Category: News You Can Use
source: tomshardware.com (contributed by Steve Page) | image: pexels.com
As reported last week, Chinese hackers infiltrated the U.S. Department of Treasury and gained access to several users’ workstations. However, according to Bloomberg, the infiltration was more severe than initially reported, as hackers managed to access systems belonging to Secretary Janet Yellen and other top officials.
source: axios.com (contributed by Bill Amshey) | image: pixabay.com
Jake Sullivan — with three days left as White House national security adviser, with wide access to the world’s secrets — called us to deliver a chilling, “catastrophic” warning for America and the incoming administration:
Why it matters: Sullivan said in our phone interview that unlike previous dramatic technology advancements (atomic weapons, space, the internet), AI development sits outside of government and security clearances, and in the hands of private companies with the power of nation-states, Jim VandeHei and Mike Allen write in a “Behind the Curtain” column.
Malicious digital advertisements and “SEO poisoning” that gets those ads to prime spots in search results have been mainstays of the digital scamming ecosystem for years. But as online crime evolves and malicious trends like “pig butchering” investment scams and infostealing malware proliferate, researchers say that so-called “malvertising” is still a key technique for scammers—and still a growing problem.
Instances of malvertising in the US were up 42 percent month-over-month in fall 2023 and increased another 41 percent from July to September of this year, according to data from the security firm Malwarebytes. The company says that scammers typically cycle through the advertising accounts used for malvertising quickly, and 77 percent of the accounts are only used once. The bulk of the activity, though, traces back to South Asia and Southeast Asia, Malwarebytes says, with 90 percent of the ad fraud coming from Pakistan and Vietnam, according to the researchers’ telemetry. But as with many components of the digital crime ecosystem, malvertising is often offered as a service where cybercriminals from around the world can purchase ads that distribute their malware or lead potential victims to a malicious website of their choosing. Continue reading “Malicious Ads in Search Results Are Driving New Generations of Scams”
source: techradar.com (contributed by Steve Page) | image: pixabay.com
The US Department of Justice has issued a final rule on Executive Order 14117, which President Joe Biden signed in February 2024, preventing the movement of US citizens’ data to a number of “countries of concern”.
The list of countries consists of China (including Hong Kong and Macau), Cuba, Iran, North Korea, Russia, and Venezuela, all of which the DoJ says have “engaged in a long-term pattern or serious instances of conduct significantly adverse to the national security of the United States or the security and safety of U.S. persons.” Continue reading “US government says companies are no longer allowed to send bulk data to these nations”
source: forbes.com (contributed by Artemus founder, Bob Wallace) | image: fbi.gov
Update, Dec. 07, 2024: This story, originally published Dec. 05, now includes details of innovative technological solutions for smartphone users looking to protect themselves from the kinds of AI-generated scams the FBI has warned about. An update on Dec. 06 added details on reporting smartphone crime to the FBI along with additional input from security experts.
The use of AI in smartphone cyber attacks is increasing as recent reports have revealed; from tech support scams targeting Gmail users to fraudulent gambling apps and sophisticated biometric protection-busting banking fraud to name but a few. Now the Federal Bureau of Investigations has issued a public service announcement warning of how generative AI is being used to facilitate such fraud and advising smartphone users to hang up and create a secret word to help mitigate these cyber attacks. Here’s what the FBI warned you must do.
In public service alert number I-120324-PSA, the FBI has warned of cyber attackers increasingly looking to generative AI to commit fraud on a large scale and increase the believability of their schemes. “These tools assist with content creation and can correct for human errors that might otherwise serve as warning signs of fraud,” the FBI said. Given that, as the FBI admits, it can be difficult to tell what is real and what is AI-generated today, the public service announcement serves as a warning for everyone when it comes to what to look out for and how to respond to mitigate the risk. Although not all the advice is aimed directly at smartphone users, given that this remains a primary delivery mechanism for many AI deepfake attacks, especially those using both facial and vocal cloning, it is this advice that I am focusing on.
source: forbes.com (contributed by FAN, Steve Page | image: pexels.com
Republished on December 6 as new cybersecurity regulations are proposed, and with further warnings following the FBI’s encrypted communications push.
Timing is everything. Just as Apple’s adoption of RCS had seemed to signal a return to text messaging versus the unstoppable growth of WhatsApp, then along comes a surprising new hurdle to stop that in its tracks. While messaging Android to Android or iPhone to iPhone is secure, messaging from one to the other is not.
