Latest news with #CISA
The Hill
9 hours ago
- The Hill
Are you susceptible to a ‘social engineering' attack?
(NEXSTAR) – The Federal Bureau of Investigations on Friday issued an alert concerning Scattered Spider, a cybercriminal organization currently targeting the airline industry. The group, which is also said to be behind cyberattacks on multiple Las Vegas casinos in 2023, is said to rely heavily on 'social engineering' techniques for its attacks, a tactic used to gain trust with victims. 'In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems,' the Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) explains of these types of scams. Attackers may then use that information to pose as a trusted figure working at, or with, the victim's company in order to gain access, CISA says. Specific examples of Scattered Spider's social engineering tactics include 'impersonating employees or contractors to deceive IT help desks into granting access,' or 'convincing help desk services to add unauthorized [multi-factor identification] devices to compromised accounts,' according to the FBI. But social engineering can take many forms — and target everyday individuals, rather than just corporations. 'Typically, the elderly are the most vulnerable to social engineering, but they're not the only victims,' said John Young, a cybersecurity expert and the COO of encryption company Quantum eMotion America. 'Lonely people fall prey to romance scams; those who want instant gratification are vulnerable to get-rich-quick ploys; and otherwise savvy people who have a fear of missing out can get taken by investment scams.' These types of attacks are also incredibly common. Scammers often contact potential victims through emails and texts (aka phishing and smishing scams) or sometimes over the phone, perhaps posing as a bank or an e-commerce company, and asking the victim to verify their personal information or account passwords. Joseph Steinberg, a cybersecurity expert and the author of 'Cybersecurity for Dummies,' says these attacks exploit a weakness in the human brain. 'We're not wired to perceive threats from far away. … To survive, for most of history, we didn't have to worry about threats from someone invisible, 3,000 miles away,' Steinberg told Nexstar. 'But people have a tendency to trust technology more than other people,' he added. 'If I walk up to you in the street, and I told you your banker told me you need to reset your password, you'd never trust me. But if you get an email from what looks like [a bank]? That could be different.' It's also getting harder and harder to differentiate social engineering attacks from legitimate interactions. Artificial intelligence has made it easier for hackers to both gather information on targets and carry out the attacks, as noted by the cybersecurity teams at such organizations as CrowdStrike, IBM and Yale University. AI can even make it possible for bad actors to create deepfakes (i.e., synthetic photos, video or audio clips that appear nearly indistinguishable from authentic ones) to try and trick victims. Steinberg says he's seen this tactic demonstrated over the phone, with scammers using deepfake audio to mimic the voice of a victim's loved one asking for money or sensitive information. 'Every time I've seen it demonstrated it works,' he said. 'The AIs are that good.' CISA offers a number of tips for preventing the likelihood of becoming a victim of social engineering attacks, including limiting the amount of personal information you share online, or contacting a bank/company directly (using a phone number provided by the company's official channels) after getting a suspicious email or text, to verify its authenticity. Now that AI is in the mix, Steinberg also suggests coming up with a plan to verify the identity of their own family members — and most importantly their children — if they get a suspicious call from a person claiming to be a loved one. 'I'm … going to ask them some piece of information that only my child would know,' Steinberg said. By understanding these tools, the likelihood of becoming a victim is at least minimized, if never completely eliminated. 'The most important thing is to internalize the fact that you're a target,' Steinberg said. 'If you believe that people may be trying to scam you, you just behave differently.' Young, too, said a skeptical mindset is especially helpful for the vulnerable populations to adopt. 'I teach volunteer classes for AARP to older citizens, and when I explain that in the old days scammers were known as con artists, something clicks for them,' he said. 'It's true; the scammers of today are just another name for con artists who have been using persuasion and their social engineering skills since the beginning of time.'
