From the Skyhigh Studios at Skyhigh Security, I’m Scott Schlee, it’s Wednesday, December 4th, 2024, and these are your cybersecurity headlines.
Microsoft’s AI Tool Privacy Concerns: Microsoft’s AI tool, Recall, has been found capturing sensitive data, including credit card and Social Security numbers, every five seconds. Despite safeguards, this raises significant privacy and security concerns.
North Korean IT Worker Indictments: Fourteen North Koreans have been indicted for posing as IT workers to fund nuclear programs. They infiltrated American and Western IT companies, using sophisticated fake identities and VPNs to mimic legitimate employees. This highlights the geopolitical cyber risks posed by state-sponsored actors.
Mysterious Drone Sightings: Unexplained drone activity in New Jersey and neighboring states has triggered federal investigations into potential security threats. The drones have caused concern among authorities, leading to increased scrutiny and efforts to identify their origin and purpose.
Sanctions on Chinese Hackers: The U.S. has sanctioned Chinese cybersecurity company Sichuan Silence Information Technology for deploying ransomware that posed significant risks to human life. In April 2020, the company used malicious software on over 80,000 firewalls globally, including critical infrastructure, leading to data theft and network disruptions.
Apple Users Urged to Update Devices: Cybersecurity experts are urging Apple users to update their iPhones to iOS 18 to avoid a data-stealing bug capable of bypassing safeguards. Concerns over Apple’s AI program have led to hesitancy in updating, leaving devices vulnerable to attackers who can access sensitive data without user notification.
SEC Cybersecurity Enforcement: The Securities and Exchange Commission (SEC) announced four settled enforcement orders against issuers for materially misleading disclosures following the 2020 SolarWinds cybersecurity incident. These settlements underscore the SEC’s focus on accurate and timely disclosure of cyber incidents.
UK’s Cybersecurity Concerns: Britain is increasingly vulnerable to cyberattacks and complacent about the threats posed by hackers, warns Richard Horne, CEO of the UK’s National Cyber Security Centre (NCSC). Recent cyberattacks have disrupted services at Liverpool hospitals and impacted the grocery and prison transport sectors. The NCSC emphasizes the urgency of closing the gap between threats and cyber-resilience across critical infrastructure and the economy.
Game Freak Data Breach: Game Freak, the developer behind Pokémon, confirmed a security breach that resulted in the leak of employee details and codenames for upcoming 10th generation Pokémon games. The breach also exposed information about the anticipated Nintendo Switch 2 console. This incident is considered one of the largest in gaming history.
Geico and Travelers Fined for Data Breaches: New York State fined auto insurers Geico and Travelers Indemnity a total of $11.3 million due to cybersecurity lapses that led to data breaches affecting 120,000 individuals during the Covid-19 pandemic. The breaches contributed to a larger hacking campaign that exploited personal information for various frauds, including fraudulent unemployment claims.
Krispy Kreme Cyberattack: Krispy Kreme reported an IT systems breach, causing significant impacts on its business operations and a 2% drop in its stock. The cyberattack disrupted online ordering in parts of the U.S., though physical stores remain open. The company is working with cybersecurity experts to investigate and contain the breach.
Please Note: All transcripts are generated using speech recognition software and human transcription, and may contain errors. Please check the corresponding audio before quoting in print.