The Last Watchdog

NOVEMBER 12, 2024

Related: Technology and justice systems The U.S. Avaya Holdings , Check Point Software Technologies , and Mimecast Limited each minimized or obscured the extent of security breaches linked to the SolarWinds Orion hack, impacting investor trust and highlighting the critical importance of clear, truthful communication.

CISO 263

CISO CSO Risk Cyber threats 263

Security Affairs

DECEMBER 6, 2024

Atrium Health launched an investigation into the security breach and discovered that from January 2015 to July 2019, certain online tracking technologies were active on its MyAtriumHealth (formerly MyCarolinas) Patient Portal, accessible via web and mobile. The company notified the US Department of Health and Human Services (HHS).

Data breaches 110

Data breaches Identity Theft Accountability Technology 110

Krebs on Security

MAY 7, 2025

com were paid for by the same account advertising a number of scam websites selling logo and web design services. Mirza’s LinkedIn profile says he currently runs an educational technology/life coach enterprise called TheCoach360 , which purports to help young kids “achieve financial independence.”

Scams 189

Scams Marketing Advertising Technology 189

Krebs on Security

DECEMBER 19, 2024

The cracked software is being resold as a cloud-based attack tool by at least two different services, one of which KrebsOnSecurity traced to an information technology firm based in Turkey. Araneida Scanner. In 2022, Araneida told fellow Breached members they could be reached on Discord at the username “ Ornie#9811.”

Hacking 234

Hacking Cybercrime Advertising Data breaches 234

Krebs on Security

JANUARY 16, 2025

SMS phishing kits are hardly new, but Merrill said Chinese smishing groups recently have introduced innovations in deliverability, by more seamlessly integrating their spam messages with Apple’s iMessage technology, and with RCS , the equivalent “rich text” messaging capability built into Android devices.

Phishing 297

Phishing Scams Mobile Passwords 297

Troy Hunt

FEBRUARY 25, 2025

It's those credentials that are then sold in the stealer logs and later used to access the victim's accounts, which is the second exploitation. Another path had "ve", so it was off to Caracas and the Venezuelan victim's account was confirmed. You get the idea.

Passwords 359

Passwords Accountability VPN Malware 359

Jane Frankland

APRIL 15, 2025

While these technological investments have their value, theyre not enough to solve the fundamental problem the majority of risks come from humans. The Allure of Technology in Cybersecurity Cybersecurity professionals, like Gregs car-loving coffee enthusiast, often find comfort in technology.

Risk 100

Risk Technology Cybersecurity Security Awareness 100

Security Affairs

FEBRUARY 16, 2025

The attackers employ a phishing technique called device code phishing, which tricks users into logging into productivity apps while capturing login tokens that can be used to take over compromised accounts. ” Device code phishing attacks exploit authentication flows to steal tokens, granting attackers access to accounts and data. .

Phishing 113

Phishing Authentication Telecommunications Accountability 113

Krebs on Security

APRIL 30, 2025

Scattered Spider is a loosely affiliated criminal hacking group whose members have broken into and stolen data from some of the world’s largest technology companies. Internet address was used to operate a Discord account that specified a cryptocurrency wallet when asking another user to send funds. ” U.S.

Identity Theft 185

Identity Theft Phishing Cryptocurrency Cybercrime 185

The Last Watchdog

DECEMBER 16, 2024

Gen AI threats and quantum computing exposures must be accounted for. Attacks targeting identities rose 71% last year, with valid accounts as the top entry point. Transparent, traceable, and accountable AI practices are crucial to mitigate biases and align actions with ethical standards. The drivers are intensifying.

Cyber threats 264

Cyber threats CISO IoT Phishing 264

Malwarebytes

APRIL 16, 2025

This is the same technology that now flirts with people online for you and automatically writes heartfelt consolatory emails on behalf of heartless administrators. Good bots accounted for just 14% of the internet’s traffic. These account takeover attacks have skyrocketed lately. Bad bots do all kinds of unpleasant things.

Internet 144

Internet Internet Passwords Artificial Intelligence 144

Jane Frankland

JANUARY 19, 2025

For us in cyber, how do we navigate these new digital threats especially when we layer in the rise of AI and deepfake technologies, and the stakes grow even higher? Deepfake Technology Amplifying Risks: The evolution and democratisation of deepfake technology have blurred the line between reality and fabrication.