The network cyberattacks, attributed to Salt Typhoon, a group associated with China’s Ministry of Public Security, has generated heightened concern as to the vulnerabilities within critical U.S. communication networks. The reality is different. Without fully end-to-end encrypted messaging and calls, there has always been a potential for content to be intercepted. That’s the entire reason Apple, Google and Meta advise its use, highlighting the fact that even they can’t see content. Continue reading “FBI Warns iPhone And Android Users—Stop Sending Texts”
source: fastcompany.com | image: pixabay.com
It’s been a couple of years since Apple, Google, and Microsoft started trying to kill the password, and its demise seems more likely than ever.
In 2022, all three companies embraced an alternative called passkeys, which sync securely between your devices and are protected by face recognition, a fingerprint, or a PIN. The thinking goes that if you don’t have to remember a password—or even create one in a password manager—you’re less likely to fall prey to phishing scams. And if websites don’t have to store their customers’ passwords anymore, security breaches won’t be as disastrous. Continue reading “Say Goodbye to Passwords”
source: nicenews.com | image: unsplash.com
You might soon hear your cab driver say: “Clear skies ahead and ready for takeoff.” Air taxis, along with other electric-powered aircrafts, are closer than ever to getting permission to fly.
Last week, the Federal Aviation Administration published a much-anticipated 880-page document on the final regulations for pilot training and operating requirements for “powered-lift” vehicles. That means an aircraft designed to take off and land vertically like a helicopter (or the DeLorean time machine from Back to the Future), but with fixed wings like a plane, per The Verge.
“Powered lift aircraft are the first new category of aircraft in nearly 80 years,” FAA Administrator Mike Whitaker said in a statement, calling the new ruling “historic.” According to the agency, the vehicles can be used for cargo delivery, emergency rescue efforts, and simply taxiing people from point A to point B. While the rules aim to maintain safety and rigor, they also seek to address the realities of this nascent industry without setting overly strict standards.
No air taxi company is currently certified for commercial operations, but some startups, like Joby Aviation and Archer, are in the process of making our sci-fi dreams a reality. Watch Joby’s aircraft fly over New York City last year.
source: technewsworld.com | image: pexels.com
Ransomware attacks have shown signs of decreasing in recent months. Yet they still pose enough threat for organizations to rethink whether a successful breach of their computers justifies paying a ransom demand in hopes attackers will not divulge their stolen content.
According to the NCC Group Threat Pulse Report released in May, the ransomware landscape remains turbulent despite fewer reported incidents since April. Industrials (34%) and Consumer Cyclicals (18%) remained the first and second-most targeted sectors.
There has been a significant shake-up among the top 10 ransomware actors since April. Hunters, one of the leading bad actors, moved from eighth to the second most active threat actor. It launched 61% more ransomware attacks in April than in March. RansomHub replaced RA Group in third place and saw a 42% increase in attacks over March.
The policy of not paying ransom, often called a “no concessions” policy, is a widely debated strategy in counterterrorism and hostage situations. Its effectiveness continues to be argued from multiple perspectives. Cybersecurity experts apply the same reasoning when deciding whether to make or not make ransomware payments. Continue reading “Experts Weigh In on Refusing or Paying After a Ransomware Attack”
source: darkreading.com | image: pexels.com
Cyber-threat actors have ramped up their targeting of the 2024 US electionswith a flood of malicious activity expected to peak over the next month, aimed at causing disruption to voters and the election process and requiring increased vigilance on the part of stakeholders.
Specifically, attackers have bolstered election-related threat activity since the beginning of the year with an increase in the sale of phishing kits targeting US voters and campaign donors; the registration of more than 1,000 domains aimed at exploiting election-related content for malicious purposes; and increased ransomware activity targeting government entities, according to research from FortiGuard Labs Threat Research released today.
Since the inception of Internet-related threats, cyber-threat actors have typically increased malicious activity ahead of elections, notes Derek Manky, chief security strategist and vice president of global threat intelligence at Fortinet. However, they aim to be especially disruptive during the current election cycle, requiring that all stakeholders be prepared to fend off malicious actors in the upcoming weeks to protect election outcomes. Continue reading “Cyberattackers Unleash Flood of Potentially Disruptive Election-Related Activity”