As the United States of America enters the final days of the race for the White House, the FBI has warned that fraudsters are using the presidential election campaign to scam citizens out of their savings and personal data. According to a public service announcement published by the Internet Crime Complaint Center (IC3), scammers who have previously exploited state and local elections are targeting victims across the United States in the run-up to the general election vote on November 5, 2024. READ MORE...
The Colorado Department of State said it accidentally posted a spreadsheet containing "partial passwords" for voting systems. The department said there is no "immediate security threat" because two passwords are needed for each component, but it is trying to complete password changes by the end of today. There were reportedly hundreds of BIOS passwords accessible on the website for over two months before being removed last week. READ MORE...
The United States and Israel this week published a cybersecurity advisory describing the latest activities of an Iranian threat group, including attacks targeting the recent Olympics and surveillance cameras. The FBI has been tracking this group's activities since 2020. The threat actor is known in the private sector as Cotton Sandstorm, Marnanbridge, and Haywire Kitten, but it's probably best known as Emennet Pasargad. READ MORE...
LottieFiles has confirmed that its Lottie-Player software has been compromised in a supply chain attack whose goal was to steal cryptocurrency from victims. LottieFiles' Lottie-Player is widely used for embedding and playing Lottie animations on websites. Users of Lottie-Player complained this week that their websites had been displaying a pop-up prompting visitors to connect their cryptocurrency wallet, apparently to get users to connect their crypto wallets in an attempt to drain them. READ MORE...
One of North Korea's most prominent state-sponsored threat groups has pivoted to using Play ransomware in recent attacks, signifying the first time the group has partnered up with an underground ransomware network. Worryingly, it sets the stage for future high-impact attacks, researchers surmise. According to Palo Alto Networks' Unit 42, which tracks the advanced persistent threat (APT) as Jumpy Pisces, Andariel is now working with the Play ransomware gang. READ MORE...
Georgia Secretary of State Brad Raffensperger said a video posted on X and other social media sites depicting a supposed Haitian immigrant using multiple Georgia state IDs to cast ballots is "false" and "likely foreign interference." "This is false, and is an example of targeted disinformation we've seen this election," Raffensperger said in a statement Thursday night. "It is likely foreign interference attempting to sow discord and chaos on the eve of the election." READ MORE...
In today's digital age, maintaining control over your personal information is more crucial than ever. Whether you're concerned about privacy, security, or simply want to manage your online presence, knowing how to reduce your visibility in search results can be a valuable skill. So, let's look at why you may want to reduce your digital footprint, including in Google Search, and how you can protect your data from prying eyes. READ MORE...
Security debt, defined for this report as flaws that remain unfixed for longer than a year, exists in 76% of organizations in the financial services sector, with 50% of organizations carrying critical security debt, according to Veracode. With the average cost of a data breach in the financial industry estimated to be $6.08 million, the research comes at a critical time for one of the most highly targeted industries by sophisticated threat actors. READ MORE...
Hackers are attempting to exploit two zero-day vulnerabilities in PTZOptics pan-tilt-zoom (PTZ) live streaming cameras used in industrial, healthcare, business conferences, government, and courtroom settings. In April 2024, GreyNoise discovered CVE-2024-8956 and CVE-2024-8957 after its AI-powered threat detection tool, Sift, detected unusual activity on its honeypot network that did not match any known threats. READ MORE...