Forbes
11 hours ago
- Business
- Forbes
Stop Using These Passwords Following FBI 2FA Bypass Warning
Following FBI warnings of 2FA bypass, password alerts have now emerged. FBI warnings concerning the Scattered Spider collective, behind ransomware attacks on the retail, insurance, and most recently, aviation sectors, have now become an alarming reality. Qantas has confirmed a significant cyber incident, involving a third-party supplier, has potentially impacted the data of some six million customers. 2FA bypass is common currency for Scattered Spider and other threat actors, and the FBI report has confirmed this. But maybe now it's time to also look at how poorly every sector, including consumers, manages passwords. TL;DR, dear reader, the answer is very poorly indeed. Here are the passwords that nobody should be using. FBI And CISA Password Advice Is Being Ignored Let's get one thing straight here: password management is not a difficult thing. It would seem, however, that getting the basics of password creation and use is. That's the only reason I can come up with as to why so many people, corporate, within industry sectors and consumers, are failing to do it properly. Well, there's another reason, but I'm too polite to mention it here; I'm sure you can guess what it is. The point is that, as evidenced by an updated study by NordPass, weak and downright dangerous passwords are still being used long past their expiration date. Although Scattered Spider focuses attention on bypassing 2FA protections using social engineering means to persuade IT help desks to 'add unauthorized MFA devices to compromised accounts,' it is not the only weapon in its arsenal. All ransomware groups will look to the weakest link, the easiest protection to break, when it comes to initial access. And that, as you likely will have guessed, means login credentials. The NordPass study revealed what many in the cybersecurity field already knew: weak passwords, reused passwords, and passwords that are, frankly, totally unfit for consumption, are common across most all industry sectors. Considering the Scattered Spider attacks on aviation, let's focus on the transportation sector as an example. 'The transportation and logistics industry is a critical part of global infrastructure,' Karolis Arbaciauskas, head of business product at NordPass, said, 'but the cybersecurity basics are being ignored.' Those basics can be found in this Cybersecurity and Infrastructure Security Agency advisory, compiled with the assistance of the FBI, covering the tactics, techniques and procedures used by the Scattered Spider threat group. You Should Never Use These Passwords. Period. You only have to look at the most common list for this sector, included on the report page previously linked to, and you will see what Arbaciauskas is referring to. It is peppered with such password atrocities as 123456, Dell, 12345678, password, 111111, 1234, 123456789 and qwerty. I could go, but I won't: go and see for yourself. Or you might want to take a look at this list of dangerous passwords I have compiled from NordPass and other research. 'Weak credentials put customer data, delivery routes, and operational continuity at risk,' Arbaciauskas said, adding that 'Fixing password practices is a fast, effective way to avoid delays caused by data breaches or operational downtime.' The FBI has warned you, CISA has advised you, cybersecurity professionals have shown you the dangers, so when are you going to stop using those easily hacked passwords and start taking credential security seriously? Better yet, when are you going to change to passkeys, which are way more secure?
Forbes
3 days ago
- Forbes
Google Chrome Warning—Update Or Stop Using Browser By July 23
Google confirms attacks on Chrome are underway. Google has confirmed that Chrome is under attack again, and has issued another emergency update for all users following the mandatory 'configuration change' it pushed out last week. Whatever device you're running, you need to ensure you have downloaded the latest software and then you need to restart your browser. As I suggested would happen, America's cyber defence agency has now mandated federal employees update or stop using Chrome within 3 weeks, on or before July 23. The warning also applies to Microsoft Edge and other Chromium-based browsers. CISA warns that Chrome's V8 Javascript engine 'contains a type confusion vulnerability that could allow a remote attacker to perform arbitrary read/write via a crafted HTML page.' That means just visiting the wrong website could put you at risk. In confirming CVE-2025-6554, Google explained that it would not release any further details at this time, 'until a majority of users are updated with a fix.' But the fact it was discovered by Google's own Threat Analysis Group just five days before the fix was released — with a config change even faster than that — tells you how urgent this is. The assumption is that this will have been found in highly targeted attacks, the kind that use specialized websites to lure specific victims or links and other social media, email or text messages to deploy its attacks. But the fact this is now public domain and being fixed means the risks are high as attackers deployments before it's too late. This is the fourth actively exploited zero-day this year, and it highlights how important it is to keep all browsers updated at all times. While CISA's mandate only applies to federal agency staff, its remit extends to all organizations to help them 'better manage vulnerabilities and keep pace with threat activity.' You will see a flag within Chrome telling you an update has been downloaded and you need to restart. All your tabs should reopen, albeit your Incognito private browsing tabs will not. So make sure there's nothing unsaved in any of those. Following Google's warning that it's 'aware that an exploit for CVE-2025-6554 exists in the wild," we can expect more detail on the vulnerability over the coming weeks.
