Apple and Google have announced a partnership to develop a new system that aims to protect mobile users from phishing attacks. The specification has been submitted as a draft via the Internet Engineering Task Force. More: - The system, called the Authenticated Sender Program, will help prevent phishing attacks by verifying the authenticity of emails sent to users.
- Apple and Google believe that the system will specifically help combat the misuse of Bluetooth location-tracking devices for unwanted tracking.
- The program will use industry-standard email authentication protocols to verify the sender of an email and ensure that it is not fraudulent.
- Authenticated Sender Program will be implemented in both Apple Mail and Gmail and will be later available for other email services.
Zoom Out: - In 2020, Iranian hackers targeted U.S. government officials and journalists by hacking into their Gmail accounts.
- In 2017, many iCloud users were hit with a spam attack that added unwanted events to their calendars.
| |
 Meta has warned that hackers have started using AI to generate new malware. The company tracked 10 AI-generated malware campaigns in March alone. More: - Generative AI involves using machine learning algorithms to create new content that resembles or is derived from existing data.
- In this case, the cybercriminals used a type of generative AI called a Generative Adversarial Network to produce malware that appeared benign to traditional security systems.
- The malware was designed to execute a hidden payload on an infected device only after it had passed through several security layers without detection.
- Meta added that this new technique could pose a significant challenge for cybersecurity professionals and requires a more advanced approach to detecting and defending against malware.
| |
 A message from SLACK When you’re growing a business, everyday tasks can slow you and your team down Back-and-forth emails. Meetings on top of meetings. A never-ending to-do list.
Enter Slack, a single space to connect with everything, share and search for information, and help your teams do more with less. And with Slack Pro, you can: - Keep conversations in one place:
Whether you’re working with your teammates or collaborating with partners outside your company, Slack Pro brings all the right people and information together in one organized space. - Find what you need, share what you know:
From files to photos to conversations, everyone can access any message that’s ever been shared, so they have all the information they need to make decisions and move work forward. - Connect instantly with huddles
Need to gather quickly to brainstorm or work through a complex problem? Start a huddle to talk instantly over audio or video. You can even share your screen and start a thread for notes.
Right now, you can save 50% off your first 3 months of Slack Pro. Learn More
| |
China-backed hacker group Earth Longzhi is using new malware to target government organizations in Southeast Asia. The group's campaign is believed to have been active at least since 2018. More: - The group primarily uses spear-phishing emails to hack its victims, with a particular focus on government entities and opposition figures in Myanmar and Vietnam.
- The threat actor uses custom malware, such as a remote access trojan called Moudoor.
- Researchers have linked the group to APT41 and believe that it may be affiliated with the Chinese government.
- In addition to government organizations, the group has targeted healthcare organizations, technology companies, and manufacturing entities.
| |
Google has introduced a new login feature, calling it the beginning of the end for passwords. Users will now log in using fingerprints, face ID, or a local PIN. More: - The feature uses a combination of biometric authentication and a cryptographic key stored on the user's device to verify the user's identity.
- The feature is currently available only on specific devices, such as Pixel phones and other Android devices running Android 7.0 or later, as well as iOS devices.
- Google claims that the passkey feature is far more secure than using passwords and that it expects users to widely adopt this practice in the near future.
- The passkey feature is currently optional, and users can continue using a password to log in to their Google accounts.
- Companies such as Docusign, Kayak, PayPal, Shopify, and Yahoo! Japan have already deployed to streamline sign-in for their users.
| |
| A message from SUPERVEST Supervest's Short-Term Notes I offers flexible terms and solid potential returns. Searching for short-term income-generating investments? Look no further than Supervest's Short-Term Notes. This short-term investment option offers competitive returns, a low-risk profile and: - Annualized Rate: Investors are paid an annualized 10% rate which consists of monthly payments.
- Short-term: Funds are expected to be repaid in 12 months' time.
- Rollover: Investors have the option to roll their investment into another note at the date of maturity.
- No fees: At the end of one year, the investor can choose to receive its entire principal or roll it over to enter into a new note.
Invest today
| |
Hackers are exploiting a five-year-old flaw that lets them breach DVR devices. The flaw has a 9.8 CVSS score. More: - The vulnerability, tracked as CVE-2018-9995, affects older versions of runc and is caused by a flaw in the handling of file descriptors passed between processes.
- The flaw can be exploited by attackers to escalate their privileges on a targeted system and execute arbitrary code with root privileges.
- Researchers have observed several hacking groups, including Chinese state-sponsored actors, using the vulnerability in their attacks.
- While patches for the vulnerability have been available for several years, many systems remain unpatched, leaving them vulnerable to hackers.
- Researchers have warned system administrators to patch their systems and upgrade to the latest versions of runc to protect against this vulnerability.
| |
CISA has urged organizations to integrate the FCC's Covered List into their risk management plans. The list includes companies that pose a potential national security threat. More: - The FCC Covered List is a list of organizations that operate or provide services to critical infrastructure and are required to comply with FCC regulations related to network security and data privacy.
- CISA's advisory highlights the increased risk of cyberattacks facing organizations in the current threat landscape and encourages organizations to conduct regular risk assessments and implement best practices for cybersecurity.
- The advisory also recommends that organizations on the FCC Covered List participate in the FCC's Communications Security, Reliability, and Interoperability Council to share information and best practices with other organizations in the industry.
- CISA's report comes amid growing concerns about cyber threats to critical infrastructure, including recent attacks on pipelines and other infrastructure targets, and highlights the importance of cybersecurity preparedness for organizations in this sector.
| |
Quick Hits: - The company behind these surgical robots is planning to list on Nasdaq. Last day to fund your investment is on 5/10..*
- The FBI seized nine cryptocurrency exchanges conducting illegal activities. The operation was a partnership with Ukrainian authorities.
- Law enforcement agencies from Austria, France, Germany, the Netherlands, Poland, Brazil, the United Kingdom, the United States, and Switzerland have seized an illegal online marketplace named Monopoly Market. 288 individuals were arrested in this operation.
- CISA has added several TP-Link, Apache, and Oracle bugs to its known exploited vulnerabilities list.
- Demo Divvy, get an Ember heated mug. Hot coffee and quick and easy expense management — get both when you demo Divvy.*
*This is sponsored content.
| |
Upcoming events at Inside: - May 08 - Inside.com Town Hall (Register Here)
- May 11 - Testing and monitoring large language models (LLMs) with TruEra (Register Here) *
- May 17 - Monthly Meditation guided by Nicholas Whitaker (Register Here)
- May 17 - Join Vanta's webinar to see Vendor Risk Management in action and learn about automating security reviews. (Register Here) *
*This is a sponsored listing.
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
| |
Looking to add alternative investments to your portfolio? Look no further than Supervest. | |
