Security News
American Airlines and Southwest Airlines, two of the largest airlines in the world, disclosed data breaches on Friday caused by the hack of Pilot Credentials, a third-party vendor that manages multiple airlines' pilot applications and recruitment portals. According to breach notifications filed on Friday with Maine's Office of the Attorney General, American Airlines said the data breach affected 5745 pilots and applicants, while Southwest reported a total of 3009.
Foreign affairs ministries in the Americas have been targeted by a Chinese state-sponsored actor named Flea as part of a recent campaign that spanned from late 2022 to early 2023. The cyber attacks, per Broadcom's Symantec, involved a new backdoor codenamed Graphican.
The FBI doesn't want to lose its favorite codified way to spy, Section 702 of the US Foreign Intelligence Surveillance Act. In its latest salvo, the agency's deputy director Paul Abbate called it "Absolutely critical for the FBI to continue protecting the American people."
The American Bar Association has suffered a data breach after hackers compromised its network and gained access to older credentials for 1,466,000 members.The ABA is the largest association of lawyers and legal professionals globally, with 166,000 members as of 2022.
The U.S. Federal Trade Commission revealed today that Americans lost almost $8.8 billion to various types of scams in 2022, following a significant surge of over 30% more lost to fraud compared to the previous year. In 2021, Americans also reported losses of more than $5.8 billion to fraud, another massive increase of over 70% compared to 2020.
Microsoft on Monday attributed a China-based cyber espionage actor to a set of attacks targeting diplomatic entities in South America. The threat actor is said to use established hacking tools such as ShadowPad to infiltrate targets and maintain persistent access.
The U.S. Federal Trade Commission says Americans once again reported record losses of $1.3 billion to romance scams in 2022, with median losses of $4,400. "Last year's romance scam numbers looked a lot like 2021 all over again, and it's not a pretty picture. In 2022, nearly 70,000 people reported a romance scam, and reported losses hit a staggering $1.3 billion," the FTC said.
Computer code developed by a company called Pushwoosh is in about 8,000 Apple and Google smartphone apps. The company pretends to be American when it is actually Russian.
The Internal Revenue Service warned Americans of an exponential rise in IRS-themed text message phishing attacks trying to steal their financial and personal information in the last few weeks. Such scam texts redirect U.S. taxpayers to phishing landing pages designed to collect sensitive information using various baits.
American Airlines says its Cyber Security Response Team found out about a recently disclosed data breach from the targets of a phishing campaign that was using an employee's hacked Microsoft 365 account. The investigation also revealed the attacker accessed multiple employees' accounts and used them to send more phishing emails to targets American has not yet disclosed.