Tag: amazon
Bucket shop bargains for cybercriminals
Researchers have revealed current vulnerabilities in Amazon’s data storage services, the knock-on effect of which could potentially result in the biggest supply-chain attack in the internet’s history. In November 2024, watchTowr Labs decided to show how a significant Internet-wide supply-chain attack could be caused by abandoned infrastructure left unattended and forgotten on the internet. The researchers chose to focus on an Amazon business data storage service, known as ‘S3 buckets’.
Mercedes Benz Vulnerability Places Risk of Remote Access – January 20th
CERT-UA warns of attackers impersonating the agency via fake AnyDesk requests for "security audits." Remote access should only occur with prior approval through official channels to mitigate these risks. Amid ongoing cyberattacks linked to the Russo-Ukrainian war, over 1,042 incidents were detected in 2024, including espionage and malware campaigns by groups like Gamaredon and Sticky Werewolf. Pro-Russian and pro-Ukrainian actors continue targeting each other with phishing and credential theft efforts.
Seasonal cybercrime bonanza is under way
Cybercriminals now have an unprecedented of highly effective custom-made tools designed to defraud online retailers and shoppers during the holiday season. “As we approach the end of 2024, the upcoming holiday season and events like Thanksgiving, Black Friday, Cyber Monday, and Christmas bring millions of shoppers online with attractive discounts and limited-time offers. They also create ideal conditions for cybercriminals to exploit users and shoppers,” warns threat intelligence firm FortiGuard in its report, Threat Actor Readiness for the Upcoming Holiday Season.
Big tech goes nuclear
America’s leading technology companies are now engaged in their own nuclear power race. Advertising and search giant Google has announced that it has signed the world’s first corporate agreement to purchase nuclear energy from multiple small modular reactors (SMR), to be developed by Kairos Power. By investing in its own nuclear energy facilities, Google has now joined the ranks of Amazon, Microsoft, and Oracle in investing heavily in nuclear facilities to power the rollout of new services based around their prematurely launched artificial intelligence (AI) services. According to a recent report from US Madison Avenue investment bankers, Jeffries: “If it feels like Graphics Processing Units (GPUs) are suddenly everywhere, it’s because they are. GPUs drive computation across a wide range of industries and applications, from big data analytics to machine learning [AI].”
Musk deems “Apple Intelligence” offering insecure
Bereft of fresh ideas or new products, Apple’s main offering at its long-awaited annual Worldwide Developer's Conference in Cupertino, California, is a cobbled-together artificial intelligence (AI) offering. While AI may be Silicon Valley’s latest buzzword and marketing tool, “Apple Intelligence,” as Apple AI is branded, is already attracting heavy criticism – even from other tech giants. By pairing Microsoft-backed OpenAI’s ChatGPT with Apple’s voice-activated assistant, Siri, Apple hopes to make AI mainstream. But its critics say that all Apple has done is create a cybersecurity nightmare for corporations while sounding a death knell for the personal privacy of Apple users. "It's patently absurd that Apple isn't smart enough to make their own AI, yet is somehow capable of ensuring that OpenAI will protect your security & privacy!... Apple has no clue what's actually going on once they hand your data over to OpenAI. They're selling you down the river,” says Elon Musk, Tesla and SpaceX founder and the owner of X Corp, formerly Twitter.
Meta, IRS, Apple, and Amazon Among Impersonated Brands – June 7th
According to a report from Mailtrack, Meta, the IRS, Apple, and Amazon are among the top impersonated American brands. Mailtrack's report also outlined the top impersonated non-American brands, such as Japanese au by KDDI, JR East, Aeon, and JCB. It was based on an analysis of more than 1.14 million phishing scam reports listed on PhishTank.
JP Morgan Chase Combats 45 Billion Cyber Attacks Daily – January 18th
On Wednesday, January 17th, JPMorgan Chase's asset and wealth management division head, Mary Callahan Erdoes, said during the World Economic Forum in Davos that the firm faces a staggering 45 billion breach attempts daily. Mary explained on a panel session that they have more security engineers than Google and Amazon, out of necessity, as threat actors increasingly get "smarter, savvier, quicker, more devious and mischievous."
Cost of texting fraud rises fivefold in three years
The official cost of texting fraud in 2022 rose to $330 million, representing a fivefold increase since 2019, with an average cost of $1,000 to the victims concerned. But the US Federal Trade Commission (FTC), which issued the figures, acknowledges that this is only the tip of a gigantic cybercrime iceberg, as most phone scams go unreported.
Threat actors’ preferred names? Microsoft, Meta, and Google
Microsoft, PayPal, Facebook, Google, and Amazon are some of the world's most respected brands, but they're also the most impersonated. With 300,000 successful phishing attacks recorded last year in the US alone and 71% of organizations experiencing an attempted or actual business email compromise the issue is only getting worse.