzed was a macOS version, not iOS. Continue reading “Apple’s iPhone Spyware Problem Is Getting Worse”

Brute Force Password Cracking Takes Longer, But Celebration May Be Premature

Posted on by esimantiras

Brute Force Password Cracking Takes Longer, But Celebration May Be Premature

source: technewsworld.com | image: pexels.com

 

Brute force cracking of passwords takes longer now than in the past, but the good news is not a cause for celebration, according to the latest annual audit of password cracking times released Tuesday by Hive Systems.

Depending on the length of the password and its composition — the mix of numbers, letters, and special characters — a password can be cracked instantly or take half a dozen eons to decipher.

For example, four-, five-, or six-number-only passwords can be cracked instantly with today’s computers, while an 18-character password consisting of numbers, upper- and lower-case letters, and symbols would take 19 quintillion years to break.

Last year, Hive’s research found that some 11-character passwords could be cracked instantaneously using brute force. This year’s findings revealed the effectiveness of newer industry-standard password hashing algorithms — like bcrypt — for encrypting passwords in databases. Now, that same 11-character password takes 10 hours to crack.

Continue reading “Brute Force Password Cracking Takes Longer, But Celebration May Be Premature”

Apple Sued Over AirTags Privacy: Everything to Know

Posted on by esimantiras

Apple Sued Over AirTags Privacy: Everything to Know

source: cnet.com  |  image: pexels.com

AirTags digital trackers have raised privacy concerns since the beginning. But now, a lawsuit claims Apple didn’t implement sufficient safeguards.

A class-action lawsuit against Apple alleges the tech giant didn’t sufficiently resolve privacy issues raised by its AirTag digital tracking devices, leading to unwanted stalking and abuse.

The lawsuit, which was filed last year and given court approval to proceed earlier this month, says plaintiffs suffered “substantial” injuries from people who abused Apple’s $29 Bluetooth tracker in ways the company didn’t sufficiently work to address.