CyberSecure Specialist

05 Oct

Glut of Fake LinkedIn Profiles Pits HR Against the Bots

Information, Insights

A recent proliferation of phony executive profiles on LinkedIn is creating something of an identity crisis for the business networking site, and for companies that rely on it to hire and screen prospective employees. The fabricated LinkedIn identities — which pair AI-generated profile photos with text lifted from legitimate accounts — are creating major headaches for corporate HR departments and for those managing invite-only LinkedIn groups. Some of the fake profiles flagged by the co-administrator…

Read More
05 Oct

IOTW: Everything we know about the Optus data breach

Attacks, Data Breaches

Australian telecommunication company Optus suffered a devastating data breach on September 22 that has led to the details of 11 million customers being accessed. The information accessed includes customers’ names, dates of birth, phone numbers, email addresses, home addresses, driver’s license and/or passport numbers and Medicare ID numbers. Payment detail and account passwords were not compromised in the breach. Optus confirmed that it has now contacted all customers to notify them of the cyber-attack’s impact,…

Read More
05 Oct

Suspected Grand Theft Auto 6 hacker arrested by UK police

Attacks, Data Breaches

The person responsible for hacking into Rockstar Games, leaking gameplay and clips from the upcoming Grand Theft Auto 6 game, has been potentially identified and arrested by London police. The hacker, known as teapottuberhacker, was also allegedly responsible for an attack into rideshare platform Uber earlier this month, which saw the hacker take control of Uber’s systems and post a graphic image on the company’s internal sites. They are also said to be a member…

Read More
05 Oct

Data breach sees Telstra employees’ details posted online

Attacks, Data Breaches

Australian telecommunications company Telstra revealed on Tuesday that it had been hit by a data breach that had revealed the details of 30,000 current and former employees. The details included employee’s first and last names and email addresses, and were posted on hacking forum Breached. This forum was also used to leak information obtained in the Optus hack. In a tweet, Telstra confirmed that the data leak “wasn’t a breach of any Telstra system” and…

Read More
04 Oct

Cybersecurity Awareness Month 2022: Enabling Multi-factor Authentication Key behavior: Multi-factor Authentication

Insights

In celebration of Cybersecurity Awareness Month, NIST will be publishing a dedicated blog series throughout October; we will be sharing blogs each week that will match up to four key behaviors identified by the National Cybersecurity Alliance (NCA). Today’s interview-style blog features two NIST experts —Bill Newhouse and Ryan Galluzzo—discussing different reasons to enable multi-factor authentication (a mechanism to verify an individual’s identity by requiring them to provide more information than just a username and…

Read More
30 Sep

Microsoft: Two New 0-Day Flaws in Exchange Server

Information, Insights

Microsoft Corp. is investigating reports that attackers are exploiting two previously unknown vulnerabilities in Exchange Server, a technology many organizations rely on to send and receive email. Microsoft says it is expediting work on software patches to plug the security holes. In the meantime, it is urging a subset of Exchange customers to enable a setting that could help mitigate ongoing attacks. In customer guidance released Thursday, Microsoft said it is investigating two reported zero-day…

Read More
30 Sep

NIST International Engagement Updates: CSF 2.0 Update Workshop and More

Insights

The subject of international alignment and alignment with international resources continues to be an important focus for NIST, particularly with the process for the Cybersecurity Framework (CSF) 2.0 update. This was an important area for many of our stakeholders, as described in the summary of analysis of the Request for Information (RFI) from February. NIST hosted its first virtual workshop on the journey to the CSF 2.0 update process in August. During the workshop, NIST…

Read More
29 Sep

Fake CISO Profiles on LinkedIn Target Fortune 500s

Information, Insights

Someone has recently created a large number of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations. It’s not clear who’s behind this network of fake CISOs or what their intentions may be. But the fabricated LinkedIn identities are confusing search engine results for CISO roles at major companies, and they are being indexed as gospel by various downstream data-scraping sources. If one searches LinkedIn for the…

Read More
29 Sep

The Final Countdown to Cybersecurity Awareness Month 2022: “It's easy to stay safe online!”

Insights

Today’s blog will jumpstart NIST’s celebration of Cybersecurity Awareness Month 2022! We have a lot in store for October and are looking forward to sharing our work, progress, events, and news with you. This year’s theme is “See Yourself In Cyber” and will cover four key behaviors: Enabling multi-factor authentication Using strong passwords and a password manager Updating software Recognizing and reporting phishing As a repeat Cybersecurity Awareness Month Champion, NIST is dedicated to promoting…

Read More