Cybersecurity 130

Cybersecurity Technology Scams Risk 130

Troy Hunt

NOVEMBER 13, 2024

DemandScience is what we refer to as a "data aggregator" in that they combine identity data from multiple locations, bundle it up, and then sell it.

Data breaches 327

Data breaches Passwords B2B Technology 327

Malwarebytes

MARCH 12, 2025

Google is spying on Android users, starting from even before they have logged in to their Google account. The researchers found that multiple identifiers are used to track the user of an Android handset, even before they have opened a Google app or signed in to their Google account.

Advertising 144

Advertising Accountability Marketing Engineering 144

Jane Frankland

APRIL 18, 2025

Without these foundations, all the technology in the world wont secure your organisation. The Illusion of Security Built on Sand Organisations are pouring resources into cybersecurity technologies, from generative AI to emerging quantum solutions. However, technology alone cannot solve the security puzzle.

Cybersecurity 130

Cybersecurity Technology Risk Security Awareness 130

Krebs on Security

APRIL 20, 2023

3CX hired incident response firm Mandiant , which released a report on Wednesday that said the compromise began in 2022 when a 3CX employee installed a malware-laced software package distributed via an earlier software supply chain compromise that began with a tampered installer for X_TRADER , a software package provided by Trading Technologies.

Malware 326

Malware Software Technology Accountability 326

Schneier on Security

MAY 24, 2024

This Article accounts for and critiques these failures, providing a socio-technical history since 2014, particularly focusing on the conversation about trade in zero-day vulnerabilities and exploits. The last ten years have also been marked by stark failures to control spyware and its precursors and components.

Marketing 332

Marketing Spyware Surveillance Government 332

Malwarebytes

JANUARY 21, 2025

Graylark Technologies who makes GeoSpy says its been developed for government and law enforcement. But the investigative journalists from 404 Media report thatthe tool has also been used for months by members of the public, with many making videos marveling at the technology, and some asking for help with stalking specific women.

Media 143

Media Artificial Intelligence Identity Theft Surveillance 143

Security Affairs

OCTOBER 28, 2024

. “Free was “the victim of a cyberattack targeting a management tool” leading to “unauthorized access to some of the personal data associated with the accounts of certain subscribers ,” the second largest telephone operator in France confirmed to Agence France-Presse (AFP) on Saturday, October 26.

Cyber Attacks 124

Cyber Attacks Telecommunications Data breaches Banking 124

Krebs on Security

NOVEMBER 4, 2022

Responding to a recent surge in AI-generated bot accounts, LinkedIn is rolling out new features that it hopes will help users make more informed decisions about with whom they choose to connect. For example, on October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc.

Scams 291

Scams Artificial Intelligence Cryptocurrency Accountability 291

Security Affairs

NOVEMBER 25, 2024

“This “SMS blasting” attack relies on using technology that impersonates cellular base stations and is capable of transmitting thousands of messages to devices within a close geographical radius.” The suspects were charged with fraud, money laundering, and operating as money mule account holders.

Mobile 123

Mobile Scams Technology Telecommunications 123

The Last Watchdog

DECEMBER 18, 2024

To wrap up our 2024 year-end roundtable, we turn our attention to new technologies and trends that are emerging to help bridge the gaps. To mitigate risks, organizations must enforce Zero-Trust principles, limit AI access to privileged accounts, and sanitize AI prompts.

Risk 173

Risk Threat Detection Technology Phishing 173

Malwarebytes

FEBRUARY 4, 2025

A paradigm shift in technology is hurtling towards us, and it could change everything we know about cybersecurity. When ChatGPT was unveiled to the public in late 2022, security experts looked on with cautious optimism, excited about the new technology but concerned about its use in cyberattacks. Uhh, again, that is.

Artificial Intelligence 144

Artificial Intelligence Small Business Malware Technology 144

Krebs on Security

OCTOBER 20, 2023

BeyondTrust Chief Technology Officer Marc Maiffret said that alert came more than two weeks after his company alerted Okta to a potential problem. 17, the company had identified and contained the incident — disabling the compromised customer case management account, and invalidating Okta access tokens associated with that account.

Social Engineering 357

Social Engineering Engineering Accountability Hacking 357

Security Affairs

OCTOBER 28, 2024

While conventional “internal” employees account for 29% of identities, non-employees or “external identities” in aggregate (contractors, vendors, etc.) account for nearly half of the total users (48%). And therein lies the problem: Your enterprise could be at risk if their credentials are unsafe. Let’s see how.

