It took two brothers who went to MIT months to plan how they were going to steal, launder and hide millions of dollars in cryptocurrency -- and only 12 seconds to actually pull off the heist.

The post Brothers Indicted for Stealing $25 Million of Ethereum in 12 Seconds appeared first on Security Boulevard.

WTH? DPRK IT WFH: Justice Department says N. Korean hackers are getting remote IT jobs, posing as Americans.

The post North Korea IT Worker Scam Brings Malware and Funds Nukes appeared first on Security Boulevard.

Source: securityboulevard.com – Author: Nathan Eddy Ransomware claims surged by 64% year-over-year, particularly among mid-market and emerging businesses. There was a sharp rise in “indirect” ransomware incidents, which grew by more than 415% compared to 2022. These were among the key findings from At-Bay’s investigation into the anatomy of ransomware attacks in the U.S. in […]

La entrada Ransomware Attacks Evolve as Average Ransom Demand Tops $1.26 Million – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Overall ransomware frequency grew by 64% in 2023, with increases in both direct and indirect ransomware. Victims paid $282,000 in ransom on average, a 77% drop in price, and half the companies avoided paying a ransom completely.

The post Ransomware Attacks Evolve as Average Ransom Demand Tops $1.26 Million appeared first on Security Boulevard.

Enlarge / Screenshot from the documentary Who Is Bobby Kennedy? (credit: whoisbobbykennedy.com)

In a lawsuit that seems determined to ignore that Section 230 exists, Robert F. Kennedy Jr. has sued Meta for allegedly shadowbanning his million-dollar documentary, Who Is Bobby Kennedy? and preventing his supporters from advocating for his presidential campaign.

According to Kennedy, Meta is colluding with the Biden administration to sway the 2024 presidential election by suppressing Kennedy's documentary and making it harder to support Kennedy's candidacy. This allegedly has caused "substantial donation losses," while also violating the free speech rights of Kennedy, his supporters, and his film's production company, AV24.

Meta had initially restricted the documentary on Facebook and Instagram but later fixed the issue after discovering that the film was mistakenly flagged by the platforms' automated spam filters.

Read 25 remaining paragraphs | Comments

Hackers can find templates for DocuSign and other companies for their phishing campaigns on dark web marketplaces for as little as $10.

The post Hackers Use Fake DocuSign Templates to Scam Organizations appeared first on Security Boulevard.

One in three office workers who use GenAI admit to sharing customer info, employee details and financial data with the platforms. Are you worried yet?

The post Risks of GenAI Rising as Employees Remain Divided About its Use in the Workplace appeared first on Security Boulevard.

VFCFinder analyzes commit histories to pinpoint the most likely commits associated with vulnerability fixes.

The post VFCFinder Highlights Security Patches in Open Source Software appeared first on Security Boulevard.

Source: securityboulevard.com – Author: Jeffrey Burt The operators behind the Ebury server-side malware botnet have been doing business since at least 2009 and, according to the threat researchers who have been tracking it for the last decade, are stronger and more active than ever. The malware has compromised at least 400,000 Linux servers over the […]

La entrada 15-Year-Old Ebury Botnet Compromised 400,000 Linux Servers – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Palo Alto Networks is acquiring the QRadar SaaS offerings from IBM, and then will migrate users to its Cortex XSIAM SOC delivered as a cloud service.

The post Palo Alto Networks and IBM Align Cybersecurity Strategies appeared first on Security Boulevard.

Enlarge (credit: Getty Images | Chesnot )

Brussels has opened an in-depth probe into Meta over concerns it is failing to do enough to protect children from becoming addicted to social media platforms such as Instagram.

The European Commission, the EU’s executive arm, announced on Thursday it would look into whether the Silicon Valley giant’s apps were reinforcing “rabbit hole” effects, where users get drawn ever deeper into online feeds and topics.

EU investigators will also look into whether Meta, which owns Facebook and Instagram, is complying with legal obligations to provide appropriate age-verification tools to prevent children from accessing inappropriate content.

Read 12 remaining paragraphs | Comments

The operators behind the Ebury server-side malware botnet have been doing business since at least 2009 and, according to the threat researchers who have been tracking it for the last decade, are stronger and more active than ever. The malware has compromised at least 400,000 Linux servers over the past 15 years, with about 100,000..

The post 15-Year-Old Ebury Botnet Compromised 400,000 Linux Servers appeared first on Security Boulevard.

Phish Ahoy! Hacker took advantage of Dell’s lack of anti-scraping defense.

