Security News
In this Help Net Security video, Greg Ellis, General Manager, Application Security, at Digital.ai, discusses how artificial intelligence is revolutionizing the way applications are developed and...
The research found that consumers hold nuanced perceptions regarding cybersecurity incidents and are often less aware of the role they play in maintaining cyber hygiene within a business. These findings underscore brand trust's important role in the digital landscape - with an overwhelming 75% of consumers expressing their readiness to sever ties with a brand in the aftermath of any cybersecurity issue.
Microsoft has disabled a protocol that allowed the installation of Windows apps after finding that miscreants were abusing the mechanism to install malware. The move came just before Christmas, and seemingly mimicked issues first reported in December 2021, to address a Windows AppX Installer vulnerability in which an attacker could spoof App Installer into installing malicious software.
The Twitter account of American cybersecurity firm and Google subsidiary Mandiant was hijacked earlier today to impersonate the Phantom crypto wallet and share a cryptocurrency scam. "We are aware of the incident impacting the Mandiant X account and are working to resolve the issue," a Mandiant spokesperson told BleepingComputer.
The Twitter account of American cybersecurity firm and Google subsidiary Mandiant was hijacked earlier today to impersonate the Phantom crypto wallet and share a cryptocurrency scam. "We are aware of the incident impacting the Mandiant X account and are working to resolve the issue," a Mandiant spokesperson told BleepingComputer.
One of America's biggest private freight shippers, Estes Express Lines, has told more than 20,000 customers that criminals may have stolen their personal information. "As you may be aware, on October 1, 2023, Estes discovered that an unauthorized threat actor had gained access to a portion of the Company's IT network and deployed ransomware," it said in a letter mailed to 21,184 people [PDF].
Orange Spain suffered an internet outage today after a hacker breached the company's RIPE account to misconfigure BGP routing and an RPKI configuration. "Resource Public Key Infrastructure is a cryptographic method of signing records that associate a BGP route announcement with the correct originating AS number," explains a Cloudflare article on RPKI. By enabling RPKI with a routing body such as ARIN or RIPE, a network can cryptographically certify that only routers under their control can advertise an AS number and their associated IP addresses.
A Nigerian national was arrested in Ghana and is facing charges related to business email compromise attacks that caused a charitable organization in the United States to lose more than $7.5 million. Olusegun Samson Adejorin was arrested on December 29 for defrauding two charitable organizations in Maryland and New York, according to an eight-count federal grand jury indictment in the U.S. Specifically, Adejorin faces charges for wire fraud, aggravated identity theft, and unauthorized access to a protected computer linked to attacks aimed at two Maryland-based charitable organizations, culminating in the embezzlement of $7.5 million.
Adult media giant Aylo has blocked access to many of its websites, including PornHub, to visitors from Montana and North Caroline as new age verifications laws go into effect. As of January 1st, new age verification laws went into effect in Montana and North Carolina that require adult websites to verify the age of visitors from those states.
LastPass notified customers today that they are now required to use complex master passwords with a minimum of 12 characters to increase their accounts' security. "Historically, while a 12-character master password has been LastPass' default setting since 2018, customers still had the ability to forego the recommended default settings and choose to create a master password with fewer characters, if they wished to do so," LastPass said in a new announcement today.