When it comes to spam, we usually think of a bunch of absolutely irrelevant advertising letters, which antispam engines filter out with no trouble at all. However, this is far from the most unpleasant thing that can fall into your mailbox. Sometimes spam is used to carry out a DDoS attack on corporate email addresses, and the victim gets bombarded with completely legitimate emails that don’t raise any suspicion of a standard antispam engine. Registration confirmations attack In order to perform a mail bomb attack, attackers can exploit the registration mechanisms on the web resources of totall ..read more

Episode 343 of the Transatlantic Cable podcast begins with news that Instagram is testing a tool to help tackle ‘sextortion’, or intimate image abuse. Following that, the team discuss how criminals are increasingly using A.I to defraud consumers out of their money. The last two stories look at X and ransomware. The first story focuses on how X is automatically removing “twitter” from URLs, providing scammers with a real opportunity – finally, the last story looks at how some ransomware gangs are trying their luck at calling the front desk of businesses, to try to leverage payment out of them ..read more

The industrial scale of surveillance of internet users is a topic we keep returning to. Every click on a website, every scroll in a mobile app, and every word you type into a search bar is tracked by dozens of tech companies and advertising firms. And it affects not only phones and computers, but also smart watches, smart TVs and speakers — even cars. As it turns out, these motherlodes of information are used not only by advertisers offering vacuum cleaners or travel insurance. Through various intermediary companies, this data is snapped up by security agencies of all stripes: police, intellig ..read more

Scientific research of hardware vulnerabilities often paints captivating espionage scenarios, and a recent study by researchers from universities in the United States and China is no exception. They found a way to steal data from surveillance cameras by analyzing their stray electromagnetic emissions — aptly naming the attack EM Eye. Reconstructing information from stray emissions Let’s imagine a scenario: a secret room in a hotel with restricted access is hosting confidential negotiations, with the identities of the folks in attendance in this room also deemed sensitive information. There’s a ..read more

Every day, millions of ordinary internet users grant usage of their computers, smartphones, or home routers to complete strangers — whether knowingly or not. They install proxyware — a proxy server that accepts internet requests from these strangers and forwards them via the internet to the target server. Access to such proxyware is typically provided by specialized companies, which we’ll refer to as residential proxy providers (RPPs) in this article. While some businesses utilize RPP services for legitimate purposes, more often their presence on work computers indicates illicit activity. RPPs ..read more

We’ve decided to revise our portfolio and make it as seamless and customer-friendly as possible. This post explains what exactly we’re changing and why. The evolution of protection As the threat landscape constantly changes — so do corporate security needs in response. Just a decade ago, the only tool required to protect a company against most cyberattacks was an endpoint protection platform (EPP). Since then, attackers’ methods have grown ever more sophisticated — to the point where simply scanning workstations and servers is no longer sufficient to detect malicious activity. Modern cyberatta ..read more

Over the past 18 months or so, we seem to have lost the ability to trust our eyes. Photoshop fakes are nothing new, of course, but the advent of generative artificial intelligence (AI) has taken fakery to a whole new level. Perhaps the first viral AI fake was the 2023 image of the Pope in a white designer puffer jacket, but since then the number of high-quality eye deceivers has skyrocketed into the many thousands. And as AI develops further, we can expect more and more convincing fake videos in the very near future. One of the first deepfakes to go viral worldwide: the Pope sporting a trendy ..read more

Peeking into someone’s personal diaries or notebooks has always been seen as an invasion of privacy. And since to-do lists and diaries went digital, it’s not just nosy friends you have to worry about — tech companies are in on the action too. They used to pry into your documents to target you with ads, but now there’s a new game in town: using your data to train AI. Just in the past few weeks, we learned that Reddit, Tumblr, and even DocuSign are using or selling texts generated by their users to train large language models. And in light of recent years’ large-scale ransomware incidents, hacki ..read more

A ..read more

A ..read more