They just don’t quit, do they? Hackers and scammers are continuing to baffle security experts as they antagonize innocent folks across the internet. They’re continuously changing tactics and approaches in the hopes of evading authorities – which has the effect of unleashing new threats and obstacles that researchers and engineers are forced to overcome.
There are 2 myths that stand in the way of boards understanding the threats posed by cyberattacks and ensuring their businesses can be safe against cybercriminals and hackers.
Recently, Scott County Schools, in Kentucky, fell victim to a $3.7 million fraud phishing scam. According to Superintendent Dr. Kevin Hub, a vendor informed the district that an invoice sent to the district had not been paid. In looking into the matter, the district found that someone else had been paid instead, via a fraudulent email disguised as the vendor.
“This is a process that we use currently in Scott County Schools. It’s a way that we pay our vendors. And it was in this specific case, a single case, that we can verify, and this fraudulent email and fraudulent documentation is what caused this crime to happen.”
Recently a vulnerability was disclosed that affected millions of Huawei-manufactured laptops. The Chinese manufacturer claimed the vulnerability was a mistake and, in January, patched the affected software. Speculation was rife that this vulnerability might have been injected intentionally with the goal of allowing the Chinese government to exploit it in order to take control of laptops globally at a time of their choosing.
Does the offer to “Never pay for cable again” sound tantalizing?
It shouldn’t. It should sound abhorrent, not only because of piracy is illegal and unfair to content creators, but also because researchers have found that pirated streaming devices are stuffed with malware and/or open the door for it to come streaming in.
Threat detection and response is difficult and only getting more complicated. According to ESG research, 76% of cybersecurity professionals claim that threat detection and response is more difficult today than it was 2 years ago, so this situation may only get worse in the future.
WordPress itself is designed to keep your website safe, but there is always more you can do to protect it yourself and your livelihood. The minute you let it slip your mind, you are compromising your online presence.
An alert from the Carnegie Mellon University CERT Coordination Center (CERT/CC) has warned that numerous enterprise VPN clients could be vulnerable to a potentially serious security weakness that could be used to spoof access by replaying a user’s session.
For people with responsibility for corporate security – everyone from CIOs to CISOs and CROs – AI presents two types of risk that change the nature of their jobs. The first is that criminals, bad state actors, unscrupulous competitors, and inside threats will manipulate their companies’ fledgling AI programs. The second risk is that attackers will use AI in a variety of ways to exploit vulnerabilities in their victims’ defenses. The question remains – which protects which?