Security News > 2024 > March

Threat actors have been leveraging fake websites advertising popular video conferencing software such as Google Meet, Skype, and Zoom to deliver a variety of malware targeting both Android and...

A group of US lawmakers introduced legislation on Tuesday that, if passed, would force Chinese internet concern ByteDance to divest TikTok - its most valuable property - or see it banned in the US. The bill is titled the Protecting Americans from Foreign Adversary Controlled Applications Act. Although the lawmakers - from The House Select Committee on the CCP with support from the Energy and Commerce Committee - seem hellbent on targeting TikTok, the bill also creates a process for the US president to designate other foreign adversary-controlled social media applications as national security risks.

The report surveyed 150 IT security and data science leaders to shed light on the biggest vulnerabilities impacting AI today, their implications for commercial and federal organizations, and cutting-edge advancements in security controls for AI in all its forms. This has made AI security a top priority, with 94% of IT leaders dedicating funds to safeguard their AI in 2024.

Tazama is an open-source platform focused on improving fraud management within digital payment systems. Tazama marks a substantial transformation in the approach to financial monitoring and compliance worldwide.

In this Help Net Security video, Michelle Alvarez, Strategic Threat Analysis Manager at IBM X-Force, discusses the 2024 X-Force Threat Intelligence Index, revealing top threats and trends the team observed last year across its global engagements and how these shifts are forming the threat landscape in 2024 and beyond. X-Force observed shifts toward credential-driven attacks with a 71% increase in attacks caused by using valid accounts.

Ongoing cyberattack threats impact MSPs. The threat of cyberattacks continues to weigh on MSPs and their clients. MSPs are seen as a valuable cybersecurity resource for customers, with 46% saying most of their clients turn to them for advice on cybersecurity plans and best practices.

In this piece, we'll probe a notorious ransomware gang, ShinyHunters, to shed light on cybercriminal incentives and the objectives they pursue, as well as the effects for victims - and steps your team can take to reduce risk. His role in ShinyHunters was to create specialized phishing pages masquerading as a target company's login portal to lure employees to enter their credentials.

A class action complaint [PDF], filed Tuesday in federal court for the District of Northern California, claims that "Over nearly a decade, Google has knowingly kept millions of dollars in stolen money from victims of gift card scams who purchased Google Play gift cards." Filed on behalf of Indiana resident Judy May, the suit alleges Google keeps funds from stolen Google Play gift cards - either by taking its 15-30 percent commission from payments to Google Play app developers made with fraudulently obtained gift cards, or by withholding all funds paid via scammed gift cards for its own benefit.

The US Department of Justice on Wednesday revealed an indictment that charges a former Google employee with leaking the ad giant's AI tech to two Chinese companies - after easily defeating the Big G's security controls. The indictment names Linwei Ding, aka Leon Ding, and states that during his time at Google his job involved "Development of software that allowed GPUs to function efficiently for machine learning, AI applications, or other purposes required by Google or Google Cloud clients."

Pet retail giant PetSmart is warning some customers their passwords were reset due to an ongoing credential stuffing attack attempting to breach accounts. In new email notifications sent to PetSmart customers first seen by DarkWebInformer, the company warns that customers are being targeted by credential stuffing attacks used to gain access to their accounts.