Criminals Use Deepfake Videos to Interview for Remote Work
The latest evolution in social engineering could put fraudsters in a position to commit insider threats. Security experts are on the alert for the next evolution of social engineering in business settings: deepfake employment interviews. The latest trend offers a glimpse into the future arsenal of criminals who use convincing, faked personae against business users to steal data and commit fraud. READ MORE...
Official British Army Twitter and YouTube accounts hijacked by NFT scammers
Hundreds of thousands of people who follow the official social media accounts of the British Army may have been surprised to see that it had been hijacked by hackers yesterday. Although many might have imagined those responsible for the hack might have been a foreign state's cyberwarfare unit, the perpetrators appear to have been scammers exploiting interest in non-fungible tokens (NFTs). READ MORE...
Rogue HackerOne employee steals bug reports to sell on the side
A HackerOne employee stole vulnerability reports submitted through the bug bounty platform and disclosed them to affected customers to claim financial rewards. The rogue worker had contacted about half a dozen HackerOne customers and collected bounties "in a handful of disclosures," the company said on Friday. HackerOne is a platform for coordinating vulnerability disclosures and intermediating monetary rewards for the bug hunter submitting the security reports. READ MORE...
People are the primary attack vector around the world
With an unprecedented number of employees now working in hybrid or fully remote environments, compounded by an increase in cyber threats and a more overwhelmed, COVID-19 information fatigued workforce, there has never been a more critical time to effectively create and maintain a cyber-secure workforce and an engaged security culture. "People have become the primary attack vector for cyber-attackers around the world," said Lance Spitzner, SANS Security Awareness Director. READ MORE...
Emergency Chrome 103 Update Patches Actively Exploited Vulnerability
While many expected - or at least hoped - that the 4th of July would be quiet on the cybersecurity front, Google on Monday announced the release of an emergency Chrome update that patches an actively exploited zero-day vulnerability. The flaw, tracked as CVE-2022-2294, has been described as a heap buffer overflow in WebRTC. The security hole was reported to Google by a member of the Avast Threat Intelligence team on July 1. READ MORE...
Time Constraints Hamper Security Awareness Programs
Even as more attacks target humans, lack of dedicated staff, relevant skills, and time are making it harder to develop a security-aware and engaged workforce, SANS says. The increasingly complex threat landscape and the porous IT environment - driven by the shift to permanent remote/hybrid work and digital transformation - make the need for a security-aware workforce and healthy security culture more critical than ever. Enterprise defenders say that phishing and social-engineering attacks, ransomware, and business email compromise (BEC) are among their biggest day-to-day headaches. READ MORE...
Billing fraud apps can disable Android Wi-Fi and intercept text messages
Android malware developers are stepping up their billing fraud game with apps that disable Wi-Fi connections, surreptitiously subscribe users to pricey wireless services, and intercept text messages, all in a bid to collect hefty fees from unsuspecting users, Microsoft said on Friday. This threat class has been a fact of life on the Android platform for years, as exemplified by a family of malware known as Joker, which has infected millions of phones since 2016. Despite awareness of the problem, little attention has been paid to the techniques that such "toll fraud" malware uses. READ MORE...
- ...in 1937, the Hormel Foods Corporation introduces Spam, which would soon become a front-line staple for Allied soldiers in World War II.
- ...in 1958, cartoonist and author Bill Watterson, creator of the beloved comic strip "Calvin & Hobbes", is born in Washington, D.C.
- ...in 1975, American professional tennis player Arthur Ashe becomes the first African American to win the Wimbledon singles title.
- ...in 1996, Dolly the sheep is born. She is the first mammal to be fully cloned from an adult cell.
