Microsoft revealed that it’s placing the AI-powered Copilot+ feature for PCs on hold due to critical safety concerns.
“We are adjusting the release model for Recall to leverage the expertise of the Windows Insider community to ensure the experience meets our high standards for quality and security,” Microsoft said in an update.
Microsoft is accused of failing to implement some basic security controls on its hugely popular Visual Studio Code (VSCode) extensions marketplace. An open letter from independent researchers published on Medium reports “an incredible number of security design flaws implemented by Microsoft that provide amazing ways for threat actors to gain credibility and access.”
The researchers say the biggest security design flaw with VSCode extensions is the lack of any permission model. For example, a theme extension that should only change the colors of the user’s integrated development environment (IDE) may execute code and read or write files without any visibility or explicit authorization from the user. The researchers have also published research evidencing the security flaws highlighted in the open letter.
The U.S. Government launched a manhunt for the LockBit ransomware mastermind, Dmitry Yuryevich Khoroshev, for a bounty worth $10M.
According to the Justice Department, LockBit is suspected to be behind attacks in almost 120 countries that have extorted nearly $1 billion.
According to a report from Mailtrack, Meta, the IRS, Apple, and Amazon are among the top impersonated American brands.
Mailtrack’s report also outlined the top impersonated non-American brands, such as Japanese au by KDDI, JR East, Aeon, and JCB. It was based on an analysis of more than 1.14 million phishing scam reports listed on PhishTank.
SlashNext’s report revealed a 341% increase in malicious phishing links, business email compromise (BEC), Quishing, and attachment-based threats in the past six months.
“The State of Phishing 2024” report also states that malicious email and messaging threats have increased by 856% over the past 12 months, amplified by the emergence of generative AI.
Boeing made a significant disclosure: The LockBit ransomware group targeted the company, which demanded a staggering $200M extortion payment.
Boeing did not pay LockBit a ransom despite 43 GB of company data leaked on the ransomware group’s website in November 2023. Boeing is now in contact with the FBI to mitigate the breach.
Cybercriminals are getting greedier. According to Google subsidiary Mandiant’s M-Trends 2024 Special Report, the proportion of financially motivated intrusions grew from more than a quarter of all investigations (26 percent) in 2022 to over a third (36 percent) in 2023.
Ransomware-related intrusions represented almost two-thirds of financially motivated intrusions and 23 percent of all 2023 intrusions; the remaining financially motivated intrusions included business email compromise (BEC) fraud and cryptocurrency theft. In 70 percent of cases, organizations learned of ransomware-related intrusions from external sources. In three-quarters of those cases, organizations were notified of a ransomware incident by an attacker ransom message. The remaining quarter came from external partners, such as law enforcement or cybersecurity companies.
“This is consistent with the extortion business model in which attackers intentionally and abruptly notify organizations of a ransomware intrusion and demand payment,” says Mandiant.
Kaspersky reported on their discovery of the cyber campaign labeled “DuneQuixote,” which targets Middle Eastern government agencies through a sophisticated backdoor to spread malware.
The backdoor, “CR4T,” is a C/C++-based memory-only implant that enables threat actors to access consoles for command-line execution. This can lead to uploading and downloading illicit files onto affected systems.
Stemming from a breach earlier this year only affecting 15k Roku accounts, a second breach sees heavier implications, affecting over half a million of the company’s subscribers.
Roku claims that the hackers did not gain access to any financially sensitive customer information and assures that refunds would be made for unauthorized account purchases. For further security measures, Roku also enables a two-factor authentication for all accounts.
The US Department of Health and Human Services (HHS) reported that they fell victim to a social engineering scam over the phone, imitating HHS’ financial department, convincing them to hand over ID verification details.
The threat actors, aside from imitating HHS’ financial department, pulled the attack off by using local area codes and AI voice-changing technology to disguise themselves. The surrendered information could lead to threat actors bypassing multifactor authentication (MFA) security.
According to a report released by the Cloud Security Alliance and Google Cloud, 55% of all organizations plan to use AI to boost security by 2025.
The “State of AI and Security Survey Report,” also found that 67% of organizations already tested and are pleased with AI-backed security capabilities.
AT&T sent out a mass announcement to its customers, informing them that a dataset containing sensitive data from 7.6M current users and 65.4M former users is for sale on the dark web.
