Tag: SOCIAL MEDIA

Homeland Security nominee Kristi Noem bashes CISA, says agency must be ‘smaller, more nimble’
Summary: South Dakota Governor Kristi Noem criticized the Cybersecurity and Infrastructure Security Agency (CISA) during her confirmation hearing for Secretary of Homeland Security, arguing that its focus on disinformation campaigns strays from its primary mission. She emphasized the need for CISA to collaborate more effectively with other intelligence agencies to address threats, while also reflecting on her own controversial decisions regarding cybersecurity funding in South Dakota.…
Read More
Leveraging Behavioral Insights to Counter LLM-Enabled Hacking
Summary: The commentary explores how the evolution of hacking has shifted from technical implementation to creative ideation, particularly with the rise of automated tools and large language models (LLMs). It discusses the implications of this shift for both attackers and defenders in cybersecurity, emphasizing the need for a deeper understanding of creative processes in devising new cyberattacks.…
Read More
New Star Blizzard spear-phishing campaign targets WhatsApp accounts | Microsoft Security Blog
In mid-November 2024, Microsoft Threat Intelligence reported a shift in tactics by the Russian threat actor Star Blizzard, who began targeting WhatsApp accounts through spear-phishing campaigns. This new approach involves impersonating US government officials to lure victims into malicious links that compromise their WhatsApp data. The campaign highlights the actor’s resilience and adaptability in the face of operational disruptions.…
Read More
European Privacy Group Sues TikTok and AliExpress for Illicit Data Transfers to China
Summary: Austrian privacy non-profit None of Your Business (noyb) has filed complaints against several companies, including TikTok and Xiaomi, for allegedly violating EU data protection laws by transferring user data to China. The organization seeks an immediate halt to these data transfers, citing concerns over Chinese government access to personal information.…
Read More
FTC Orders GoDaddy to Fix Inadequate Security Practices
Summary: The Federal Trade Commission (FTC) has mandated GoDaddy to enhance its security practices due to inadequate measures that led to multiple security breaches from 2019 to 2022. The FTC’s complaint highlights GoDaddy’s failure to protect customer data and misrepresentation of its security capabilities. As a result, GoDaddy must implement a comprehensive security program and undergo regular independent reviews.…
Read More
Recent FBI alerts confirm that threat actors are increasingly utilizing GenAI to enhance financial fraud and extortion tactics, making traditional methods like phishing more effective. AI-generated content aids in creating convincing spear-phishing emails and realistic fake social media profiles. As these attacks become more accessible, organizations must prepare for a growing trend in cyber threats.…
Read More
German defense and foreign ministries suspend activity on Elon Musk’s platform
Summary: Germany’s armed forces and ministries have suspended their accounts on Elon Musk’s platform, X, citing challenges in maintaining fact-based discussions. The defense ministry plans to use Meta’s WhatsApp for communications, while the foreign ministry will transition to Bluesky. This decision follows concerns over Musk’s endorsement of the far-right AfD party and his controversial remarks about German politicians.…
Read More
Summary: Ukrainian cyber police have dismantled a criminal group involved in phishing schemes that defrauded citizens across several European countries. The group targeted residents of Finland, Denmark, Norway, and Hungary, resulting in significant financial losses. Authorities are collaborating with international law enforcement to uncover the full extent of the fraud and identify accomplices.…
Read More
UK’s porn age checks to arrive in July, raising fears over security and privacy
Summary: The UK’s communications regulator Ofcom has mandated that online pornography sites must verify users’ ages by July to prevent minors from accessing adult content. Concerns have been raised by civil liberties groups about the potential cybersecurity risks associated with age verification methods. Non-compliance could lead to severe penalties, including fines and website blocking by internet service providers.…
Read More
Hackers leak configs and VPN credentials for 15,000 FortiGate devices
Summary: A new hacking group known as the Belsen Group has leaked sensitive configuration files, IP addresses, and VPN credentials for over 15,000 FortiGate devices on the dark web. This data dump, which includes critical technical information, was released to promote the group and is believed to be linked to a previously exploited zero-day vulnerability.…
Read More
Zombies Never Die: Analysis of the Current Situation of the Large Zombie Network AIRASHI
A large-scale DDoS attack targeted the Chinese game “Black Myth: Wukong” on the Steam and Perfect World platforms in August 2024. The attackers, using a botnet called AISURU, executed multiple waves of attacks during peak online gaming hours across 13 global regions. The botnet was later updated and renamed AIRASHI, which exhibited advanced capabilities, including exploiting a 0DAY vulnerability in Cambium Networks routers.…
Read More