Cybersecurity Chronicles | December 25, 2023
Week In Headlines
AI: What A Deal! Chat Bot Sells Brand New Chevy for Just $1
A user cleverly prompted a GM dealer’s AI chatbot into agreeing to sell a 2024 Chevy Tahoe for just $1. The incident, which involved the user instructing the bot to agree with everything he said, highlights the potential pitfalls of AI in customer service. Despite the humorous outcome, it serves as a reminder of the importance of human oversight in AI applications. The dealer has since deactivated the chatbot.
UTILITIES - Rising Cyber Threats to U.S. Water Systems
U.S. water facilities are increasingly targeted by cyberattacks, often by Iranian hackers targeting Israeli-made technology. Recent incidents include a control panel hack in Pennsylvania and a dangerous lye level increase in Florida’s drinking water. Despite no significant disruptions or public health threats so far, the decentralized and often under-secured nature of water facilities makes them vulnerable. Enhancing cybersecurity in water infrastructure is becoming a critical priority. ?
GOVERNMENT - One US State is The Safe Haven for Cybercriminals!
Cybercriminals are exploiting Wyoming ’s easy-to-register shell companies to carry out global hacks. A recent incident involved a Somali reporter’s website being sabotaged, with the source traced back to a Wyoming-based LLC. The state’s ease of registering anonymous shell companies allows hackers to disguise their web traffic as originating from within the U.S., bypassing digital defenses that block traffic from less trusted locations.
TELCO - Another Massive Data Breach, 36M Customer Compromised
?In a shocking turn of events, Comcast (CMCSA ) has confirmed that hackers exploited a critical vulnerability, known as “CitrixBleed”, to access sensitive information of nearly 36 million Xfinity customers . The breach, which occurred between October 16 and October 19, was not detected until October 25. The stolen data includes usernames, hashed passwords, and for some customers, personal information such as names, contact information, and the last four digits of Social Security numbers.
HOSPITALITY - Unwanted Guest: Malspam Campaign Targets Hotel Industry
Sophos X-Ops has issued a warning to the hospitality industry about a new malspam campaign called ‘Inhospitality ’. This campaign targets hotels worldwide with password-stealing malware, using service complaints or information requests as a social engineering lure. The attackers first contact the target with a text-only email about a service issue or request. Once the target responds, the attacker sends a follow-up email with a link to what they claim is related documentation. However, this ‘documentation’ is actually the malware payload.
MALWARE - New Malvertising Campaign Targets Software Seekers
A new malvertising campaign is distributing the malware loader known as PikaBot , disguised as popular software like AnyDesk. The campaign targets users searching for legitimate software, exploiting a malicious Google ad that redirects to a fake website. Once there, users are tricked into downloading a malicious installer hosted on Dropbox.
FIN SERVICES - Banking Data Stolen in New Web Injections Campaign
A new malware campaign has emerged, using JavaScript web injections to steal the banking data of over 50,000 users across 40 banks in North America, South America, Europe, and Japan. The campaign, which started in March 2023, highlights the increasing sophistication of cyber threats.
INSIGHTS & EXPERT PERSPECTIVES
How to Educate Your Employees to Be Cyber Risk Aware
The Center for Internet Security (CIS) article explains why employee cybersecurity awareness training is important for any organization, especially for those that handle sensitive data or operate critical infrastructure. It also provides some tips and resources on how to design and deliver effective training programs that can help employees protect themselves and their organizations from cyber threats.
Employee cybersecurity awareness training can
INSIGHTS: When it comes to employee cybersecurity awareness training, it’s not just an IT issue - it’s a human issue too. It’s about getting everyone in the company working together to protect the company. This means from the top executive to the new hires. You need to foster a culture of security within the organization.
And it’s not a one-and-done deal either. It’s an ongoing process that needs regular check-ins to see how it’s impacting the organization’s security stance.
We have been saying it so often for so long, that we feel like we're nagging not just customers but prospects, audiences to our events, and listeners to our podcast.
A Security Awareness and Education (SAE) program is not expensive. It may be the least expensive security investment you make. Executives need to view this education, not as an expense, but as an investment.
By helping to prevent or lessen the blow of cyber incidents, it saves the company money in the long run. And maybe keeps you in business altogether.
领英推荐
PODCAST - Secret Santa: Modern-Day Insider Threat
In this episode of the Cybersecurity Chronicles, Sean Mahoney , VP with Netswitch Technology Management , and Tamara Lauterbach, MBA, MPH, MSITS , Sr. Cybersecurity and GRC Analyst with Guthrie discuss the evolution of cyber risk, focusing on the concept of insider threat.
They explore how seemingly innocent actions can pose significant risks in the digital landscape. The conversation also touches on the role of AI and machine learning in shaping modern threats, the importance of continuous cybersecurity education, and the challenges of maintaining security in a rapidly advancing technological environment.
Ways We Can Help You
Elevate Your Cyber Risk Cognizance
Get a Fast and Comprehensive Risk Assessment
Our fully automated Security And Risk Assessment (SARA) performs as an auditor to provide an unbiased audit of your technical and risk controls.
Contact Netswitch for more info.
Attend a LinkedIn Live Event
We host regular LinkedIn Live Events to provide insights to elevate your cognizance.
Our intent is to facilitate communication and collaboration among stakeholders - Business Executives, Technologists, and Governors – to achieve alignment of technical controls to meet GRC objectives and improve processes to meet both.
Keep up to date about future events by following Netswitch.
Signup for Our "Quick Start" Pilot Program
Know your risk level in cybersecurity and governance at NO COST.
To find out more just contact Netswitch on LinkedIn for more info. and we'll get a Demo Scheduled.
Join Our CyberRisk Governance Group
Consider joining risk professional peers in the fast-growing LinkedIn group specifically about CyberRisk Governance.
The aim of the group is to help technologists, risk & compliance managers, and business leaders better manage their CyberRisk.
Would you like to join us?
Here's the link: https://www.dhirubhai.net/groups/13991569
DISCLAIMER: Any articles, information, or links are provided by Netswitch for reference only. While we strive to keep the information and links correct and safe, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability, or availability with respect to the website or the information, articles, or related graphics contained on the destination website. Any reliance you place on such information is therefore strictly at your own risk.
B2B Growth Expert | 7 Figures In Coaching, Consulting & Agency | 1 Exit (ecom) | Founder Audience & Clients
10 个月It's truly fascinating to observe the growing impact of AI in unconventional areas like car sales.