To mitigate the breach, AT&T reset the passcodes of all its current users and will constantly communicate with customers to further protect accounts.
Following the US-led sanctions on Chinese individuals behind the Chinese APT31 group, the Police of Finland formally accused the group of hacking Finland’s parliament in 2020.
The country’s law enforcement confirmed the connections between the breach and the Chinese group, claiming to have identified one specific suspect.
Stanford University announced that the personal information of 27,000 individuals was stolen as a result of a September 2023 ransomware attack.
The University also disclosed that only one system was breached, namely the “Department of Public Safety” network. The data included biometric data, dates of birth, social security numbers, government IDs, passport numbers, and driver’s license numbers.
Cybersecurity and Infrastructure Security Agency (CISA) confirmed that two of its systems were voluntarily shut down due to a breach stemming from Ivanti vulnerabilities last month.
Despite the successful attack mitigation, CISA claims to upgrade and modernize its systems to avoid breaches of this nature in the future.
American Express released a notification to its customers, informing them of a third-party data breach, placing ‘some’ customer information at risk.
Despite the breach, American Express ensured that its systems remain secure, is taking measures to address the issue, and will constantly monitor the integrity of its accounts for fraudulent activity.
Following actions taken against the infamous BlackCat ransomware group in December by the US Federal Bureau of Investigation (FBI), the cybercriminal gang has warned it is taking off the gloves in its fight with law enforcement. BlackCat previously took pride in regularly announcing that it does not encourage or support affiliates who target crucial sectors such as healthcare. But this approach has changed radically since the end of 2023.
“Since mid-December 2023, of the nearly 70 leaked victims, the healthcare sector has been the most commonly victimized. This is likely in response to the ALPHV Blackcat administrator’s post encouraging its affiliates to target hospitals after operational action against the group and its infrastructure in early December 2023,” said the FBI.
A Viakoo survey unveiled that 50% of respondents experienced IoT cyber incidents in 2023.
Among those IoT cyber incidents, 44% were reported to be ‘severe’, while 22% were labeled as ‘threatening’.
As part of the US Biden-Harris administration’s “Investing in America” agenda, the US energy sector received a $45M investment to bolster the sector’s cybersecurity infrastructure.
The announcement strengthens the US government’s initiatives to boost cybersecurity efforts for critical infrastructure, in light of attacks on US critical infrastructure.
The concern of official cyber scam warnings potentially being ineffective was raised by cybersecurity firms, Praxis Labs, eSentire, stemming from Dubai and Ghana cyber and law enforcement agency reports.
After multiple cyber scam warnings issued by the Dubai Police and the Cyber Security Authority of Ghana, reports of victims continuously poured in for these “search engine scams”. Following the incidents, researchers at Praxis Labs and eSentire released statements on human behavior corresponding to cyber, by being on “default mode” and for search engines, the issuance of “implicit trust”.
According to Truecaller, US consumers were faced with two billion spam calls per month.
Truecaller’s Monthly US Spam and Scam Report also unveiled that around 195 million hours were wasted by answering these scam calls. The goal of these scam calls is to carry out credit card fraud, identity theft, and sensitive data collection.
In preparation for the 2024 elections, the European Parliament’s services, the European Commission, and the EU Agency for Cybersecurity conducted a cybersecurity exercise. The drill, held in the European Parliament, involved national and EU partners testing crisis plans and responses to potential cybersecurity incidents. Representatives from electoral and cybersecurity authorities participated, aiming to enhance their capacity to address cybersecurity issues and update protocols for securing election technology.
The exercise addressed risks such as information manipulation and cyber-attacks, crucial for safeguarding the integrity of the upcoming European Parliament election scheduled for June 6-9, 2024.
UK Finance has reported a significant increase in authorized push payment (APP) fraud in the first half of 2023.
APP fraud refers to threat actors practicing identity fraud to trick victims into sending money to bank accounts under their control.
In today’s roundup; FIN8 threat actors exploit gateway risk, the University of Michigan’s cyber attack, and the FBI taking down the Qakbot offender.
US intelligence agencies and the US Air Force issued a joint advisory warning space innovation and assets are now prime targets for cyber-espionage.
admin