Nahar Net
3 days ago
- Politics
- Nahar Net
US calls reported threats by pro-Iran hackers to release Trump-tied material a 'smear campaign'
by Naharnet Newsdesk 02 July 2025, 17:25 Pro-Iran hackers have threatened to release emails supposedly stolen from people connected to President Donald Trump, according to a news report, a move that federal authorities call a "calculated smear campaign." The United States has warned of continued Iranian cyberattacks following American strikes on Iran's nuclear facilities and the threats those could pose to services, economic systems and companies. The Cybersecurity and Infrastructure Security Agency said late Monday that the threat to expose emails about Trump is "nothing more than digital propaganda" meant to damage Trump and other federal officials. "A hostile foreign adversary is threatening to illegally exploit purportedly stolen and unverified material in an effort to distract, discredit, and divide," CISA spokeswoman Marci McCarthy wrote in a social media post, linking to a report from Reuters about the threat. "These criminals will be found, and they will be brought to justice." Reuters reported that it contacted the alleged hackers online. They told the news organization that it held a large cache of emails from Trump chief of staff Susie Wiles, other top advisers and porn actor Stormy Daniels, to whom a hush money payment led to Trump's criminal conviction. Federal prosecutors charged three Iranians last year on allegations of hacking into Trump's presidential campaign. Hackers also targeted the campaign of Democrats Joe Biden and Kamala Harris and unsuccessfully tried to leak material supposedly taken from Trump to Democrats and members of the media. The threat to release more hacked emails was reported the same day that CISA, the FBI and National Security Agency issued a public bulletin warning that hacking groups supportive of Tehran may attack U.S. interests despite a fragile ceasefire between Iran and Israel. The hackers, authorities warned, could seek to disrupt or disable critical infrastructure systems such as utilities, transportation and economic hubs. They also could target defense contractors or other American companies with ties to Israel, the agencies said. The bulletin outlined recommendations, including the use of regular software updates and strong password management systems to shore up digital defenses. Hackers backing Tehran have targeted U.S. banks, defense contractors and energy companies following American strikes on Iranian nuclear facilities — but so far have not caused widespread disruptions.
Euronews
3 days ago
- Politics
- Euronews
What we know about Iranian-linked hacker group Robert?
Hackers with links to Iran are threatening to disclose emails stolen from the US President's inner circle. The hackers, who go by the pseudonym Robert, told Reuters in an online chat that they have 100 gigabytes of stolen emails from Susie Wiles, the White House's chief of staff, Lindsey Halligan, Trump's lawyer, Roger Stone, Trump's advisor and Stormy Daniels, the porn star at the centre of the Trump camp's hush-money scandal. The group, Robert, said they could sell the material but didn't provide Reuters with any details on their plans, nor describe what was in the emails. The US Cybersecurity and Infrastructure Security Agency (CISA) wrote on X that Robert's plans for a cyberattack were 'nothing but digital propaganda, a calculated smear campaign aimed at harming President Trump and defaming honourable public servants'. The threat comes a few weeks after the US bombed the Fordow uranium processing plant in Iran as part of ongoing tensions between the Middle Eastern country and Israel over nuclear weapons programmes. On June 30, CISA wrote in a statement that Iranian cyber actors might target 'vulnerable' US networks and sites of interest, noting that defence companies with ties to Israel might be at increased risk. So far, there have been some attempts on American banks, defence contractors and the air force by Iranian-backed groups. Previous attack to gain the Trump campaign's emails Robert's threat, seen by Reuters, comes a year after an Iran-backed group allegedly leaked similar emails from the Trump administration in what the government said was an attempt to interfere in the 2024 election. The Federal Bureau of Investigation (FBI) said that Iranian cyber actors sent 'unsolicited emails' to those involved with the campaign of former president Joe Biden with stolen material from Trump's campaign. The same information was then sent to members of the media. The FBI called it at the time the 'latest example of Iran's multipronged approach to stoke discord and undermine confidence in our electoral process'. A month later, the FBI said it had indicted three individuals from Iran with connections to the Islamic Revolutionary Guard Corps (IRGC), the country's military, in connection with the cyber attacks. The US Department of National Intelligence (DNI) considers Iran's cyber operations to be a 'major threat to the security of US networks and data,' according to a report published in March this year. State-sponsored Iranian groups and hacktivists regularly target 'poorly secured US networks and Internet-connected devices for disruptive cyber attacks,' according to the DHS report. The US, among other countries, has designated the Islamic Revolutionary Guard Corps (IRGC) as a foreign terrorist organisation since 2019.
