Security News

The financially motivated threat actor FIN7 targeted a large U.S. car maker with spear-phishing emails for employees in the IT department to infect systems with the Anunak backdoor. BlackBerry attributed the attacks to FIN7 with a high level of confidence based on the use of unique PowerShell scripts using the adversary's signature 'PowerTrash' obfuscated shellcode invoker, first seen in a 2022 campaign.

Impersonation scams in the U.S. exceeded $1.1 billion in losses last year, according to statistics collected by the Federal Trade Commission, a figure that is three times higher than in 2020. The agency compiled this data based on 490,000 reported scams in 2023.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

The US House of Representatives has passed a bill that would prohibit data brokers from selling Americans' data to foreign adversaries with an unusual degree of bipartisan support: It passed without a single opposing vote. The Protecting Americans' Data from Foreign Adversaries Act of 2024 was introduced in the house earlier this month alongside the recently-passed TikTok ban bill and gives the Federal Trade Commission authority to go after any data broker that sells PII to North Korea, Russia, China or Iran, or any company controlled by those countries.

The U.S. has imposed sanctions on two individuals and five entities linked to the development and distribution of the Predator commercial spyware used to target Americans, including government officials and journalists. "Today, the Department of the Treasury's Office of Foreign Assets Control designated two individuals and five entities associated with the Intellexa Consortium for their role in developing, operating, and distributing commercial spyware technology used to target Americans, including U.S. government officials, journalists, and policy experts," reads a press release by the Office of Foreign Assets Control.

A security failure at a third-party vendor exposed an untold number of American Express card numbers, expiry dates, and other data to persons unknown. "We became aware that a third-party service provider engaged by numerous merchants experienced unauthorized access to its system," Amex chief privacy officer Anneke Covell wrote in a letter [PDF] to customers at the end of last month, alerting them to the snafu.

American Express is warning customers that credit cards were exposed in a third-party data breach after a merchant processor was hacked. This incident was not caused by a data breach at American Express, but rather at a merchant processor in which American Express Card member data was processed.

American Express is warning customers that credit cards were exposed in a third-party data breach after one of its service providers was hacked. In a data breach notification filed with the state of Massachusetts, American Express said that the breach occurred at one of its service providers used by their travel services division, American Express Travel Related Services Company.

US President Joe Biden is expected to sign an executive order today that aims to prevent the sale or transfer of Americans' sensitive personal information and government-related data to adversarial countries including China and Russia. In addition to the executive order, the White House will propose regulations that prohibit companies from directly or indirectly transferring large amounts of certain types of data to so-called "Countries of concern" - China, Russia, North Korea, Iran, Cuba, and Venezuela - according to a senior administration official.

The U.S. Federal Trade Commission says Americans lost over $10 billion to scammers in 2023, marking a 14% increase in reported losses compared to the previous year. Imposter scams emerged as the most frequently reported fraud category, with notable upticks in business and government impersonation reports.