The post Dell Hell Redux — More Personal Info Stolen by ‘Menelik’ appeared first on Security Boulevard.

The Biden Administration is moving to cybersecurity standards for hospitals, but the AHA is pushing back, saying voluntary models are enough.

The post UnitedHealth, Ascension Attacks Feed Debate Over Health Care Security appeared first on Security Boulevard.

New account passwords, often used during onboarding, are vulnerable to sophisticated attacks from malicious actors.

Good idea to check: What’s your company using?

The post Easily Guessed Passwords for New Accounts Include “User”, “Temp”, “Welcome” appeared first on Security Boulevard.

Read more of this story at Slashdot.

Read more of this story at Slashdot.

It was probably inevitable. Threat researchers detected bad actors using stolen credentials to target LLMs, with the eventual goal of selling the access to other hackers.

The post Novel LLMjacking Attacks Target Cloud-Based AI Models appeared first on Security Boulevard.

Будет! Russian ransomware rascals riled a Roman Catholic healthcare organization.

The post FBI/CISA Warning: ‘Black Basta’ Ransomware Gang vs. Ascension Health appeared first on Security Boulevard.

Source: securityboulevard.com – Author: Nathan Eddy Chief information security officers (CISOs) face mounting pressure as cyberattacks surge and complexities surrounding the implementation of GenAI and AI technologies emerge. The vast majority — 92% — of the 500 CISOs surveyed by Trellix admitted they are questioning the trajectory of their CISO roles as they grapple with […]

La entrada CISOs Reconsider Their Roles in Response to GenAI Integration – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Modern CISOs have a new task cut out for them: determining how to navigate AI as both challenge and opportunity.

The post CISOs Reconsider Their Roles in Response to GenAI Integration appeared first on Security Boulevard.

Source: securityboulevard.com – Author: Richi Jennings Dark web sale of leaked data exposes Dell users to phishing phraud. Dell customer data from the past six or more years has been stolen. It looks like scrotes unknown broke into the company support portal and sold scads of personal information to the highest bidder. Again? In today’s […]

La entrada Dell Hell: 49 Million Customers’ Information Leaked – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: securityboulevard.com – Author: Nathan Eddy An advanced persistent threat (APT) group backed by Iran has been stoking divisions within Israeli society for the past three years. It has been using generative AI deepfake tools and social media accounts to craft disinformation campaigns. According to research from Recorded Future’s Insikt Group, the group, known as […]

La entrada Emerald Divide Uses GenAI to Exploit Social, Political Divisions in Israel Using Disinformation – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: securityboulevard.com – Author: Jeffrey Burt Dell is sending emails to as many as 49 million people about a data breach that exposed their names, physical addresses, and product order information. According to the brief message, bad actors breached a Dell portal that contains a database “with limited types of customer information related to purchases […]

La entrada Dell Data Breach Could Affect 49 Million Customers – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Bad actors are always ready to exploit political strife to their own ends. Right now, they’re doing so with the conflict in the Middle East. A holistic defense against influence networks requires collaboration between government, technology companies and security research organizations.

The post Emerald Divide Uses GenAI to Exploit Social, Political Divisions in Israel Using Disinformation appeared first on Security Boulevard.

The tech giant says the information stolen doesn't represent a significant risk to users, but cybersecurity experts disagree.

The post Dell Data Breach Could Affect 49 Million Customers appeared first on Security Boulevard.

DUDE! You’re Getting Phished.

Dell customer data from the past six (or more?) years was stolen. It looks like someone sold scads of personal information to the highest bidder.

The post Dell Hell: 49 Million Customers’ Information Leaked appeared first on Security Boulevard.

Source: securityboulevard.com – Author: Nathan Eddy Houston, we may have a problem. NASA’s cybersecurity framework for spacecraft development is inconsistent and must be improved, according to a 34-page review by the U.S. Government Accountability Office (GAO). The GAO report highlighted the need for mandatory cybersecurity updates throughout the space agency’s $83 billion space development project […]

La entrada NASA Must Improve Spacecraft Cybersecurity, GAO Report Finds – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: securityboulevard.com – Author: Jeffrey Burt A group of bad actors — likely from China — is running a global cybercrime-as-a-service operation. It oversees a massive network of fake shopping websites that has conned more than 850,000 people in the United States and Europe into purchasing items, over the past three years, and the organization […]

La entrada Massive Online Shopping Scam Racks Up 850,000 Victims – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

A GAO review of NASA projects found that, while some cybersecurity challenges have been addressed, many security policies and standards remain optional.

