Phishing campaigns are increasingly tapping nonexecutive employees who can unwittingly provide access to an organization's network, Avanan reports. Avanan notes many phishing emails use DocuSign to trick victims into providing login credentials or deploying malware.
Facebook is training an artificial intelligence model on first-person video footage in the hopes that it will learn how human visual perspectives work. At least 2,200 hours of video from seven countries went into Ego4D, but some say that data is slanted toward able-bodied people and Facebook admits that it focuses on urban environments, in-home filming and more action than rest.
Artificial intelligence tools have become a cybersecurity necessity, because "relying on a human-powered approach means handing the advantage to cybercriminals every time," writes Milad Aslaner of SentinelOne. Aslaner writes how AI can produce "a single action thread, providing security professionals with the key to not just detecting threats but comprehensively preventing them at scale."
Organizations with more than 10,000 employees have, on average, 46 security tools in place, reports Trend Micro, which surveyed more than 2,300 IT professionals. Trend Micro's technical director, Bharat Mistry, observes that in addition to the expense involved, "SOC teams are increasingly stressed to the point of burnout trying to manage multiple solutions."
Ransomware groups seem to be going further than ever, adding threats of distributed-denial-of-service attacks and harassment of business partners and employees. Dick O'Brien of Symantec says the new wrinkles are "in line with what we're seeing from other ransomware actors who seem to feel threatened by victims calling in law enforcement or sharing information with third parties."
The process of employee departures is fraught with security concerns, writes Phil Muncaster, because "resources can be accessed today in many organizations from virtually any device, anywhere." Muncaster cites a survey that shows only 47% of UK enterprises deny building access to departing employees and 62% reclaim devices.
Hacking group Desorden is peddling apparently authentic information about customers of computer-maker Acer after stealing the information from servers in India. Acer was also hacked in March, likely by the REvil group, which demanded a $50 million ransom.
With an eye toward ransomware attacks, enterprises should evaluate the data collected from customers, writes Rafael Lourenco, an executive at ClearSale. Data deemed vital should be stored in accordance with laws such as Europe's General Data Protection Regulation and California's privacy law, Lourenco adds.
Yanluowang, a novel ransomware variant that Symantec's Threat Hunter Team reports "appears to be still under development," taps the official AdFind query tool in Active Directory for deployment. It's named after the extension it appends to encrypted files, and the operators claim they will "conduct distributed denial of service (DDoS) attacks against the victim, as well as make 'calls to employees and business partners,' " if targets turn to law enforcement or professional negotiators in the wake of an attack, Symantec notes.
Proposed federal legislation would make technology companies liable if their recommendation algorithms cause harm. The bill focuses on Section 230, which social media companies have used to shield them from responsibilities, and how the algorithms determine what content is recommended to users.
- Page 1