A recent report from cybersecurity firm Deep Instinct and Sapio Research has looked into how the growth of generative AI is impacting organizations, from conducting business to shielding their companies from harm.  While AI has been a positive influence in some respects, one key downside is that less sophisticated threat actors can easily launch sophisticated malicious attacks without much effort.  Created with the help of surveying 500 senior cybersecurity experts in industries such as finance, technology, and healthcare, the three main takeaways from the report are: Deepfakes are ..read more

Recently, the cybersecurity world was shook by a data breach involving Snowflake, a cloud-based third-party server utilized by many companies to store huge datasets. Around 165 businesses, including Ticketmaster and Santander Bank, are believed to have been impacted.  Here’s the lowdown on what happened and why MFA is an essential component of securing online accounts. The breach The Snowflake data breach first came to light on May 27 with a post on the cybercrime forum Exploit. Asking for $500,000, the hacker advertised 1.3TB of Ticketmaster data, which included over 560 million people’s ..read more

Nobody likes to do laundry. Even worse when you have to drag all your dirty clothes to a laundromat and pay for the privilege on top of all everything else. But for a brief moment in time, two students at UC Santa Cruz discovered that maybe you don’t always have to pay.  Security flaw in laundry app API The two students, Alexander Sherbrooke and Iakov Taranenko, found a vulnerability in their university’s network of laundry appliances that allowed them to send commands to do free laundry. The first time he did it, Sherbrooke had $0 in his laundry account, but he was able to start a wash n ..read more

Ever get a random job offer you didn’t apply for on a messaging app? How about a text from a “wrong number” that then tries to initiate a relationship with you? If so, you may have been the target of a fraud attempt. One of the most common is pig butchering scams, where perpetrators build a fake relationship with a victim, extorting money from them over time, typically through cryptocurrency.  These types of scams are a growing issue globally. The Global Anti-Scam Alliance found that scammers stole over $1 trillion from victims in 2023. A report from The United States Institute of Peace ..read more

Scam calls are becoming ever more prevalent. Whether it be robocalls or voice phishers looking to steal sensitive information from their victims, it’s estimated that Americans receive around two billion scam calls per month.  Experts believe one reason for the recent growth is the boom in AI technology over the past couple of years. AI can make such scams much easier by quickly generating new messages for each person they’re trying to scam, as well as creating convincing-sounding AI-generated voices. Particularly sophisticated scammers can even clone the voices of public figures.  W ..read more

Many of us use Google-related sites, services, and apps multiple times per day, every day. Whether you’re sending an email, finding directions, or searching for a random question that suddenly pops into your head, Google has become an intrinsic part of the lives of millions.  As a result, the tech giant has collected a lot of information about you. Google says it uses this data to improve apps and services, develop new ones, personalize targeted advertising and content, and protect against fraud and abuse. However, even if the reason for data collection purports to be good, not everyone ..read more

Ransomware attacks are a continual problem across various industries and organizations and can have a catastrophic impact on a company’s reputation, finances, and technology. According to The State of Ransomware 2024 from Sophos, a whopping 59% of organizations were targeted by ransomware last year.  Now, the US government’s Cybersecurity and Infrastructure Security Agency (CISA) has developed a free solution: the Ransomware Vulnerability Warning Pilot (RVWP). What is RVWP RVWP was a requirement of The Cyber Incident Reporting for Critical Infrastructure Act of 2022, launching afterwards ..read more

While you were celebrating (or not celebrating) Easter, a German developer was busy stopping a potentially catastrophic cyber attack on the most widely used open-source operating system — Linux.  A Microsoft employee by day, Andres Freund volunteers as a Linux maintainer in his spare time. He essentially helps the Internet keep working as it does, seeing as Linux is used everywhere, from Android smartphones to the world’s top million servers. Here’s how disaster was just about avoided. Discovering a backdoor in XZ Utils Freund became aware of a potential issue when logging into SSH and n ..read more

The development of IoT devices has brought with it a plethora of conveniences. Smart cameras are especially popular among people who want to check in on their pets when they’re not around or are worried about home security.  Unfortunately, the very device you chose to enhance security may be infringing on your privacy. A slew of recent news stories support this. A lawsuit claimed Amazon employees and contractors could access customer videos to train algorithms without user consent. Smart home manufacturer Wyze courted controversy on multiple occasions, including a vulnerability that allo ..read more

In an ideal world, once you install an SSL certificate, you should be able to forget about it, safe in the knowledge that your site will remain secured until it’s time to renew. Unfortunately, this isn’t always the case. Even when there’s nothing wrong with the SSL itself, there are myriad technical server-side or browser issues that can cause it not to work properly, resulting in error messages for people trying to reach your site.  A common one is the SSL handshake failed error code 525. If you’ve ever encountered this error, whether you’re a website owner or just someone trying to visi ..read more