The post NASA Must Improve Spacecraft Cybersecurity, GAO Report Finds appeared first on Security Boulevard.

Chinese crooks are running a global network of more than 75,000 fake online shops to steal credit card data and process fraudulent payments.

The post Massive Online Shopping Scam Racks Up 850,000 Victims appeared first on Security Boulevard.

Stagnating security budgets and mounting job pressures are weighing on CISOs, a quarter of whom expressed discontent with their salary and overall compensation.

Show me the money: The average total compensation for tech CISOs stands at $710,000.

The post One in Four Tech CISOs Unhappy with Compensation appeared first on Security Boulevard.

Enlarge (credit: themotioncloud/Getty Images)

Ethan Zuckerman wants to release a tool that would allow Facebook users to control what appears in their newsfeeds. His privacy-friendly browser extension, Unfollow Everything 2.0, is designed to essentially give users a switch to turn the newsfeed on and off whenever they want, providing a way to eliminate or curate the feed.

Ethan Zuckerman, a professor at University of Massachusetts Amherst, is suing Meta to release a tool allowing Facebook users to "unfollow everything." (Photo by Lorrie LeJeune)

The tool is nearly ready to be released, Zuckerman told Ars, but the University of Massachusetts Amherst associate professor is afraid that Facebook owner Meta might threaten legal action if he goes ahead. And his fears appear well-founded. In 2021, Meta sent a cease-and-desist letter to the creator of the original Unfollow Everything, Louis Barclay, leading that developer to shut down his tool after thousands of Facebook users had eagerly downloaded it.

Zuckerman is suing Meta, asking a US district court in California to invalidate Meta's past arguments against developers like Barclay and rule that Meta would have no grounds to sue if he released his tool.

Read 42 remaining paragraphs | Comments

In the ever-evolving world of ransomware, it’s getting easier for threat groups to launch attacks – as evidence by the growing number of incidents – but more difficult to make a profit. Organizations’ cyber-defenses are getting more resilient, decryptors that enable victims to regain control of their data, and law enforcement crackdowns on high-profile cybercrime..

The post Ransomware Attacks are Up, but Profits are Down: Chainalysis appeared first on Security Boulevard.

PAFACA SueTok: U.S. Courts “likely” to rule whether new law is constitutional—or even practical.

The post TikTok Ban — ByteDance Sues US to Kill Bill appeared first on Security Boulevard.

Ticket scams are very common and apparently hard to stop. When there are not nearly enough tickets for some concerts to accommodate all the fans that desperately want to be there, it makes for ideal hunting grounds for scammers.

With a ticket scam, you pay for a ticket and you either don’t receive anything or what you get doesn’t get you into the venue.

As reported by the BBC, Lloyds Bank estimates that fans have lost an estimated £1m ($1.25 m) in ticket scams ahead of the UK leg of Taylor Swift’s Eras tour. Roughly 90% of these scams were said to have started on Facebook.

Many of these operations work with compromised Facebook accounts and make both the buyer and the owner of the abused account feel bad. These account owners are complaining about the response, or lack thereof, they are getting from Meta (Facebook’s parent company) about their attempts to report the account takeovers.

Victims feel powerless as they see some of their friends and family fall for the ticket scam.

“After I reported it, there were still scams going on for at least two or three weeks afterwards.”

We saw the same last year when “Swifties” from the US filed reports about scammers taking advantage of fans, some of whom lost as much as $2,500 after paying for tickets that didn’t exist or never arrived. The Better Business Bureau reportedly received almost 200 complaints nationally related to the Swift tour, with complaints ranging from refund struggles to outright scams.

Now that the tour has European cities on the schedule the same is happening all over again.

And mind you, it’s not just concerts. Any event that is sold out through the regular, legitimate channels and works with transferable tickets is an opportunity for scammers. Recently we saw a scam working from sponsored search results for the Van Gogh Museum in Amsterdam. People that clicked on the ad were redirected to a fake phishing site where they were asked to fill out their credit card details.

Consider that to be a reminder that it’s easy for scammers to set up a fake website that looks genuine. Some even use a name or website url that is similar to the legitimate website. If you’re unsure or it sounds too good to be true, leave the website immediately.

Equally important to keep in mind is the power of AI which has taken the creation of a photograph of—fake—tickets to a level that it’s child’s play.

How to avoid ticket scams

No matter how desperate you are to visit a particular event, please be careful. When it’s sold out and someone offers you tickets, there are a few precautions you should take.

