David
Microsoft Pauses AI Copilot+ Feature Rollout Due to Safety Concerns – June 14th
Microsoft revealed that it's placing the AI-powered Copilot+ feature for PCs on hold due to critical safety concerns. "We are adjusting the release model for Recall to leverage the expertise of the Windows Insider community to ensure the experience meets our high standards for quality and security," Microsoft said in an update.
64% to Look for New Cybersecurity Jobs in the Next 12 Months – June 13th
According to a new Bitdefender survey, 64% of cybersecurity professionals are considering a shift to a new job in the sector within the next 12 months. The 2024 Cybersecurity Assessment Report also discovered that 57% of respondents experienced a data breach in the last 12 months, mainly in the UK, Germany, and Singapore.
Adobe Applies Patches to Critical Flaws – June 12th
Yesterday, June 11th, Adobe announced that they rolled out security patches for 6 critical vulnerabilities affecting Adobe After Effects, Photoshop, and Illustrator. According to Adobe, the vulnerabilities could have led to successful arbitrary code execution and/or memory leaks in the current user's context.
Microsoft Helping US Hospitals from Cyber Attacks – June 11th
Microsoft announced the launch of its new cybersecurity program to support hospitals in rural America from cyber attacks. Microsoft's new security suite and cyber training offering will provide nonprofit pricing and discounts to critical access hospitals and rural emergency hospitals.
$10M Reward for LockBit Mastermind – June 10th
The U.S. Government launched a manhunt for the LockBit ransomware mastermind, Dmitry Yuryevich Khoroshev, for a bounty worth $10M. According to the Justice Department, LockBit is suspected to be behind attacks in almost 120 countries that have extorted nearly $1 billion.
Meta, IRS, Apple, and Amazon Among Impersonated Brands – June 7th
According to a report from Mailtrack, Meta, the IRS, Apple, and Amazon are among the top impersonated American brands. Mailtrack's report also outlined the top impersonated non-American brands, such as Japanese au by KDDI, JR East, Aeon, and JCB. It was based on an analysis of more than 1.14 million phishing scam reports listed on PhishTank.
Bangladeshi Police Officer Caught Selling Citizen Data on Telegram – June 6th
In late April, the Brigadier General of Bandladesh's NTMC announced that two police officers had been caught selling citizen data on Telegram. Bangladeshi officials said the data allegedly sold included national identity details of citizens, cell phone call records, and other “classified secret information.”
TikTok Confirms Account Hack Targeting CNN – June 5th
In a public statement, Alex Haurek, TikTok's spokesperson, announced the hack on CNN's TikTok account, among other high-profile accounts. "We have taken measures to stop this attack and prevent it from happening in the future. We're working directly with affected account owners to restore access if needed," he added.
Cox Communications Patched Flaw that Placed Millions at Risk – June 4th
Cox Communications fixed an authorization bypass vulnerability that could have enabled threat actors to abuse backend APIs to reset millions of modems and steal customer data. Discovered by Sam Curry, the exploit gave a similar set of permissions as the ISP tech support.
Law Enforcement Ramp-Up Efforts to Capture ‘Emotet’ Mastermind – June 3rd
The law enforcement agencies behind Operation Endgame are seeking information about Odd, who is allegedly behind the ‘Emotet’ malware. Initially a banking trojan, the 'Emotet' malware evolved into a tool that delivers an array of payloads, including TrickBot, IcedID, QakBot, and others.
Ticketmaster Breach Data Posted on New BreachForums – May 31st
The 'ShinyHunters' threat actor group posted data from a Ticketmaster data breach, potentially belonging to 560M users, asking for $500K in exchange for the data. Analysts at Vx-Underground analyzed a sample of the Ticketmaster data and determined that the data was authentic, containing entries dating back to 2011.
Officials Take Down the “911 S5 botnet” – May 30th
A US-led law enforcement sting operation against the global '911 S5 botnet' network was a major success. The 911 S5 botnet network of millions of compromised Windows computers was used to facilitate cyber-attacks, fraud, and child exploitation, among other illicit activities.
34% of Organizations Lack Cloud Cybersecurity Skills – May 29th
According to a Cado Security report, 34% of organizations lack cloud cybersecurity skills. The report also discloses that 23% of cloud alerts remain uninvestigated due to various challenges and complexities.
Chinese Hackers Using ORB Networks to Evade Detection – May 23rd
Mandiant revealed that Chinese-linked state-backed hackers rely on operational relay box (ORBs) network proxy meshes to avoid detection for cyber espionage campaigns. For example, Mandiant pointed out that these advanced persistent threat actors (APTs) used ORBs for the 'SPACEHOP' critical vulnerability campaign earlier this year.
341% Rise in Advanced Phishing Attacks – May 22nd
SlashNext's report revealed a 341% increase in malicious phishing links, business email compromise (BEC), Quishing, and attachment-based threats in the past six months. "The State of Phishing 2024" report also states that malicious email and messaging threats have increased by 856% over the past 12 months, amplified by the emergence of generative AI.