14-Mar-24: In Security News Today

Nissan confirms ransomware attack exposed data of 100,000 people

Nissan Oceania experienced a ransomware attack in December 2023, leading to a data breach affecting 100,000 individuals. The attack, attributed to the Akira ransomware operation, resulted in the theft of personal employee information, NDAs, project data, and details of customers from various dealerships. Nissan is taking steps to notify and support affected individuals, offering services like free credit monitoring and assistance with replacing compromised government IDs.

French unemployment agency data breach impacts 43 million people

France Travail, the French unemployment agency, experienced a data breach impacting 43 million individuals, exposing personal details of job seekers registered in the last 20 years. The breached data includes full names, postal addresses, and phone numbers, increasing the risk of identity theft and phishing. While bank details and account passwords were not compromised, affected individuals are advised to remain vigilant and can file complaints with the Paris prosecutor’s office for investigation.

TikTok About to be Banned in the US

The US Congress voted in favor of banning TikTok due to security concerns related to misinformation and data management practices by its Chinese parent company, ByteDance. The bill proposes divesting TikTok to a US-based company within 180 days, with potential fines for non-compliance. Cybersecurity professionals highlight the app’s potential threat in influencing public opinion and the need for better controls on user data storage and access.

Google Chrome to get real-time phishing protection later this month

Google Chrome is introducing a Safe Browsing update later this month to provide real-time malware and phishing protection without compromising user privacy. The update includes an opt-in Enhanced Protection mode using AI for deeper scans of downloaded files. The new feature utilizes Fastly Oblivious HTTP relays to obfuscate visited sites’ URLs, ensuring user privacy by preventing Google and Fastly from matching browsing activity with user identities.

Tech support firms fined $26 million for scare tactics

Tech support companies Restoro and Reimage have been fined $26 million by the U.S. Federal Trade Commission for using scare tactics to deceive customers into paying for unnecessary computer repair services. The firms employed deceptive marketing strategies, including fake system warnings and misleading telemarketing calls, to trick consumers, particularly older individuals, into spending money on services they did not need. In addition to the fine, a proposed FTC order aims to prevent Restoro and Reimage from engaging in deceptive telemarketing practices and misrepresenting security or performance issues on consumers’ devices.

Microsoft’s AI-Powered Copilot for Security Set for Worldwide Release

Microsoft has announced the worldwide release of its AI-powered security solution, Copilot for Security, on April 1, 2024. Designed to enhance the efficiency and capabilities of security professionals, Copilot for Security allows for natural language interaction across various scenarios like incident response and threat intelligence. The tool integrates with Microsoft products and over 100 third-party vendors, leveraging OpenAI architecture and a vast pool of security signals for responsive and informed security assistance.

SIM swappers hijacking phone numbers in eSIM attacks

SIM swappers are now targeting phone numbers through eSIM swapping attacks, where they transfer the victim’s number to a new eSIM card. This method allows cybercriminals to bypass security measures and gain access to sensitive accounts like online banking services. To protect against these attacks, experts advise using strong passwords, enabling two-factor authentication, and considering additional security measures like physical keys for high-value accounts.

Alabama Under DDoS Cyberattack by Russian-Backed Hacktivists

Alabama has faced network disruptions due to cyber incidents targeting both state and city governments. The state government confirmed a cyberattack on March 12, assuring that no networks or system data were compromised. The city of Birmingham also reported a network issue on March 6, affecting law enforcement’s operations, but did not provide further details on the incident.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.