Breaking News

FIND INFORMATION ABOUT THE LATEST ADVANCES IN TECHNOLOGY & NEWS RELATED TO CYBERSECURITY & ARTIFICIAL INTELLIGENCE (AI)

North Korean Hacker Accidentally Hired by Security Firm

KnowBe4, a security firm recently hired a software engineer for its internal AI team that turned out to be a North Korean threat actor, who immediately began loading malware to his company-issued workstation. Although his checks came back clean, the company later realized that he was using a stolen identity and that his photo was AI-enhanced. An FBI investigation is still ongoing.
Read more on Dark Reading

                                                                                                                                        Image sourced from Cyber Daily

Attackers are now able to Bypass ‘Windows Hello’ Authentication

Security researchers have found a downgrade vulnerability in Microsoft's Windows Hello for Business (WHfB) which is phishing-resistant by default. However, this flaw allows attackers to bypass the authentication. A red team security researcher at Accenture, Yehuda Smirnov, made the discovery last year and reported it to Microsoft who then made a fix available.
Read More on Dark Reading

Claudette McGowan Raises $10M For VC-backed Cybersecurity Firm

Claudette McGowan has a lot of experience in the technology industry designing new approaches to handle services. Her latest venture Protexxa, a Cybersecurity firm, has just raised $10 million dollars. They aim to solve cybersecurity issues by using AI their "Protexxa Defender" identifies, and evaluates the human elements that result in 90 per cent of cyber attacks, the company says.
Read More on National Post

Cybersecurity Firm Rejects $23 Billion Google Takeover

An Israeli cybersecurity firm, Wiz, rejected a $23 billion acquisition offer from Google. The cybersecurity firm is instead seeking to reach $1 billion in revenue before their IPO. If Wiz had taken up the offer, it would have been Google's largest ever acquisition.
Read More on BBC

CrowdStrike Outage Sparks Global Chaos with Airline, Bank, and other Disruptions

IT outages have been causing over 1,000 flight cancelations and stalling internal and external systems in hospitals, banks, stock exchanges, and other institutions, as some Microsoft-based computers malfunctioned.
Read More on ABC News

Rite Aid Ransomware Attack Impacts 2.2M People

Hackers impersonated a Rite Aid employee and stole sensitive customer information, and the hackers are threatening to leak this data if Rite Aid does not pay a ransom within the next few days. Though no SSN, financial, or patient information was impacted, the ransomware group has obtained near 10 GB of customer data, including addresses, identification document numbers, etc.
Read More on SecurityWeek

AT&T Data Breach Exposes Records of Customers From 2022

AT&T announced that a data breach from April earlier this year revealed the data of "nearly all" of its customers over a 6 month period in 2022. At least one cybercriminal behind the attack has been arrested by the FBI.
Read More on TechCrunch

Palo Alto Networks Patches Critical Flaw

Palo Alto Networks released updates to patch 5 flaws in its Expedition Migration tool. The vulnerability with a 9.3 CVSS score has missing authentication which could lead to a hijacking of the admin account.
Read More on The Hacker News

Hacker Uploads 10 Billion Passwords to a Crime Forum

After going by the name of 'ObamaCare', a hacker was able to post a database that allegedly contains near 10 billion unique passwords. These passwords were collected from multiple hacks and data breaches across many years.
Read More on Forbes

Supreme Court Ruling Threatens the Framework of Cybersecurity Regulation

The Supreme Court has struck down a legal principle called the Chevron Doctrine which allows federal agencies to interpret ambiguities in the law. Since most US cybersecurity regulation is delivered through federal agencies rather than directly from Congress, the enforcement of cyber regulation will now be affected.
Read More on SecurityWeek

NIST 2.0 — Why should you be excited?

The National Institute of Standards and Technology (NIST) issued version 2.0 of its Cybersecurity Framework (CSF). This NIST standard highlights the supply chain & the vital role the C-suite plays in cybersecurity.
Listen More on Cybersecurity Simplified

A Hacker Stole OpenAI's Internal Secrets

In early 2023, a hacker was able to access the internal messaging systems of OpenAI and stole information regarding the design of the company's AI technologies. Since no partners or customers information was stolen, the company did not share the news publicly. Now, however, new fears have raised about whether foreign adversaries could steal AI technology that could eventually endanger U.S. national security.
Read More at The New York Times
Developer of the long-standing Authy, Twilio, has confirmed in a blog post that it was hacked. They haven't confirmed the number of users affected, but have confirmed that leaked data was limited to phone numbers. They say that Authy accounts were not accessed by the threat actors.
Read More on Apple Insider

MFA Authenticator App Authy has been Updated Following a Hack

Patelco Credit Union Suffers From a Ransomware Attack

Patelco Credit Union was hit by a ransomware attack causing many of their banking systems to be shut down. Lacking transparency about the incident with their users, many customers are unsure whether the issue will be resolved in a few days or a few weeks.
Read More on Kron4

MFA Failures are Fueling a 500% Surge in Ransomware Losses

Multi-Factor Authentication (MFA) is now proving not adequate enough against cyberattacks in the modern day. According to Sophos, average ransom payment has increased by 500% with organizations paying ransoms averaging $2 million.
Read More on The Hacker News

OpenSSH Vulnerability Affects Linux Systems

A critical security flaw, named regreSSHion, has the potential to result in unauthenticated remote code execution (RCE) with root privileges in Linux systems. OpenSSH maintainers have released a few security updates to contain the flaw. Make sure to update all Linux systems immediately!
Read More on The Hacker News

Microsoft Informs Customers that Russian Hackers Spied on Emails

Hackers from Russia have broken into Microsoft's systems where they spied on Microsoft employees' inboxes. The Russian hackers also acquired emails of Microsoft's customers. This breach comes at a time where Microsoft continues to face scrutiny over the security of its systems. government emails. Microsoft says the hackers targeted their cybersecurity professionals who had been investigating the Russian hacking group's actions.
Read More on Reuters

Android Trojan Targets Banking Users in Seven Countries

An updated version of an Android trojan called Medusa has been targeting banking users in Canada, France, Italy, Spain, Turkey, the U.K., and the U.S. It allows attackers to use overlay attacks to steal banking credentials.
Read More on The Hacker News

CISA Confirms Cyberattack on Critical Chemical Security Tool

U.S. cyber defense agency confirmed Monday that one of its critical tools containing private sector chemical security plans was the target of a January cyberattack. The cybersecurity intrusion affected the agency's Chemical Security Assessment Tool. The agency "found no evidence of exfiltration of data" but warned the hackers may have accessed "top-screen surveys, security vulnerability assessments, site security plans, personnel surety program submissions and CSAT user accounts."
Read More on Gov Info Security

Demand for Better Cybersecurity Fuels a Blooming Job Market

With the number of cyberattacks doubling in the past five years, the demand for cybersecurity specialists has increased. Many universities and colleges have expanded their computer science programs to include cybersecurity so students can learn the technical skills that are needed.
Read More on The Washington Post

Proud Member of:

(925) 426-2322 | 6601 Owens Drive Suite 105, Pleasanton CA 94588

Copyright © 2024 California Business Technology®, Inc.

Please visit our new AI news page: https://cbt.ai