Category: Infosec

Russia is upping hybrid attacks against Europe, Dutch intelligence says

Posted on by esimantiras

Russia is upping hybrid attacks against Europe, Dutch intelligence says

source: nbcnews.com (contributed by FAN, Steve Page)  |  image: pexels.com

 

“We see the Russian threat against Europe is increasing, including after a possible end to the war against Ukraine,” the director of the Dutch military intelligence agency said.

THE HAGUE, Netherlands — Russia is increasing its hybrid attacks aimed at undermining society in the Netherlands and its European allies, and Russian hackers have already targeted the Dutch public service, Dutch military intelligence agency MIVD said Tuesday.

“We see the Russian threat against Europe is increasing, including after a possible end to the war against Ukraine,” MIVD director Peter Reesink said in the agency’s annual report. Continue reading “Russia is upping hybrid attacks against Europe, Dutch intelligence says”

Secret comms in danger as Second Phone Number iOS app leaks user texts

Posted on by esimantiras

Secret comms in danger as Second Phone Number iOS app leaks user texts

source: cybernews.com  |  image: pexels.com

 

A virtual phone number iOS app with millions of downloads in the US has exposed its users’ data, including messages, media, and sender and recipient details.

While there are many reasons to have a virtual phone number, privacy is the most common. This is not lost on Second Phone Number app creators, as its App Store description starts with “Need a second phone number for private calls and texts?”

However, users expecting privacy are in for a surprise. The Cybernews research team has found that the popular iPhone app’s misconfigured Firebase instance exposed user details likely not meant for the outside world. Continue reading “Secret comms in danger as Second Phone Number iOS app leaks user texts”

Critical Vulnerability Found in Canon Printer Drivers

Posted on by esimantiras

Critical Vulnerability Found in Canon Printer Drivers

source: securityweek.com  |  image: pixabay.com

Microsoft’s offensive security team has warned Canon about a critical vulnerability affecting some printer drivers. 

According to an advisory published last week by Canon, drivers associated with several production printers, office multifunction printers, and laser printers are affected by an out-of-bounds vulnerability. Continue reading “Critical Vulnerability Found in Canon Printer Drivers”

A New Era of Attacks on Encryption Is Starting to Heat Up

Posted on by esimantiras

A New Era of Attacks on Encryption Is Starting to Heat Up

source: wired.com  |  image: pixabay.com

 

The UK, France, Sweden, and EU have made fresh attacks on end-to-end encryption. Some of the attacks are more “crude” than those in recent years, experts say.

OVER THE PAST decade, encrypted communication has become the norm for billions of people. Every day, Signal, iMessage, and WhatsApp keep billions of messages, photos, videos, and calls private by using end-to-end encryption by default—while Zoom, Discord, and various other services all have options to enable the protection. But despite the technology’s mainstream rise, long-standing threats to weaken encryption keep piling up.

Over the past few months, there has been a surge in government and law enforcement efforts that would effectively undermine encryption, privacy advocates and experts say, with some of the emerging threats being the most “blunt” and aggressive of those in recent memory. Officials in the UK, France, and Sweden have all made moves since the start of 2025 that could undermine or eliminate the protections of end-to-end encryption, adding to a multiyear European Union plan to scan private chats and Indian efforts that could damage encryption. Continue reading “A New Era of Attacks on Encryption Is Starting to Heat Up”

X is blocking links to Signal

Posted on by esimantiras

X is blocking links to Signal

source: theverge.com (contributed by FAN, Steve Page)  |  image: pexels.com

Users attempting to add their Signal.me URL to posts, DMs, and bio descriptions are being met with error messages.

X users are currently unable to post links to Signal.me, which are used to quickly and securely send direct messages to Signal users. A variety of failure notifications are being reported when X users attempt to post Signal links on the platform, some of which identify the blocked message as containing spam, harmful content, or malicious activity. Continue reading “X is blocking links to Signal”

We’re In for a Rude Awakening on Cybersecurity

Posted on by esimantiras

We’re In for a Rude Awakening on Cybersecurity

source: city-journal.org (contributed by FAN, Steve Page)  |  image: pexels.com

America remains ill-prepared for Chinese hackers targeting critical infrastructure.

