Meta has tracked a network with millions of fake accounts engaged in social media cyber espionage. The campaign targets users in Southeast Asia. More: - The network operates over 2.2 million Facebook, Instagram, and Twitter fake accounts.
- Meta believes that the operation is likely run by a group of marketing firms based in India.
- The fake accounts use profile pictures and names that appear to be real and deploy engagement patterns that mimic human behavior.
- One of the groups that were detected by Meta is a Pakistan-based advanced persistent threat group that relied on a network of 120 accounts on Facebook and Instagram and rogue apps and websites to infect military personnel in India.
- The tech giant also expunged about 110 accounts on Facebook and Instagram linked to an APT identified as Bahamut that targeted activists, government employees, and military staff in India and Pakistan with Android malware published in the Google Play Store. The apps, which posed as secure chat or VPN apps, have since been removed.
- Meta announced the fake accounts and is taking steps to prevent similar operations in the future, including working with law enforcement and improving its detection capabilities.
| |
 The city of Dallas has shut down its online infrastructure after being hit by a ransomware attack. The threat actor behind this attack is unknown at this point. More: - This attack was launched using a ransomware variant called DarkSide, which has been used in several high-profile attacks in recent years.
- The ransomware encrypted the city's systems and demanded a ransom payment in exchange for the decryption key.
- The city of Dallas refused to pay the ransom and instead used its backup data to restore the system.
- This process, however, takes several weeks to complete.
- Officials stated that no personal data was compromised in the attack, but it was still investigating the incident and working to improve its cybersecurity measures.
- The breach affected around 200 devices.
| |
 A message from PUBLIC.COM Lock in a 5% Yield on Your Cash in Less than 30 Seconds Treasury Accounts are officially live on Public, offering a new way to lock in a 5.0% yield on your cash in literally seconds. (That’s significantly higher than a high-yield savings account.) It’s easy to get started. Once you create your Treasury Account, you can move your cash into the safety of US Treasury bills.
As a Public member, you can now instantly invest your cash in 26-week Treasury bills. At the time of your deposit, you lock a fixed rate of return, backed by the full faith and credit of the US government. Public then stores your Treasury bills at The Bank of New York Mellon—the world's largest custodian bank and securities services company.
Once your Treasury bills reach maturity, they are automatically reinvested, so you have one less thing to think about. However, you also have the option to sell your Treasury bills at any time—even before they reach maturity. So, it's the best of both worlds: the high yield of US Treasuries and the flexibility of a savings account. Join Public
| |
The number of cyberattacks that use malicious HTML attachments has doubled since 2022, according to reports. These cyberattacks are also increasingly becoming more unique compared to previous variants. More: - Researchers have observed a significant increase in the use of malicious HTML attachments in email campaigns by cybercriminals.
- The use of HTML attachments has become popular among cybercriminals due to their ability to bypass traditional email security systems that rely on signature-based detection.
- On March 7, there were 672,145 malicious HTML artifacts detected in total, comprising 181,176 different items.
This means that 27% of the detected files were unique, and the rest were repeat or mass deployments of those files. - However, on March 23, 85% of the total 475,938 malicious HTML artifacts were unique, which means that almost every single attack was different.
- HTML attachments often contain obfuscated JavaScript that is used to download and execute malicious code on the victim's system.
- Cybercriminals use various social engineering tactics to lure victims into opening these malicious attachments, including pretending to be from legitimate organizations or offering fake job opportunities.
- To prevent falling victim to these types of attacks, individuals and organizations are advised to be cautious when opening email attachments, keep their antivirus software up to date, and enable multi-factor authentication for their email accounts.
| |
Sourcepass has raised a $65M funding round to expand its cybersecurity services. The company has raised $135M since its inception. More: - Sourcepass is a cybersecurity company that offers 24/7 protection from threat actors. The company offers services such as:
- In-House Security Operations Center,
- Managed SIEM,
- Managed Detection & Response,
- Vulnerability Management,
- and Compliance Platform.
- Metropolitan Partners Grou led the funding round.
- The company aims to use the funding to support the acquisition of Proxios to broaden its client base in the healthcare, legal, and non-profit sectors.
- The company is based in New York.
| |
 A message from VANTA To close and grow major customers, you have to earn trust. But demonstrating your security and compliance can be time-consuming, tedious, and expensive. Until you use Vanta. Trusted by over 5,000 global customers, Vanta: -
Automates up to 90% of compliance for SOC 2, ISO 27001, GDPR, HIPAA, and more, getting you audit-ready in weeks -
Helps your business scale and thrive while reducing the need for countless spreadsheets and endless email threads -
Saves you hundreds of hours of manual work and up to 85% of compliance costs And because Vanta is all about saving you time, here’s a 3-minute video showing you how Vanta’s platform can help you automate compliance, simplify security, and build trust to accelerate business growth. Watch it Here
| |
U.S. Vice President Kamala Harris is set to meet with OpenAI, Google, Microsoft, and Anthropic about the responsible development of artificial intelligence. The meeting will be held on Thursday. More: - According to a White House statement, Harris will address the need for safeguards that can mitigate AI's potential risks and emphasize the importance of ethical and trustworthy innovation.
- Other officials that will participate in the meeting are Gina Raimondo, Jeff Zients, Jake Sullivan, and Arati Prabhakar.
- Representatives from Anthropic have confirmed their participation, while Google, Microsoft, and OpenAI have yet to comment.
Zoom Out: - Geoffrey Hinton, also called the "godfather of AI," left his position at Google partly to share his concerns about the potential threat of AI, according to a report.
- Elon Musk, CEO of Tesla, SpaceX, and Twitter, was one of more than 27,000 people to sign a letter in March that called on AI labs to pause their development for six months.
| |
Russian hackers have been tracked targeting a Ukrainian state agency using a malicious version of the WinRAR archiver. The campaign is a continuation of Russia's year-long efforts to disrupt Ukraine's digital infrastructure. More: - The hackers deployed destructive VBScript code in the self-extracting archive module, which was self-executed on the victim's computer.
- Once executed, the VBScript code launched a series of commands that culminated in the erasure of all files and folders on the victim's hard drive.
- The attack was carried out on March 24, 2023, and targeted the Ukrainian Regional Development Agency, which is responsible for promoting economic development in the country's regions.
- Some of the threat vectors that were used in the campaign include spear-phishing emails and compromised websites.
| |
Quick Hits: - The company behind these surgical robots is planning to list on Nasdaq. Last day to fund your investment is on 5/10.*
- North Korean hacker group is deploying a new malware variant named ReconShark. The variant is breaching targets in the U.S., Europe, and Asia.
- Researchers have tracked three new security flaws in Microsoft's Azure software.
- A new Android subscription malware named Fleckpe has been downloaded over 620,000 times.
- Demo Divvy, get an Ember heated mug. Hot coffee and quick and easy expense management — get both when you demo Divvy.*
*This is sponsored content.
| |
Upcoming events at Inside: - May 08 - Inside.com Town Hall (Register Here)
- May 11 - Testing and monitoring large language models (LLMs) with TruEra (Register Here) *
- May 17 - Monthly Meditation guided by Nicholas Whitaker (Register Here)
- May 17 - Join Vanta's webinar to see Vendor Risk Management in action and learn about automating security reviews. (Register Here) *
*This is a sponsored listing.
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
| |
| |
