The Scattered Spider gang has started to steal data from software-as-a-service (SaaS) applications and establish persistence through creating new virtual machines. Also tracked as a.k.a. Octo Tempest, 0ktapus, Scatter Swine, and UNC3944, the gang typically engages in social engineering attacks that use SMS phishing, SIM swapping, and account hijacking for on-premise access. Scattered Spider is the name given…
Read More
Check out the NCSC’s call for software vendors to make their products more secure. Plus, why the Treasury Department is looking at how financial institutions are using AI. And the latest on the cybersecurity skills gap in the U.S. And much more! Dive into six things that are top of mind for the week ending…
Read More
American financial services holding company Globe Life says attackers may have accessed consumer and policyholder data after breaching one of its web portals. The incident was discovered on Thursday, June 13, while reviewing potential vulnerabilities related to access permissions and user identity management for the web portal following an inquiry from a state insurance regulator.…
Read More
Jun 14, 2024The Hacker News Data is growing faster than ever. Remember when petabytes (that’s 1,000,000 gigabytes!) were only for tech giants? Well, that’s so last decade! Today, businesses of all sizes are swimming in petabytes. But this isn’t just about storage anymore. This data is ALIVE—it’s constantly accessed, analyzed, shared, and even used to…
Read More
Jun 14, 2024The Hacker NewsCybersecurity / Regulatory Compliance As cyber threats loom large and data breaches continue to pose increasingly significant risks. Organizations and industries that handle sensitive information and valuable assets make prime targets for cybercriminals seeking financial gain or strategic advantage. Which is why many highly regulated sectors, from finance to utilities, are…
Read MoreDemo of AES GCM Misuse Problems This is really neat demo of the security problems arising from reusing nonces with a symmetric cipher in GCM mode. Tags: AES, algorithms, cryptanalysis, encryption Posted on June 14, 2024 at 7:05 AM • 0 Comments Sidebar photo of Bruce Schneier by Joe MacInnis. Source link lol
Read More
Jun 14, 2024NewsroomDevice Security / Authentication An analysis of a hybrid biometric access system from Chinese manufacturer ZKTeco has uncovered two dozen security flaws that could be used by attackers to defeat authentication, steal biometric data, and even deploy malicious backdoors. “By adding random user data to the database or using a fake QR code,…
Read More
Threat actors linked to North Korea have accounted for one-third of all the phishing activity targeting Brazil since 2020, as the country’s emergence as an influential power has drawn the attention of cyber espionage groups. “North Korean government-backed actors have targeted the Brazilian government and Brazil’s aerospace, technology, and financial services sectors,” Google’s Mandiant and…
Read More
ESET researchers have identified five campaigns targeting Android users with trojanized apps. Most probably carried out by the Arid Viper APT group, these campaigns started in 2022 and three of them are still ongoing at the time of the publication of this blogpost. They deploy multistage Android spyware, which we named AridSpy, that downloads first-…
Read More
Deepfakes as credit risks It’s not just cybersecurity experts who are warning of the corporate risk from deepfakes. In May, credit ratings firm Moody’s issued a warning about deepfakes, saying they create new credit risks. The Moody’s report details a handful of attempted deepfake scams, including faked video calls, that have targeted the financial sector…
Read More