How to Prevent SMS Fraud
SMS message fraud, also known as smishing, is a type of phishing attack that uses text messages to trick users into clicking malicious links, revealing personal information, or downloading malware. Smishing can lead to identity theft, financial losses, or device compromise. Here are some best practices for end users to protect themselves against smishing:
The C-Suite Guide to AI Regulation under ISO/IEC 42001:2023
ISO/IEC 42001:2023 is a standard that specifies the requirements and provides guidance for establishing, implementing, maintaining and continually improving an AI (artificial intelligence) management system within the context of an organization. The standard is intended for use by any organization, regardless of size, type and nature, that provides or uses products or services that utilize […]
23andMe Updates ToS to Prevent Lawsuits
Genetic testing provider 23andMe is facing legal troubles after a data breach that exposed the personal information of millions of its customers. The company has recently changed its Terms of Use to make it more difficult for customers to sue them, but experts say this may not be enough to protect them from liability. The […]
Zoom Exploit for Account Takeover Explained
A bug hunter team revealed this week that they had discovered a Zoom flaw that could allow hackers to take over service accounts that belong to Zoom Rooms, a feature that enables video conferencing between different locations. The hackers could then access potentially sensitive information from the victim’s organization, such as team chat messages, whiteboards, […]
Read This if You Run an IT Helpdesk this Holiday Season
The holiday season is, unfortunately, a time of increased risk and vulnerability for businesses and organizations. Cyberattacks tend to spike during the holidays, as hackers take advantage of the reduced security measures, increased online activity, and heightened pressure that characterize this period. Service desks are prime targets for hackers. Why? Consumer Online Spending Increases People […]
North Korea’s Military is 45% Funded by Stolen Crypto
Cryptocurrency theft is one of Pyongyang’s regime’s most significant income streams, notably earmarked for financing military and weapon development programs. According to a UN panel of experts, money raised by North Korea’s criminal cyber operations are helping to fund the country’s illicit ballistic missile and nuclear programs. Since 2017, North Korea has significantly increased its […]
SIM Swapper in LA Makes $740k Hijacking 2FA Cell Phone Numbers
The U.S. Department of Justice announced that Golshan deliberately ran various online scams and hacked into hundreds of victims’ digital accounts, such as social media, Zelle, and Apple support, from April 2019 to February 2023. His whole scheme cost hundreds of victims around $740,000 in losses over several years. Golshan used VPN tools and multiple […]
USA and 15 Nations Agree on AI Security Standards
AI security guidelines developed by the United States’ Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) were published Monday with endorsements from 16 other nations. The 20-page document was written in cooperation with experts from Google, Amazon, OpenAI, Microsoft and more, and is the first of its kind […]
Microsoft Depreciates Application Guard for Office, Moves to Defender for Endpoint
Microsoft has announced that it is deprecating a security feature called Application Guard for Office, which was designed to protect users from opening potentially harmful files downloaded from untrusted sources. This feature, which was available for Word, Excel, and PowerPoint for Microsoft 365 Apps on Windows 10 and Windows 11 Enterprise editions, used hardware-based virtualization […]
North Korea Injects Malware in Supply Chain Attack, Again
According to Microsoft, a North Korean threat group known as Diamond Sleet (Zinc) hacked into CyberLink’s (a Taiwanese software company that develops multimedia software, such as PowerDVD, and AI facial recognition technology²) systems and modified a legitimate application installer to include malicious code². This code was designed to download, decrypt and load a second-stage payload, […]