It’s a crisis that almost no one is talking about. The Chinese Communist Party is now the world’s preeminent practitioner of cyber warfare. Once notoriously loud and clumsy, the CCP’s hackers have become stealthy and sophisticated. They’re intercepting the calls and texts of our leaders and infiltrating servers at our ports, power plants, and water-treatment facilities. Yet hardly anyone seems to care. When Congress held hearings on cybersecurity late last year, only a handful of journalists bothered to cover them. Continue reading “We’re In for a Rude Awakening on Cybersecurity”

Chinese hackers infiltrated US Treasury Secretary’s PC — attackers had access to over 400 PCs

Posted on by esimantiras

Chinese hackers infiltrated US Treasury Secretary’s PC — attackers had access to over 400 PCs

source: tomshardware.com (contributed by Steve Page)  |  image: pexels.com 

 

As reported last week, Chinese hackers infiltrated the U.S. Department of Treasury and gained access to several users’ workstations. However, according to Bloomberg, the infiltration was more severe than initially reported, as hackers managed to access systems belonging to Secretary Janet Yellen and other top officials.

Say Goodbye to Passwords

Posted on by esimantiras

Say Goodbye to Passwords

source: fastcompany.com  |  image: pixabay.com

 

Passkey adoption is up, and problems are being fixed.

It’s been a couple of years since Apple, Google, and Microsoft started trying to kill the password, and its demise seems more likely than ever.

In 2022, all three companies embraced an alternative called passkeys, which sync securely between your devices and are protected by face recognition, a fingerprint, or a PIN. The thinking goes that if you don’t have to remember a password—or even create one in a password manager—you’re less likely to fall prey to phishing scams. And if websites don’t have to store their customers’ passwords anymore, security breaches won’t be as disastrous. Continue reading “Say Goodbye to Passwords”

Experts Weigh In on Refusing or Paying After a Ransomware Attack

Posted on by esimantiras

Experts Weigh In on Refusing or Paying After a Ransomware Attack

source: technewsworld.com |  image: pexels.com

 

Ransomware attacks have shown signs of decreasing in recent months. Yet they still pose enough threat for organizations to rethink whether a successful breach of their computers justifies paying a ransom demand in hopes attackers will not divulge their stolen content.

According to the NCC Group Threat Pulse Report released in May, the ransomware landscape remains turbulent despite fewer reported incidents since April. Industrials (34%) and Consumer Cyclicals (18%) remained the first and second-most targeted sectors.

There has been a significant shake-up among the top 10 ransomware actors since April. Hunters, one of the leading bad actors, moved from eighth to the second most active threat actor. It launched 61% more ransomware attacks in April than in March. RansomHub replaced RA Group in third place and saw a 42% increase in attacks over March.

The policy of not paying ransom, often called a “no concessions” policy, is a widely debated strategy in counterterrorism and hostage situations. Its effectiveness continues to be argued from multiple perspectives. Cybersecurity experts apply the same reasoning when deciding whether to make or not make ransomware payments. Continue reading “Experts Weigh In on Refusing or Paying After a Ransomware Attack”

Cyberattackers Unleash Flood of Potentially Disruptive Election-Related Activity

Posted on by esimantiras

Cyberattackers Unleash Flood of Potentially Disruptive Election-Related Activity

source: darkreading.com  |  image: pexels.com

 

Cyber-threat actors have ramped up their targeting of the 2024 US electionswith a flood of malicious activity expected to peak over the next month, aimed at causing disruption to voters and the election process and requiring increased vigilance on the part of stakeholders.

Specifically, attackers have bolstered election-related threat activity since the beginning of the year with an increase in the sale of phishing kits targeting US voters and campaign donors; the registration of more than 1,000 domains aimed at exploiting election-related content for malicious purposes; and increased ransomware activity targeting government entities, according to research from FortiGuard Labs Threat Research released today.

Since the inception of Internet-related threats, cyber-threat actors have typically increased malicious activity ahead of elections, notes Derek Manky, chief security strategist and vice president of global threat intelligence at Fortinet. However, they aim to be especially disruptive during the current election cycle, requiring that all stakeholders be prepared to fend off malicious actors in the upcoming weeks to protect election outcomes. Continue reading “Cyberattackers Unleash Flood of Potentially Disruptive Election-Related Activity”