• Research the ticket seller. Anybody can set up a fake ticket website, and sponsored ads showing at the top of search engines can be rife with bogus sellers. You may also run into issues buying tickets from sites like eBay. Should you decide to use sites other than well-known entities like Ticketmaster, check for reviews of the seller.
• Are the tickets transferable? For some events the tickets are non-transferable which makes it, at least, unwise to try and buy tickets from someone who has decided they “don’t need or want them” after all. You may end up with tickets that you can’t use.
• Use a credit card if possible. You’ll almost certainly have more protection than if you pay using your debit card, or cash. We definitely recommend that you avoid using cash. If someone decides to rip you off, that money is gone forever.
• A “secure” website isn’t all it seems. While sites that use HTTPS (the padlock) ensure your communication is secure, this does not guarantee the site is legitimate. Anyone can set up a HTTPs website, including scammers.
• It’s ticket inspector time. One of the best ways to know for sure that your ticket is genuine is to actually look at it. Is the date and time correct? The location? Are the seat numbers what you were expecting to see? It may well be worth calling the event organizers or the event location and confirming that all is as it should be. Some events will give examples of what a genuine ticket should look like on the official website.
• Use a blocklist. Software like Malwarebytes Browser Guard will block known phishing and scam sites.

The new Google Threat Intelligence cloud service draws from Mandiant, VirusTotal, and its own insights and combines them with generative AI.

The post Google Continues Mixing Generative AI into Cybersecurity appeared first on Security Boulevard.

Google is encouraging the adoption of multi-factor authentication to protect against phishing and other cyberattacks. It hopes 2-Step Verification (2SV) can help.

The post Google Makes Implementing 2FA Simpler appeared first on Security Boulevard.

AI is rapidly increasing the pace of API creation within organizations, leading to API security becoming as significant as traditional application security.

Here’s what you can learn from the top five API breaches of the last quarter.

The post API Vulnerabilities Found Across AI Infrastructure Projects at NVIDIA, Mercedes appeared first on Security Boulevard.

No degree? No problem. The federal government and private industry leaders are coordinating to prioritize skills-based hiring to shore up the nation's cybersecurity workforce.

The post White House Cybersecurity Workforce Initiative Backed by Tech Titans appeared first on Security Boulevard.

It takes 4.76 days between public disclosure of a vulnerability and its first exploitations to appear.

The post Fortinet Report Sees Faster Exploitations of New Vulnerabilities appeared first on Security Boulevard.

The wireless communications provider announced the new company at RSA, promising that Level Blue will include managed security services and consulting services.

The post AT&T Spins Out Its Cybersecurity Business to Create LevelBlue appeared first on Security Boulevard.

War of the words: Fancy Bear actions are “intolerable and unacceptable,” complains German foreign minister Annalena Baerbock.

The post Germany Warns Russia: Hacking Will Have Consequences appeared first on Security Boulevard.

The centralized system helps organizations identify, track, and reduce risks, addressing the challenges of incomplete risk visibility and manual processes.

The post Critical Risk Launches Critical Start Cyber Risk Register  appeared first on Security Boulevard.

A report found more than 40 million exposures are impacting 11.5 million critical business entities, with more than half related to cloud platforms.

The post Identity, Credential Misconfigurations Open Worrying Security Gaps appeared first on Security Boulevard.

Enlarge (credit: NurPhoto via Getty)

“Join Your Local Militia or III% Patriot Group,” a post urged the more than 650 members of a Facebook group called the Free American Army. Accompanied by the logo for the Three Percenters militia network and an image of a man in tactical gear holding a long rifle, the post continues: “Now more than ever. Support the American militia page.”

Other content and messaging in the group is similar. And despite the fact that Facebook bans paramilitary organizing and deemed the Three Percenters an “armed militia group" on its 2021 Dangerous Individuals and Organizations List, the post and group remained up until WIRED contacted Meta for comment about its existence.

Free American Army is just one of around 200 similar Facebook groups and profiles, most of which are still live, that anti-government and far-right extremists are using to coordinate local militia activity around the country.

Read 35 remaining paragraphs | Comments

SecurityWeek interviews Geoff Belknap, CISO at LinkedIn, and Guy Rosen, CISO at Facebook parent company Meta.

The post CISO Conversations: LinkedIn’s Geoff Belknap and Meta’s Guy Rosen appeared first on SecurityWeek.

Social media giant Facebook snooped on Snapchat users’ network traffic, engaged in anticompetitive behavior and exploited user data through deceptive practices. That’s according to a court document filed March 23, 2024.

