Categories
Featured

Dell warns of user data breach — 49 million customers affected in security incident, here’s what we know

[ad_1]

Dell has begun sending breach notification emails to some 49 million people whose data was apparently stolen in a recent cyberattack.

The type of information involved includes people’s names, postal addresses, and Dell hardware and order information, such as service tags, item description, order dates, and different warranty information.

[ad_2]

Source Article Link

Categories
Featured

Credential spraying from thousands of IP addresses are targeting VPNs, Cisco warns

[ad_1]

For a month now, hackers have been mounting a large-scale credential stuffing attack against multiple Virtual Private Network (VPN) instances around the world. At the moment, it’s hard to say who is behind the attack, or what the motives are, but researchers have some clues.

As reported by Ars Technica, Cisco’s Talos security team recently warned of an ongoing campaign in which attackers keep trying more than 2,000 usernames and some 100 passwords against different VPNs. Some of the products in the attackers’ crosshairs include Cisco Secure Firewall VPN, Checkpoint VPN, Fortinet VPN, SonicWall VPN, RD Web Services, Mikrotik, Draytek, and Ubiquiti, however others could be targeted, as well.

[ad_2]

Source Article Link

Categories
Featured

You haven’t actually got a massive road toll bill – it’s a phishing scam, FBI warns

[ad_1]

If you get an SMS message from a toll service, claiming you owe $12.51 in unpaid fees and that if you don’t move fast, you’ll be fined an additional $50, don’t fret – it’s not real.

The Federal Bureau of Investigation (FBI) has issued a warning concerning an ongoing smishing campaign that seems to have hit thousands of American citizens so far. 

[ad_2]

Source Article Link

Categories
Featured

International Monetary Fund warns cyberattacks could trigger bank runs

[ad_1]

The International Monetary Fund (IMF) has warned that the increasing number and cost of cyberattacks could destabilize economies leading to bank runs. The knock-on effects of dealing with cyberattacks, such as reputational and financial losses, can spill over onto clients and other businesses, disrupting critical services.

The increasing reliance on third-party security providers over in-house teams is further exacerbating the problem, as a successful breach on a third-party could affect a significant number of businesses.

[ad_2]

Source Article Link

Categories
News

Apple Warns Users in 92 Countries About Mercenary Spyware Attacks

[ad_1]

Apple on Wednesday sent threat notifications to users in 92 countries warning that they may have been targeted by mercenary spyware attacks, likely because of who they are or what they do.

apple security banner
According to TechCrunch, Apple sent the alerts to the individuals at 12 p.m. Pacific Time, delivered via email and iMessage using the contact details associated with the user’s Apple ID. A notification also appears at the top of the page if the user signs into appleid.apple.com.

“Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID -xxx-,” the company wrote in the warning to affected customers. “We are unable to provide more information about what caused us to send you this notification, as that may help mercenary spyware attackers adapt their behavior to evade detection in the future.”

“This attack is likely targeting you specifically because of who you are or what you do. Although it’s never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning — please take it seriously,” added the warning.

In an updated support document, Apple said it has sent similar threat notifications to users in over 150 countries since 2021. “The extreme cost, sophistication, and worldwide nature of mercenary spyware attacks makes them some of the most advanced digital threats in existence today,” said the company. “As a result, Apple does not attribute the attacks or resulting threat notifications to any specific attackers or geographical regions.”

Last October, Apple sent similar warnings to some journalists and politicians in India. Soon after, nonprofit advocacy group Amnesty International reported that it had found Israeli cyber-arms company NSO Group’s invasive spyware Pegasus on the iPhones of prominent journalists in India. Users in India are among those who received the latest threat notifications, according to people familiar with the matter who spoke to TechCrunch.

The alerts come at a time when many nations are preparing for democratic elections. Apple previously described the attackers as “state-sponsored” in the support document, but has replaced those references with “mercenary spyware attacks.” The warning to customers reads: “Mercenary spyware attacks, such as those using Pegasus from the NSO Group, are exceptionally rare and vastly more sophisticated than regular cybercriminal activity or consumer malware.”

Apple advises those who have received a threat notification to seek expert help, such as the rapid-response emergency security assistance provided by the Digital Security Helpline at the nonprofit Access Now. Apple threat notification recipients can contact the Digital Security Helpline 24 hours a day, seven days a week through their website.

Users who have not received an Apple threat notification but have good reason to believe they may be individually targeted by mercenary spyware attacks are advised to enable Lockdown Mode on their devices for additional protection.

[ad_2]

Source Article Link

Categories
Featured

Hospital helpdesks targeted by hackers — US Health Department warns health services are under threat

[ad_1]

The US Department of Health and Human Services (HHS) has issued a warning that hackers are attempting to target the helpdesks of hospitals in order to gain access to critical hospital systems.