B2B 124

B2B Cybersecurity Risk Identity Theft 124

eSecurity Planet

FEBRUARY 10, 2025

Since early 2022, there has been a 49 percent rise in phishing attempts capable of evading filters, with AI-generated threats accounting for nearly 5 percent of these attacks. Compromising a single Gmail account can grant access to an extensive personal and corporate data treasure trove.

Phishing 113

Phishing Artificial Intelligence Password Management Accountability 113

Krebs on Security

NOVEMBER 29, 2023

That access allowed the hackers to steal authentication tokens from some Okta customers, which the attackers could then use to make changes to customer accounts, such as adding or modifying authorized users. For this reason, they can’t be locked down with multifactor authentication the way user accounts can.

Accountability 295

Accountability Authentication Passwords Antivirus 295

Schneier on Security

MARCH 21, 2024

Given how transformative this technology will be for the world, this is a problem. Like public roads and the federal postal system, a public AI option could guarantee universal access to this transformative technology and set an implicit standard that private services must surpass to compete.

Small Business 346

Small Business Government Technology Marketing 346

Malwarebytes

DECEMBER 5, 2024

Anne Neuberger, the US deputy national security adviser for cyber and emerging technologies stated the “Chinese access was broad in terms of potential access to communications of everyday Americans” but she said the hackers only targeted prominent individuals.

Encryption 142

Encryption Identity Theft Media Telecommunications 142

Schneier on Security

JANUARY 13, 2023

With the release of ChatGPT, I’ve read many random articles about this or that threat from the technology. This paper is a good survey of the field: what the threats are, how we might detect machine-generated text, directions for future research. It’s a solid grounding amongst all of the hype.

Accountability 327

Accountability Technology Cybersecurity 327

SecureWorld News

NOVEMBER 22, 2024

" "The defendants allegedly preyed on unsuspecting victims in this phishing scheme and used their personal information as a gateway to steal millions in their cryptocurrency accounts," said Akil Davis, the Assistant Director in Charge of the FBI's Los Angeles Field Office.

Phishing 108

Phishing Identity Theft Cryptocurrency Cybercrime 108

Security Affairs

DECEMBER 1, 2024

The increasing sophistication of these technologies has made it harder than ever to distinguish real content from fake. A study by the Massachusetts Institute of Technology (MIT) presented in 2019 revealed that deepfakes generated by AI could deceive humans up to 60% of the time. As the technology evolves, so will its misuse.

Artificial Intelligence 132

Artificial Intelligence Phishing Media Cyber threats 132

The Last Watchdog

FEBRUARY 11, 2025

The gaming industry continues to be the most targeted by DDoS attacks, accounting for 34% of all attacks. In Q3-Q4 2024, the financial services sector experienced a significant increase, accounting for 26% of all DDoS attacks, up from 12% in the previous period.

DDOS 130

DDOS Financial Services Technology Accountability 130

The Last Watchdog

FEBRUARY 4, 2025

Identity security vendors have focused narrowly on securing corporate accounts, leaving organizations vulnerable to cybercriminals exploiting the broader identity exposures of employees, consumers, and suppliers. A shift to an identity-centric perspective is needed, particularly as the scope of identity exposures continues to grow. .

Cybercrime 124

Cybercrime Phishing Accountability Malware 124

The Last Watchdog

MARCH 24, 2025

There are two sides to this: 1) assessing a technology vendors cryptoagility efforts in your RFPs as a part of determining third-party tech supplier risk, 2) assessing a technology vendors capability to help you in your PQC migration as technology functionality you can use.

Encryption 130

Encryption Financial Services Technology Risk 130

Krebs on Security

MAY 30, 2023

The unsuspecting Discord members click the link provided by the compromised administrator account, and are asked to connect their crypto wallet to the scammer’s site, where it asks for unlimited spend approvals on their tokens, and subsequently drains the balance of any valuable accounts.

Hacking 341

Hacking Accountability Scams Cryptocurrency 341

IT Security Guru

JANUARY 9, 2025

Resolution #2: Take a Quantum Leap in Security As quantum computing improves, organizations must prepare today to address the security risk posed by this emerging technology. Resolution #3: Protect Privileged Accounts in the Modern Digital Era In the face of evolving cybersecurity threats, protecting privileged accounts is essential.

Cybersecurity 113

Cybersecurity Cyber threats Architecture Digital transformation 113