Why attackers are moving beyond email-based phishing attacks
Attackers are increasingly sending phishing links over non-email delivery channels like social media, instant messaging apps, and malicious search engine ads. In this article, we’ll explore why phishing attacks are moving away from exclusively email-based delivery, and what this means for security teams. Because of the changes to working practices, employees are more accessible than ever to external attackers. Once upon a time, email was the primary communication channel with the wider world, and work happened locally — on your device, and inside your locked-down network environment. This made email and the endpoint the highest priority from a security perspective.
Cloudflare DDoSed itself with React useEffect hook blunder
Cloudflare has confessed to a coding error using a React useEffect hook, notorious for being problematic if not handled carefully, that caused an outage for the platform’s dashboard and many of its APIs. The outage was on September 12, lasted for over an hour, and was triggered by a bug in the dashboard, which caused “repeated, unnecessary calls to the Tenant Service API,” according to VP of engineering Tom Lianza. This API is part of the API request authorization logic and therefore affected other APIs.
As scientists show they can read inner speech, brain implant ‘pioneers’ fight for neural data privacy, access rights
It was an easy decision for J. Galen Buckwalter, a 69-year-old quadriplegic living in Southern California, to undergo a craniotomy in 2024. The operation — which involved inserting 384 electrodes in his brain and a large titanium plate in his skull — allows researchers to record data about how his neurons operate, potentially helping future paralysis patients. The hard part, Buckwalter says, has been giving up the right to access and own his neural data and feel assured that it will be kept private.
Teen arrested over massive cyber attack on Las Vegas strip that cost casinos $100M
A teenage boy has been arrested over a massive cyber attack on the Las Vegas strip that cost casinos at least $100 million, according to authorities and official reports. The Las Vegas Metropolitan Police Department announced Friday the teen has been accused of multiple charges, including extortion and unlawful acts regarding computers, for a “sophisticated cyber crime” from 2023. From August to October 2023, several Las Vegas casinos were targeted by an “organized cyber threat-actor group,” police said. This group went by multiple names, including “Scattered Spider, “Octo Tempest,” “UNC3944,” and “0ktapus,” according to authorities.
Suspected Iran-backed attackers targeting European aerospace sector with novel malware
Suspected Iranian government-backed online attackers have expanded their European cyber ops with fake job portals and new malware targeting organizations in the defense, manufacturing, telecommunications, and aviation sectors. In a Monday report, Check Point Research says it’s been tracking “waves” of this activity since early this year, and attributed the scam to a group it tracks as Nimbus Manticore – also known as UNC1549 (by Google), Smoke Sandstorm (Microsoft), and Imperial Kitten. Google’s Mandiant threat hunters have also noted the crew’s overlap with another gang that Facebook previously linked to Iran’s Islamic Revolutionary Guard Corps (IRGC).
