Welcome to the Groundhog Day edition of Tuesday Newsday™. This week's edition is Groundhog Day-themed because the cybersecurity space often emulates the Bill Murray classic film. It seems that certain companies and IT departments fail to learn the lessons repeated by predecessors, and the same type of nonsense happens over and over again. Let's get right into it with one of the more audacious deepfake scams you'll ever hear.
This already wins the award for scam of the year and we've only just begun February. Using recordings of past video chats, the hackers were able to create a credible deepfake of the CFO. The hackers then hopped into a company meeting with their deepfake CFO and were able to successfully swindle several transfers of funds to external bank accounts. This type of scheme was relatively unheard of as little as 18 months ago and its brazen nature has brought serious concerns to the surface about the future of AI.
Vulnerabilities in the Spoutible API led to the exposure of over 204,000 emails, phone numbers, and usernames on the platform. Hackers could also theoretically leverage the vulnerability to access hashed versions of users' passwords. In the case that the passwords are short or weak, it's a relatively trivial challenge to decipher. So remember folks: use unique passwords per website, and make sure they're strong!
It started with the data brokers. Now it's on to the incompetent. The Guilty Party? Blackbaud, a cloud computing firm working in multiple sectors, including "non-profit," healthcare, religious organizations, and more. The charges: being bad at cybersecurity. After a May 2020 hack revealed atrocious security and absolutely reckless data retention practices, the FTC filed complaints against Blackbaud, arguing that they failed along multiple points to keep customer data safe and secure.
TL;DR
- Deepfakes are getting really, really good. Like scary good.
- Spoutible API vulnerability leaves a treasure trove of data exposed
- SaaS companies continue to be bad at cybersecurity. The FTC has taken notice
Keeping in theme with 2024, we have a balanced variety of the good, the bad, and the dumb. One can only hope the internet chefs mess up their food planning and overorder the goods, however, we should prepare for the eventuality of more of the same.
The best way to avoid long-term headaches caused by the bad and the dumb things in life is a comprehensive privacy strategy. Windscribe is here to take on the task of safeguarding your online data. Enjoy worry-free browsing while we handle the protection of your digital life.