The hackers have been observed contacting hospital IT help desks using local area code phone numbers and then pretending to be a hospital employee, providing the helpdesk with stolen identification.

[ad_2]

Source Article Link

Categories
Featured

Visa warns dangerous new malware is attacking financial firms

[ad_1]

Visa is warning its partners, clients, and customers, of an ongoing phishing attack that aims to deliver a banking trojan. 

The Visa Payment Fraud Disruption (PDF) unit sent out a security alert to card issuers, processors, and acquirers, noting it had observed a new phishing campaign that started in late March this year. 

[ad_2]

Source Article Link

Categories
Featured

UN warns e-waste is being created far faster than we can recycle it

[ad_1]

The UN’s International Telecommunication Union (ITU) and the UN Institute for Training and Research (UNITAR) have issued a stark warning about the rapid growth in e-waste, which has outpaced how quickly we can recycle and safely dispose of unwanted products.

According to the 2024 Global E-waste Monitor (GEM) report, the world generates around 2.6 million metric tonnes of e-waste annually, a figure that’s expected to skyrocket to a staggering 82 million tonnes by 2030.

[ad_2]

Source Article Link

Categories
Computers

The NSA Warns That US Adversaries Free to Mine Private Data May Have an AI Edge

[ad_1]

Electrical engineer Gilbert Herrera was appointed research director of the US National Security Agency in late 2021, just as an AI revolution was brewing inside the US tech industry.

The NSA, sometimes jokingly said to stand for No Such Agency, has long hired top math and computer science talent. Its technical leaders have been early and avid users of advanced computing and AI. And yet when Herrera spoke with me by phone about the implications of the latest AI boom from NSA headquarters in Fort Meade, Maryland, it seemed that, like many others, the agency has been stunned by the recent success of the large language models behind ChatGPT and other hit AI products. The conversation has been lightly edited for clarity and length.

Person in a suit smiling in front of the American and National Security Agency flags

Gilbert HerreraCourtesy of National Security Agency

How big of a surprise was the ChatGPT moment to the NSA?

Oh, I thought your first question was going to be “what did the NSA learn from the Ark of the Covenant?” That’s been a recurring one since about 1939. I’d love to tell you, but I can’t.

What I think everybody learned from the ChatGPT moment is that if you throw enough data and enough computing resources at AI, these emergent properties appear.

The NSA really views artificial intelligence as at the frontier of a long history of using automation to perform our missions with computing. AI has long been viewed as ways that we could operate smarter and faster and at scale. And so we’ve been involved in research leading to this moment for well over 20 years.

Large language models have been around long before generative pretrained (GPT) models. But this “ChatGPT moment”—once you could ask it to write a joke, or once you can engage in a conversation—that really differentiates it from other work that we and others have done.

The NSA and its counterparts among US allies have occasionally developed important technologies before anyone else but kept it a secret, like public key cryptography in the 1970s. Did the same thing perhaps happen with large language models?

At the NSA we couldn’t have created these big transformer models, because we could not use the data. We cannot use US citizen’s data. Another thing is the budget. I listened to a podcast where someone shared a Microsoft earnings call, and they said they were spending $10 billion a quarter on platform costs. [The total US intelligence budget in 2023 was $100 billion.]

It really has to be people that have enough money for capital investment that is tens of billions and [who] have access to the kind of data that can produce these emergent properties. And so it really is the hyperscalers [largest cloud companies] and potentially governments that don’t care about personal privacy, don’t have to follow personal privacy laws, and don’t have an issue with stealing data. And I’ll leave it to your imagination as to who that may be.

Doesn’t that put the NSA—and the United States—at a disadvantage in intelligence gathering and processing?

II’ll push back a little bit: It doesn’t put us at a big disadvantage. We kind of need to work around it, and I’ll come to that.

It’s not a huge disadvantage for our responsibility, which is dealing with nation-state targets. If you look at other applications, it may make it more difficult for some of our colleagues that deal with domestic intelligence. But the intelligence community is going to need to find a path to using commercial language models and respecting privacy and personal liberties. [The NSA is prohibited from collecting domestic intelligence, although multiple whistleblowers have warned that it does scoop up US data.]

[ad_2]

Source Article Link

Categories
Featured

US government warns water services are being targeted in cyberattacks

[ad_1]

The US government has issued a warning to its allies that state-backed hackers from Iran and China are increasingly targeting critical infrastructure, with the most notable attacks against water systems.

The Cybersecurity and Infrastructure Security Agency (CISA) probed a number of Iranian attacks targeting Unitronic programmable logic controllers (PLC) used in water facilities.

[ad_2]

Source Article Link