A successful phishing attack on one of the Financial Services Information Sharing and Analysis Center (FS-ISAC) employees was used to launch additional phishing attacks against FS-ISAC members. The fallout from the back-to-back phishing attacks appears to have been limited and contained, as many FS-ISAC members who received the phishing attack quickly detected and reported it as suspicious. But the incident is a good reminder to be on your guard, remember that anyone can get phished, and that most phishing attacks succeed by abusing the sense of trust already established between the sender and recipient. “I would classify this as a typical, routine, non-targeted account harvesting and phishing. It did not affect our member portal, or where our data is. That’s 100 percent multifactor. In this case it happened to be an asset that did not have multifactor.” said Greg Temm, the FS-ISAC’s chief information risk officer.
Google's security researcher at ProjectZero has discovered a serious remote code execution vulnerability in both the 'μTorrent desktop app for Windows' and newly launched 'μTorrent Web' that allows users to download and stream torrents directly into their web browser. The researcher found that several issues with these RPC servers could allow remote attackers to take control of the torrent download software with little user interaction.
A number of Chase(dot)com customers have reported logging in to their bank accounts, only to be presented with another customer’s bank account details. Chase has acknowledged the incident, saying it was caused by an internal “glitch” that did not involve any kind of hacking attempt or cyberattack.
“We know for sure the glitch was on our end, not from a malicious actor. We’re going through Tweets from customers and making sure that if anyone is calling us with issues we’re working one on one with customers. If you see suspicious activity you should give us a call.” Trish Weller, director of communications said, noting that Chase is still trying to determine how many customers may have been affected.
The customers have been advised to “practice good security hygiene” by regularly reviewing their account statements, and promptly reporting any discrepancies.
The EFF is co-releasing a report with a number of academic and civil society organizations on the risks from malicious uses of AI and the steps that should be taken to mitigate them in advance. The report looks to address potential interactions between computer insecurity and AI, as well as its implications on physical and political security.
At present, computers are inherently insecure, and this makes them a poor platform for deploying important, high-stakes machine learning systems.
The report looks closely at these questions, as well as the implications of AI for physical and political security.
Only a single character can crash your iPhone and block access to the Messaging app in iOS as well as popular apps like WhatsApp, Facebook Messenger, Outlook for iOS, and Gmail.
A potentially new severe bug affects not only iPhones but also a wide range of Apple devices, including iPads, Macs and even WatchOS devices running the latest versions of their operating software.
Like previous 'text bomb' bug, the new flaw can easily be exploited by anyone, requiring users to send only a single character from Teluguâa native Indian language spoken by about 70M people in the country.
Apple was made aware of the text bomb bug at least three days ago, and the company plans to address the issue in an iOS update soon before the release of iOS 11.3 this spring. The public beta version of iOS 11.3 is unaffected.
Since so many apps are affected by the new text bomb, bad people can use the bug to target Apple users via email or messaging or to create mass chaos by spamming the character across an open social platform.
Many security experts are worried that the changes being ushered in by the rush to adhere to the General Data Protection Regulation (GDPR) law may make it more difficult to track down cybercriminals and less likely that organizations will be willing to share data about new online threats.
Security experts argue that the data in WHOIS records has been indispensable in tracking down and bringing to justice those who seek to perpetrate said scams, spams, phishes and stalkers hence redacting such data in compliance with GDRP will be detrimental!