On May 2, the US Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and Department of State issued a joint cybersecurity advisory warning email recipients that APT43, a cyber threat actor run by North Korean military intelligence, is using a vulnerability in email configurations to target organizations for intelligence exploitation. The US Joint Cybersecurity Agency, which the above agencies belong to, has noticed an uptick in spear-phishing emails — targeting specific individuals with messages that appear to come from trusted sources — against journalists, academics ..read more

The LockBit ransomware gang released a massive data leak on Monday containing the sensitive information of multiple large companies. The gang claimed to have leaked the information of more than 50 companies spread across the US, Australia, Canada, Brazil, Canada, Poland, Germany, Belgium, France, Indonesia, Croatia, Taiwan, Mexico, and Turkey. Among the victims was the Church of Sweden, South American Banco de Venezuela, Netspectrum, and Deutsche Telekom. Government officials from various countries were also targeted. However, there is reason to doubt that the hackers actually have pressing i ..read more

There have been 16 suspects arrested by US prosecutors for their roles in a large-scale scam targeting the elderly. The group’s age-based scam focused on older grandparents who weren’t tech-savvy and were more likely to follow their orders. The attacks were carried out by the group as a whole, with each member taking different roles within the scam. Overall, they stole more than $55 million from the elderly across the world. US prosecutors claim that the accused employees hired illegitimate “couriers” who would pose as legitimate employees and present fake receipts to the victims. These “open ..read more

Microsoft is officially rolling out passkey support to all consumer accounts, allowing everyone who uses a Microsoft account to drop passwords for accessing it. After introducing passkeys to Windows 11 last year, Microsoft now expands this support, allowing users to generate passkeys across Windows, Android, and iOS platforms. This feature allows for seamless sign-ins to Microsoft accounts without entering a password each time. Instead, they can sign in using their face, fingerprint, PIN, or a security key as authentication methods. “Today, you can use a passkey to sign in to Microsoft apps a ..read more

LastPass has officially separated from its former parent company, GoTo, previously known as LogMeIn. GoTo announced its decision to spin off LastPass as an independent entity in December 2021, six years after acquiring the password management company. Now, LastPass will operate independently under a shareholder holding company named LMI Parent. The move follows several high-profile attacks the company faced, which propelled it to commit to enhancing its security protocols. “Together, we are all committed to delivering solutions that never compromise on security, quality, or performance ..read more

London Drugs, a major retail and pharmacy chain, has temporarily closed its stores across Western Canada following a cybersecurity breach reported on Sunday. The B.C.-based company announced the shutdown as a precautionary measure to safeguard against further damage after detecting the security incident. According to a statement issued to CBC News around 5:30 p.m. PT on Sunday, the company acted swiftly to address the attack. “At this time, we have no reason to believe that customer or employee data has been impacted,” the company reassured the public. The closures began abruptly after an ini ..read more

The popular cybersecurity company, Trend Micro, is introducing a new AI-powered security platform to combat widespread AI abuse. The introduction of publicly accessible models like ChatGPT and Gemini helped spark AI usage across the world and has already contributed to many helpful cybersecurity projects and new technologies. At the same time, hackers and other criminals use AI to make their attacks more complex and much harder to deal with. Attacks against companies and individuals are ramping up in number, putting pressure on governments and cybersecurity companies to take action. To combat ..read more

Microsoft is warning users that the Windows update released in April 2024 might lead to failures in VPN connections. Microsoft reported the issue on Tuesday on its health dashboard, explaining that Windows devices updated with KB5036893 on April 9, or the April 2024 non-security preview update, may experience VPN connection failures. The company is developing a fix, which will be included in a future release. The problem impacts several versions of Windows 11 and Windows 10, including Windows 11 versions 23H2, 22H2, 21H2, and Windows 10 versions 22H2 and 21H2, according to Microsoft. The ..read more

The US Federal Trade Commission (FTC) slammed major wireless carriers with hefty fines for illegally selling customer data. Verizon, T-Mobile, AT&T, and Sprint are facing roughly $200 million in fines for selling customer data without consent and not providing customers a method to opt out of the data selling or protect themselves from actions taken by the recipients of the data. During the Trump administration, the FCC Enforcement Bureau was tasked with researching these four corporations. A multi-year-long investigation found that these companies illegally harvested data from customers ..read more

Japanese police are faking fake gift cards in various convenience stores around the Fukui prefecture to help find and stop scammers. The Echizen Police are deploying these dummy cards to counter two of the most common online scams. The first is fake antivirus companies that charge for virus removal and the second is delinquent charge scams. The ladder typically sees criminals pretend to have given the victim too much money for a refund and demand the victim send them the money back. In both cases, hackers will instruct the victim to use a gift card so the transaction can’t be reversed or easi ..read more