The latest evolution in social engineering could put fraudsters in a position to commit insider threats. Security experts are on the alert for the next evolution of social engineering in business settings: deepfake employment interviews. The latest trend offers a glimpse into the future arsenal of criminals who use convincing, faked personae against business users to steal data and commit fraud. READ MORE...
Hundreds of thousands of people who follow the official social media accounts of the British Army may have been surprised to see that it had been hijacked by hackers yesterday. Although many might have imagined those responsible for the hack might have been a foreign state's cyberwarfare unit, the perpetrators appear to have been scammers exploiting interest in non-fungible tokens (NFTs). READ MORE...
A HackerOne employee stole vulnerability reports submitted through the bug bounty platform and disclosed them to affected customers to claim financial rewards. The rogue worker had contacted about half a dozen HackerOne customers and collected bounties "in a handful of disclosures," the company said on Friday. HackerOne is a platform for coordinating vulnerability disclosures and intermediating monetary rewards for the bug hunter submitting the security reports. READ MORE...
With an unprecedented number of employees now working in hybrid or fully remote environments, compounded by an increase in cyber threats and a more overwhelmed, COVID-19 information fatigued workforce, there has never been a more critical time to effectively create and maintain a cyber-secure workforce and an engaged security culture. "People have become the primary attack vector for cyber-attackers around the world," said Lance Spitzner, SANS Security Awareness Director. READ MORE...
While many expected - or at least hoped - that the 4th of July would be quiet on the cybersecurity front, Google on Monday announced the release of an emergency Chrome update that patches an actively exploited zero-day vulnerability. The flaw, tracked as CVE-2022-2294, has been described as a heap buffer overflow in WebRTC. The security hole was reported to Google by a member of the Avast Threat Intelligence team on July 1. READ MORE...
Even as more attacks target humans, lack of dedicated staff, relevant skills, and time are making it harder to develop a security-aware and engaged workforce, SANS says. The increasingly complex threat landscape and the porous IT environment - driven by the shift to permanent remote/hybrid work and digital transformation - make the need for a security-aware workforce and healthy security culture more critical than ever. Enterprise defenders say that phishing and social-engineering attacks, ransomware, and business email compromise (BEC) are among their biggest day-to-day headaches. READ MORE...
Android malware developers are stepping up their billing fraud game with apps that disable Wi-Fi connections, surreptitiously subscribe users to pricey wireless services, and intercept text messages, all in a bid to collect hefty fees from unsuspecting users, Microsoft said on Friday. This threat class has been a fact of life on the Android platform for years, as exemplified by a family of malware known as Joker, which has infected millions of phones since 2016. Despite awareness of the problem, little attention has been paid to the techniques that such "toll fraud" malware uses. READ MORE...