Tag: google
16 Billion Passwords Breached – June 20th
The Cybernews research team discovered a record-breaking breach of over 16 billion passwords worldwide, including Facebook, Google, and Apple credentials. Cybernews states that this is new data and not merely recycled from older breaches, and the data most likely comes from a wide variety of infostealers.
UK backs AI and intelligence modernization – June 12th
The UK government has announced its plans to invest in digital and artificial intelligence (AI) in public services, including the NHS, aiming to build strong technology foundations and tackle urgent cybersecurity risks.
Deepfake Phishing Targets Trump’s Chief of Staff – May 30th
In today's daily roundup - Deepfake Phishing Targets Trump’s Chief of Staff, ConnectWise Breached by Suspected Nation-State Actor, and Unbound Security Raises $4M Seed Funding.
AI increasingly used to deliver malware
Many organizations’ ongoing enthusiasm for incorporating artificial intelligence (AI) is leaving them open to sophisticated and carefully planned cyber-attacks. Cybersecurity company Mandiant, a Google subsidiary, has issued an urgent warning for companies to be wary of downloading AI tools from unvetted websites.
Victoria’s Secret Shuts Down U.S. Website Amid Security Incident – May 29th
In today's daily roundup - Victoria's Secret website faces a security breach, SentinelOne experienced a global service disruption affecting customer-facing services, and Chinese state-sponsored group APT41 is using Google Calendar to embed malware on compromised devices
Sperm Bank Heist
Another cyber breach as potentially damaging as that of the infamous hook-up site for married users, Ashley Madison, 15 years ago has recently come to light that could have equally serious consequences. According to a notification filed this month with the California Department of Justice, the sperm bank California Cryobank reports a breach that occurred last April. Stolen files include the names, social security numbers, driver's license numbers, financial accounts, and health insurance information of many of the sperm bank donors and their recipients.
Companies must identify the value of their data
Most organizations have no clear idea of the value of the data they hold on themselves and their customers. According to technology research and consulting firm Gartner, 30 percent of chief data and analytics officers (CDAOs) say that their top challenge is the inability to measure data, analytics, and AI's impact on business outcomes. Gartner also reports that only 22 percent of organizations surveyed have defined, tracked, and communicated business impact metrics for the bulk of their data and analytics (D&A) use cases. “There is a massive value vibe around data, where many organizations talk about the value of data, desire to be data-driven, etc., but there are few who can substantiate it,” said Michael Gabbard, senior director analyst at Gartner.
2025 forecast to be boom year for cybersecurity
California-based cybersecurity goliath Palo Alto Networks has issued a bullish revenue forecast based on a perceived rising global demand for artificial intelligence (AI)-driven security products. “In Q2 [2025], our strong business performance was fuelled by customers adopting technology driven by the imperative of AI, including cloud investment and infrastructure modernization," said CEO Nikesh Arora. “Our growth across regions and demand for our platforms demonstrates our customers' confidence in our approach. It reaffirms our faith in our 2030 plans and our $15 billion next-generation technology annual recurring revenue goal.”
Healthcare cyber-attacks now “a national security threat”
Search engine giant's Google Threat Intelligence Group reports that cybercriminal and state-backed cyber-attacks on the healthcare sector in countries such as the US and UK have escalated to a level where they are actually costing lives. “Healthcare's share of posts on data leak sites has doubled over the past three years, even as the number of data leak sites tracked by Google Threat Intelligence Group has increased by nearly 50% year over year. The impact of these attacks means that they must be taken seriously as a national security threat, no matter the motivation of the actors behind it,” says Google.
MacOS users targeted by ‘infostealer’ malware
Apple computer users are suffering a growing number of ‘infostealer’ attacks across multiple regions and industries. These are a form of malicious software created to breach computer systems in order to steal sensitive information. The Palo Alto Networks Unit42 research group has detected a 101 percent increase in macOS infostealers in the last two quarters of 2024. The researchers identified three particularly prevalent macOS infostealers: Poseidon, Atomic, and Cthulhu. The developers of Atomic Stealer sell it as malware as a service (MaaS) in hacker forums and on Telegram. The Atomic Stealer operators usually distribute their malware via malvertising - the use of online advertising to spread malware. This typically involves injecting malicious or malware-laden advertisements into legitimate online advertising networks and webpages. It is capable of stealing notes and documents, browser data such as passwords, and cookies, cryptocurrency wallets, and instant messaging data. Atomic Stealer, also known as AMOS was first discovered in April 2023.
Cybercriminals Weaponize Google AI assistant
Cybercriminals have been quick to see nefarious possibilities in search engine giant Google’s new Gemini 2.0 AI assistant. According to Google’s own findings, nation-state-backed threat actors are already leveraging Gemini to accelerate their criminal campaigns. The actors are using Gemini 2.0 for “researching potential infrastructure and free hosting providers, reconnaissance on target organizations, research into vulnerabilities, payload development, and assistance with malicious scripting and evasion techniques,” says Google.
Copyright infringement scam goes global
Since July of this year, cybersecurity firm Check Point has been tracking an ingenious form of online fraud that is rapidly spreading across the US, Europe, East Asia and South America. The attackers impersonate dozens of legitimate companies, claiming the victim’s organization has infringed their copyright. Weaponized emails, which appear to come from the legal representatives of the impersonated companies, accuse the recipient of misusing their brand on the target’s social media page and requesting the removal of specific images and videos. The phishing emails are typically sent from Gmail accounts and prompt recipients to download an archive file. which then installs the latest version of the Rhadamanthys infostealer stealer (version 0.7) in order to steal critical information from the victim’s organization.