Security News > 2023 > May

Threat hunting is an essential component of your cybersecurity strategy. Whether you're getting started or in an advanced state, this article will help you ramp up your threat intelligence program.

The cybercriminals who breached Taiwanese multinational MSI last month have apparently leaked the company's private code signing keys on their dark web site. MSI is a corporation that develops and sells computers and computer hardware.

The Western Digital online store is offline as a result of the "Network security incident" it suffered in March 2023. "This information included customer names, billing and shipping addresses, email addresses and telephone numbers. In addition, the database contained, in encrypted format, hashed and salted passwords and partial credit card numbers," Western Digital informed.

An ongoing phishing campaign with invoice-themed lures is being used to distribute the SmokeLoader malware in the form of a polyglot file, according to the Computer Emergency Response Team of Ukraine. In a related advisory, Ukraine's cybersecurity authority also revealed details of destructive attacks orchestrated by a group known as UAC-0165 against public sector organizations.

E2E encryption means that only the person who stores the data should be able to read the data. Having dealt with E2E encryption of data during transit and at rest, we now turn to the more esoteric case of E2E encryption of data during computation.

In brief We'd say you'll never guess which telco admitted to a security breakdown last week, but you totally will: T-Mobile US, and for the second time this year. "The information obtained for each customer varied, but may have included full name, contact information, account number and associated phone numbers, T-Mobile account PIN, social security number, government ID, date of birth, balance due, internal codes that T-Mobile uses to service customer accounts, and the number of lines," the "Un-carrier" explained in its letter.

The rise of AI-generated identity fraud like deepfakes is alarming, with 37% of organizations experiencing voice fraud and 29% falling victim to deepfake videos, according to a survey by Regula. In this Help Net Security video, Henry Patishman, Executive VP of Identity Verification Solutions at Regula, illustrates how increasing accessibility of AI technology for creating deepfakes makes the risks mount, posing a significant challenge for businesses and individuals alike.

AI technology is fueling a rise in online voice scams, with just three seconds of audio required to clone a person's voice, according to McAfee. With 53% of adults sharing their voice data online at least once a week and 49% doing so up to 10 times a week, cloning how somebody sounds is now a powerful tool in the arsenal of a cybercriminal.

62% of business leaders cite customer retention as a top benefit of personalization, while nearly 60% say personalization is an effective strategy for acquiring new customers. To power even more sophisticated real-time customer experiences, the vast majority of businesses are turning to AI to harness high volumes of real-time data and power their personalization efforts.

Paul Cha is a cyber and product security leader, serving as the VP of Cybersecurity at LG Electronics Vehicle component Solutions. Paul started his career in cyber security work as a senior security solution development engineer, where he focused on smart appliances such as smart TVs and smartphones.