Security Terminology

Sophisticated cyber threats are ever-present, but an existential danger is getting closer each day: quantum computers. They have the potential to shatter the encryption algorithms underpinning our digital world. Specifically, quantum computers will have the ability to break the RSA and ECC algorithms at a pace disproportionate to the overall speed advances they offer.

An iconic Grateful Dead lyric in the song “He’s Gone” uses what’s become a catchphrase for many Deadheads: "steal your face." It's so popular that it’s even on a bumper sticker.

"Steal your face" has a new meaning for the tech world with facial recognition technology as Group-IB researchers reported on a new hacking technique in which a threat actor uses social engineering to steal the victim’s facial recognition data to then create deepfakes to gain unauthorized access to a victim’s bank account.

Join us for key insights and actionable steps in the certificate management space.

Bank of America is notifying customers that their personal information was compromised in a data breach impacting Infosys McCamish Systems (IMS), a third-party vendor.

The breach reportedly occurred after IMS was hacked in November 2023. According to breach notification letters, the exposed customer data includes names, addresses, Social Security numbers, dates of birth, and financial account details. At least 57,028 Bank of America customers were directly impacted.

European Union (EU) legislation that would set guardrails for the use and development of AI technology appears to be on a clear path toward ratification as two key groups of legislators in the EU Parliament on Tuesday approved a provisional agreement on the proposed rules.

In November 2023, the Lockbit ransomware gang claimed responsibility for targeting the Infosys McCamish system, and it appears that the aftermath of the data breach is unfolding.

Bank of America customers participating in deferred compensation plans are facing concerns after a data breach at Infosys McCamish Systems (IMS), a third-party provider managing these plans. The incident, initially reported in November 2023 but only publicly disclosed this month, exposed the personal information of 57,028 individuals.

As artificial intelligence continues advancing at a rapid pace, criminals are increasingly using AI capabilities to carry out sophisticated scams and attacks. Technologies that synthesize realistic fake media, known as deepfakes, are among the newest tools being deployed to enable fraud.

In December 2023, the genetic testing company 23andMe confirmed that hackers had breached the personal data of 14,000 users (.01% of their database) through credential stuffing. However, it later became evident that this figure only accounted for users with compromised data, not including those whose data was scraped. Consequently, the actual number of affected users was much higher, reaching about 6.9 million. The stolen data ranged from usernames and passwords to genomic data and geographic locations.

A data breach of LectureNotes Learning App has affected over 2 million users. The leaked data totals 2,165,139 records and includes the personal information of its users, such as username, first and last names, session tokens, phone numbers, emails, passwords, IP addresses, user-agents and administrator authorization IDs.

Security leaders share their thoughts on this breach and how organizations can protect the sensitive information of their users.

What is easily the most ambitious deepfake scam yet has taken place in Hong Kong, where attackers were able to convince an employee of an unnamed company to transfer HK$200 million (about $25 million) via a fake video conference populated by simulations of the CFO and other personnel. Fraud involving deepfake audio is increasingly common, but this is the first known scheme of this sort to incorporate fake representations of multiple people.

In this episode we share the details of a recent nation state actor attack on Microsoft and some of the lessons learned.

Last year saw a nearly 80% surge in data compromises compared to 2022, with 3,205 incidents recorded, according to a report from the Information Theft Resource Center (ITRC).

Despite the surge in breaches, the number of victims impacted saw a 16% decline from 2022, totaling 353,027,892 individuals.