The document mentions Facebook’s so-called In-App Action Panel (IAAP) program, which existed between June 2016 and approximately May 2019. The IAAP program, used an adversary-in-the-middle method called to intercept and decrypt Snapchat’s—and later YouTube’s and Amazon’s—SSL-protected analytics traffic to provide information for Facebook’s competitive decision making. Secure Sockets Layer (SSL) is a standard security technology for establishing an encrypted link between a server and a client.

On June 9, 2016, Facebook CEO Mark Zuckerberg complained about the lack of analytics about competitor Snapchat.

“Whenever someone asks a question about Snapchat, the answer is usually that because their traffic is encrypted we have no analytics about them. . . .

Given how quickly they’re growing, it seems important to figure out a new way to get reliable analytics about them. Perhaps we need to do panels or write custom software. You should figure out how to do this.”

So, as part of the IAAP program, the company started Project Ghostbusters by using Onavo. Onavo was a VPN-like research tool that Facebook acquired in 2013. In 2019, Facebook shut down Onavo after a TechCrunch investigation revealed that Facebook had been secretly paying teenagers to use Onavo so the company could access all of their web activity.

The Project Ghostbusters technique relied on technology known as a server-side SSL bump performed on Facebook’s Onavo servers. SSL bumping, also known as SSL interception, involves intercepting and decrypting SSL/TLS traffic, inspecting it for malicious content or policy violations, and then re-encrypting and forwarding it to the intended destination.

To gain access to the data about their competitor, Facebook incentivized users to install “kits” on both Android and iOS devices that impersonated official servers and decrypted traffic that Facebook had no right to access.

These kits allowed Facebook to intercept traffic for specific sub-domains, allowing them to read what would otherwise be encrypted traffic and to measure in-app usage of their competitor’s apps. The users were clueless about what the kits did exactly, but it allowed the operators to view and analyze the traffic before it got encrypted.

According to the court documents, advertisers suing Meta claim that Facebook later expanded the program to Amazon and YouTube. This practice is likely in violation of wiretapping laws and “potentially criminal.” Facebook’s secret program likely violated the Wiretap Act, because it prohibits intentionally intercepting electronic communications with no applicable exception and the use of such intercepted communications.

We’ll keep you updated on how this develops.

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

On 14 March, Meta announced it would abandon CrowdTangle, saying the tool will no longer be available after August 14, 2024. While most people have never heard of CrowdTangle, among journalists the tool is considered essential. Its popularity largely depends on the ability to monitor social media activity around important elections.

This makes the timing of the change a bit awkward to say the least. Not just in the US, but in many countries around the world there are major elections in 2024.

Data analysis tool CrowdTangle was created to show publishers which posts on Facebook pages were getting the most engagement. However, researchers and journalists later discovered that monitoring which stories spread most quickly, also provides the means to find the source of disinformation and watch how it spreads.

Meta bought CrowdTangle eight years ago, and the tool helped journalists and researchers learn more about the content on Meta’s platforms, including Facebook and Instagram. It was the first major tool that let the public analyze trends on the social media platforms in real time.

But it also produced negative consequences for Meta. If content performed well, Meta received accusations of promoting that content in its algorithm. In 2021, CrowdTangle underwent some changes and the team that ran it, including founder and CEO Brandon Silverman, was dismantled.

Arguably, the only thing keeping CrowdTangle alive at that point was Article 40 of the European Union’s Digital Services Act, which requires very large platforms and search engines to share publicly available data with researchers and nonprofit groups.

So, in November of 2023, Meta introduced the Meta Content Library as a replacement for CrowdTangle to “help us meet new regulatory requirements, data-sharing and transparency compliance obligations.”

In an interview, Meta’s president of global affairs Nick Clegg said that the Meta Content Library is a better tool for researchers than CrowdTangle in almost every way. For starters, it includes data about reach, which he said offers a better picture of what content on the platform is most popular.

Researchers who have used both CrowdTangle and the Content Library are torn, they say that both tools have their strengths and weaknesses. However, the audience for the Content Library is much more limited: aside from certain fact checkers, journalists won’t have direct access.

In an open letter, Mozilla has called on Meta to keep CrowdTangle functioning until January 2025. At the time of writing, 156 universities, researchers, disinformation trackers, privacy watchers, and other social media followers have signed the request.

They fear that the absence of CrowdTangle will undermine the monitoring of election disinformation in a year that approximately half the world’s population will vote.

We don’t just report on threats – we help protect your social media

Cybersecurity risks should never spread beyond a headline. Protect your social media accounts by using Cyrus, powered by Malwarebytes.